Run caddy as window service cause https error

Help
1

1. The problem I’m having:

I’m trying to running caddy as window service has installed by NSSM and meet error connect the https link provide by caddy

2. Error messages and/or full log output:

Here is my full log
2025/01/03 10:19:34.260 info admin admin endpoint started {“address”: “localhost:2019”, “enforce_origin”: false, “origins”: [“//localhost:2019”, “//[::1]:2019”, “//127.0.0.1:2019”]}
2025/01/03 10:19:34.260 info tls.cache.maintenance started background certificate maintenance {“cache”: “0xc00010e680”}
2025/01/03 10:19:34.261 info http.auto_https server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS {“server_name”: “srv0”, “https_port”: 8081}
2025/01/03 10:19:34.261 info http.auto_https enabling automatic HTTP->HTTPS redirects {“server_name”: “srv0”}
2025/01/03 10:19:34.261 info http enabling HTTP/3 listener {“addr”: “:8081”}
2025/01/03 10:19:34.261 info http.log server running {“name”: “srv0”, “protocols”: [“h1”, “h2”, “h3”]}
2025/01/03 10:19:34.261 info http.log server running {“name”: “srv1”, “protocols”: [“h1”, “h2”, “h3”]}
2025/01/03 10:19:34.261 info http.log server running {“name”: “remaining_auto_https_redirects”, “protocols”: [“h1”, “h2”, “h3”]}
2025/01/03 10:19:34.261 info http enabling automatic TLS certificate management {“domains”: [“10.30.177.235”]}
2025/01/03 10:19:34.261 warn tls stapling OCSP {“error”: “no OCSP stapling for [10.30.177.235]: no OCSP server specified in certificate”, “identifiers”: [“10.30.177.235”]}
2025/01/03 10:19:43.570 warn pki.ca.local installing root certificate (you might be prompted for password) {“path”: “storage:pki/authorities/local/root.crt”}
2025/01/03 10:19:43.572 error pki.ca.local failed to install root certificate {“error”: “add cert failed: Failed adding cert: The request is not supported.”, “certificate_file”: “storage:pki/authorities/local/root.crt”}
2025/01/03 10:19:43.573 info autosaved config (load with --resume flag) {“file”: “C:\Windows\system32\config\systemprofile\AppData\Roaming\Caddy\autosave.json”}
2025/01/03 10:19:43.573 info serving initial configuration
2025/01/03 10:19:43.579 warn tls storage cleaning happened too recently; skipping for now {“storage”: “FileStorage:C:\Windows\system32\config\systemprofile\AppData\Roaming\Caddy”, “instance”: “839ef7aa-b29b-41e5-9532-f6d593b7d217”, “try_again”: “2025/01/04 10:19:43.579”, “try_again_in”: 86400}
2025/01/03 10:19:43.579 info tls finished cleaning storage units

3. Caddy version:

v2.7.6 h1:w0NymbG2m9PcvKWsrXO6EEkY9Ru4FJK8uQbYcev1p3A=

4. How I installed and ran Caddy:

a. System environment:

Windows Server 2022 Standard

b. Command:

caddy run --config Caddyfile

c. Service/unit/compose file:

d. My complete Caddy config:

{
# Global options
http_port 3443
https_port 8081

log {
    output file C:/Dev/TaiDH/Caddy/caddy.log {
        roll_size 10mb
        roll_keep 5
        roll_keep_for 48h
    }
    level info
}

}

Site-specific configurations

10.30.177.235:8081 {
reverse_proxy {
to 10.30.177.95:3000 10.30.177.195:3000
lb_policy round_robin
health_uri “”
health_interval 10s
health_timeout 2s
fail_duration 30s
}
tls internal
}

:9200 {
reverse_proxy {
to 10.30.177.95:9200 10.30.177.195:9200
lb_policy round_robin
health_uri “/_cluster/health”
health_interval 10s
health_timeout 2s
fail_duration 30s
}
}

5. Links to relevant resources:

None

2

I found that Caddy will create new root certificate for each user and that causing a problem when running caddy at cmd vs window service. How can config caddyfile to install root certificate for local machine ?

3

Use skip_install_trust in the global options section