Self signed certificate trusted with OSX but not with Ubuntu

1. Caddy version (2.0.0):

2. How I run Caddy:

a. System environment:

macOS Mojave 10.14.6 and Ubuntu 20.04 LTS in Virtualbox

b. Command:

caddy run

c. My complete Caddyfile or JSON config:

On both cases :


respond "Hello, privacy!"

3. The problem I’m having:

I’m just trying to access localhost domain on both machines and I don’t want to see an untrusted certificate in Firefox or Chrome.

It works perfectly on OSX but not with Ubuntu.

4. Error messages and/or full log output:

2020/05/07 20:44:52.447	INFO	using provided configuration	{"config_file": "Caddyfile", "config_adapter": ""}
2020/05/07 20:44:52.449	INFO	admin	admin endpoint started	{"address": "tcp/localhost:2019", "enforce_origin": false, "origins": ["localhost:2019", "[::1]:2019", ""]}
2020/05/07 20:44:52.449	INFO	http	server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS	{"server_name": "srv0", "https_port": 443}
2020/05/07 20:44:52.449	INFO	http	enabling automatic HTTP->HTTPS redirects	{"server_name": "srv0"}
2020/05/07 22:44:52 [INFO][cache:0xc000691bd0] Started certificate maintenance routine
2020/05/07 20:44:52.459	INFO	tls	setting internal issuer for automation policy that has only internal subjects but no issuer configured	{"subjects": ["localhost"]}
2020/05/07 20:44:52.522	INFO	root certificate is already trusted by system	{"path": "storage:pki/authorities/local/root.crt"}
2020/05/07 20:44:52.522	INFO	http	enabling automatic TLS certificate management	{"domains": ["localhost"]}
2020/05/07 22:44:52 [WARNING] Stapling OCSP: no OCSP stapling for [localhost]: no OCSP server specified in certificate
2020/05/07 20:44:52.523	INFO	tls	cleaned up storage units
2020/05/07 20:44:52.523	INFO	autosaved config	{"file": "/root/.config/caddy/autosave.json"}
2020/05/07 20:44:52.523	INFO	serving initial configuration

It looks like you’re running Caddy in a Ubuntu VM. Caddy can install its root into your VM’s trust store, but doesn’t affect your host machine’s trust store, obviously. So you’ll need to manually install the cert into your host machine’s trust store if you want to use a browser on your Mac that accesses a Caddy on Ubuntu. It’s the same as if it is a remote server, since it’s in a VM.

Installing a root cert into your Mac’s trust store means opening Caddy’s root CA file with the Keychain Access app. You can find it in your Ubuntu VM’s Caddy data directory.

Thanks for the explanation!

Maybe what I really want wasn’t clear but I don’t want to access the Caddy process on my Ubuntu VM from my Mac. When I run Caddy inside my VM and use Firefox (the one inside my VM) I’ve got the certificate error.

On the other hand, I have installed Caddy on my Mac to see if I’ve got the same error, but it is not the case.

FWIW, Firefox has its own certificate trust store. I don’t know that it’s 100% germane to your issue, but I’ve definitely run into the problem when serving up custom certs in a local dev environment. So even if your system trusts it, you still have to do the ‘ignore the warning’ dialog in Firefox as well.

1 Like

Yes, I have heard about it… so I’ve try with Chromium and my issue is still here.

Have you tried running caddy trust? I had to do that for my Ubuntu install before it would connect properly.

Yes always the same.

Not sure why it didn’t install into Firefox for you without the original logs, but since it’s trusted by your system Caddy won’t try to install it again. You might just have to install it into your Firefox trust store manually.

1 Like

It works when I install the certificate manually into Firefox trust store… that’s odd because it works well in macOS.
Thanks for the help and for your project!

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.