1. Caddy version (caddy version
):
v2.2.0 h1:sMUFqTbVIRlmA8NkFnNt9l7s0e+0gw+7GPIrhty905A=
2. How I run Caddy:
a. System environment:
CentOS 8 LXC container running on Proxmox.
b. Command:
caddy run --config /etc/caddy/Caddyfile
c. Service/unit/compose file:
-
d. My complete Caddyfile or JSON config:
{
debug
http_port 80
https_port 443
# auto_https disable_redirects
acme_ca https://localhost/acme/local/directory
email domain@domain.io
}
localhost {
acme_server
}
http://internal.domain.io {
redir http://www.internal.domain.io{uri}
}
https://internal.domain.io {
redir https://www.internal.domain.io{uri}
}
http://www.internal.domain.io, https://www.internal.domain.io {
root * /var/www
file_server
}
https://srv-web-caddy-01.internal.domain.io {
root * /var/www
file_server
}
git.internal.domain.io {
reverse_proxy http://srv-dev-gogs-01.internal.domain.io:3000
}
str-nas-01.internal.domain.io {
reverse_proxy https://nas.internal.domain.io:5001
}
3. The problem I’m having:
I am using the embedded smallstep ACME server. My above config is working: when I add new sites to the Caddyfile, the will receive an automatic certificate from the https://localhost/acme/local/directory
server. But Caddy is generating the root and intermediate certificates used itself. How can I configure my own, since I already have an internal root and intermediate CA?
4. Error messages and/or full log output:
N/A
5. What I already tried:
Lots of google-fu with no clear answers. What I have NOT tried is manually replacing the root and intermedia certs with my certs, since I am assuming this is not the correct way. There must be a cleaner way.