Local cert is invalid

Nathan_Newman · February 26, 2024, 9:41pm

1. The problem I’m having:

I am trying to get caddy to work as a reverse proxy and use local certs for accessing the websites. The reverse proxy is set up and working, but my browser and curl is stating that the SSL/TLS is not secure.

2. Error messages and/or full log output:

my curl command is: curl https://nathan.wiki.local
My output from that is:

curl : The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.
At line:1 char:1

curl https://nathan.wiki.local

  + CategoryInfo          : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-WebRequest], WebExc
 eption
  + FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeWebRequestCommand

3. Caddy version:

Caddy version 2.7.6 on a raspberry pi

4. How I installed and ran Caddy:

apt install caddy

a. System environment:

Ubuntu 22.04.2 on a raspberry pi 4

d. My complete Caddy config:

nathan.bitwarden.local {
reverse_proxy http://192.168.50.182:5080
}

nathan.wiki.local {
tls internal
reverse_proxy http://192.168.50.182:7080
}

:80 {
respond “No service defined”
}

I have read online in other posts, that I might need to install the root certificate on my other machines to trust it. I have looked, but I can’t find the root certificate anywhere.

francislavoie · February 27, 2024, 7:19am

Since you installed Caddy using a package manager and are running Caddy as a systemd service, it’s running as the caddy user, whose HOME is /var/lib/caddy. So the root cert is in Caddy’s storage at /var/lib/caddy/.local/share/caddy/pki/authorities/local

You’ll need to copy and install the root cert to whatever machines/browsers need to trust connections to Caddy.

system · March 28, 2024, 7:19am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.