macOS Mojave 10.14.6 and Ubuntu 20.04 LTS in Virtualbox
b. Command:
caddy run
c. My complete Caddyfile or JSON config:
On both cases :
localhost
respond "Hello, privacy!"
3. The problem I’m having:
I’m just trying to access localhost domain on both machines and I don’t want to see an untrusted certificate in Firefox or Chrome.
It works perfectly on OSX but not with Ubuntu.
4. Error messages and/or full log output:
2020/05/07 20:44:52.447 INFO using provided configuration {"config_file": "Caddyfile", "config_adapter": ""}
2020/05/07 20:44:52.449 INFO admin admin endpoint started {"address": "tcp/localhost:2019", "enforce_origin": false, "origins": ["localhost:2019", "[::1]:2019", "127.0.0.1:2019"]}
2020/05/07 20:44:52.449 INFO http server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS {"server_name": "srv0", "https_port": 443}
2020/05/07 20:44:52.449 INFO http enabling automatic HTTP->HTTPS redirects {"server_name": "srv0"}
2020/05/07 22:44:52 [INFO][cache:0xc000691bd0] Started certificate maintenance routine
2020/05/07 20:44:52.459 INFO tls setting internal issuer for automation policy that has only internal subjects but no issuer configured {"subjects": ["localhost"]}
2020/05/07 20:44:52.522 INFO pki.ca.local root certificate is already trusted by system {"path": "storage:pki/authorities/local/root.crt"}
2020/05/07 20:44:52.522 INFO http enabling automatic TLS certificate management {"domains": ["localhost"]}
2020/05/07 22:44:52 [WARNING] Stapling OCSP: no OCSP stapling for [localhost]: no OCSP server specified in certificate
2020/05/07 20:44:52.523 INFO tls cleaned up storage units
2020/05/07 20:44:52.523 INFO autosaved config {"file": "/root/.config/caddy/autosave.json"}
2020/05/07 20:44:52.523 INFO serving initial configuration
It looks like you’re running Caddy in a Ubuntu VM. Caddy can install its root into your VM’s trust store, but doesn’t affect your host machine’s trust store, obviously. So you’ll need to manually install the cert into your host machine’s trust store if you want to use a browser on your Mac that accesses a Caddy on Ubuntu. It’s the same as if it is a remote server, since it’s in a VM.
Installing a root cert into your Mac’s trust store means opening Caddy’s root CA file with the Keychain Access app. You can find it in your Ubuntu VM’s Caddy data directory.
Maybe what I really want wasn’t clear but I don’t want to access the Caddy process on my Ubuntu VM from my Mac. When I run Caddy inside my VM and use Firefox (the one inside my VM) I’ve got the certificate error.
On the other hand, I have installed Caddy on my Mac to see if I’ve got the same error, but it is not the case.
FWIW, Firefox has its own certificate trust store. I don’t know that it’s 100% germane to your issue, but I’ve definitely run into the problem when serving up custom certs in a local dev environment. So even if your system trusts it, you still have to do the ‘ignore the warning’ dialog in Firefox as well.
Not sure why it didn’t install into Firefox for you without the original logs, but since it’s trusted by your system Caddy won’t try to install it again. You might just have to install it into your Firefox trust store manually.
It works when I install the certificate manually into Firefox trust store… that’s odd because it works well in macOS.
Thanks for the help and for your project!
