1. Caddy version (caddy version):
2.5.0
2. How I run Caddy:
a. System environment:
Docker
b. Command:
caddy run -watch -config /etc/caddy/Caddyfile
c. Service/unit/compose file:
edge:
image: caddy:2.5.0
command: caddy run -resume -config /etc/caddy/Caddyfile
networks:
- backend
ports:
- 80:80
- 443:443
volumes:
- caddy_data:/etc/caddy/caddy
- ~/certs:/etc/caddy/certs
environment:
XDG_CONFIG_HOME: /etc/caddy
d. My complete Caddyfile or JSON config:
{
auto_https off
servers {
timeouts {
read_body 60s
read_header 60s
}
}
}
(common) {
log
header -Server
}
http://api.guoard.ir {
import common
redir https://{host}{uri} permanent
}
https://api.guoard.ir {
import common
tls /etc/caddy/certs/guoard.ir.crt /etc/caddy/certs/guoard.key
api:3000
}
certificates are for *.guoard.ir
3. The problem I’m having:
When I use Mkcert in local everything is fine but when I use Letsencrypt to issue certificates it get couple of issues:
- My
cert
file is like this:
-----BEGIN CERTIFICATE-----
BASE64 STRING
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
BASE64 STRING
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
BASE64 STRING
-----END CERTIFICATE-----
but caddy give me this error:
{"level":"error","ts":1651740472.2255423,"logger":"admin.api","msg":"request error","error":"loading config: loading new config: loading http app module: provision http: getting tls app: loading tls app module: provision tls: loading certificates: tls: failed to find PEM block with type ending in \"PRIVATE KEY\" in key input after skipping PEM blocks of the following types: [CERTIFICATE CERTIFICATE CERTIFICATE]","status_code":400}
- When I reduce the certificate to 1 section (just for the test), I get another error for key.
content of key file:
-----BEGIN EC PRIVATE KEY-----
BASE64 STRING
-----END EC PRIVATE KEY-----
caddy give me this error:
{"level":"error","ts":1651901534.5980713,"logger":"admin.api","msg":"request error","error":"loading config: loading new config: loading http app module: provision http: getting tls app: loading tls app module: provision tls: loading certificates: tls: found a certificate rather than a key in the PEM for the private key","status_code":400}
5. What I already tried:
I tried to change tls to this:
tls /etc/caddy/certs/guoard.ir.crt /etc/caddy/certs/guoard.key {
key_type ed25519
}
It seem caddy can not handle full chain of certificates and does not support this type of key encryption or my configs are wrong.