SSL for IP? ZeroSSL provides that

1. Output of caddy version:

v2.6.2 h1:wKoFIxpmOJLGl3QXoo6PNbYvGW4xLEgo32GPBEjWL8o=

2. How I run Caddy:

a. System environment: Docker

b. Command:

I run with docker-compose.

c. Service/unit/compose file:

version: '3'

  image: caddy:alpine
  hostname: caddy
  container_name: caddy
   - 80:80
   - 443:443
   - ./Caddyfile:/etc/caddy/Caddyfile

d. My complete Caddy config: {
        root * /usr/share/caddy

3. The problem I’m having:

It generates certificate for my IP Address, but it’s only valid for one day:

Subject Alternative Names: IP Address:
Valid From: November 28, 2022
Valid To: November 28, 2022

I checked the issued certificate in /data from Certificate Decoder - Decode certificates to view their contents.

4. Error messages and/or full log output:

{"level":"info","ts":1669661966.5556698,"logger":"http","msg":"enabling automatic TLS certificate management","domains":[""]}
{"level":"info","ts":1669661966.5573916,"logger":"tls.obtain","msg":"acquiring lock","identifier":""}
{"level":"info","ts":1669661966.5604575,"logger":"tls.obtain","msg":"lock acquired","identifier":""}
{"level":"info","ts":1669661966.5610628,"logger":"tls.obtain","msg":"obtaining certificate","identifier":""}
{"level":"info","ts":1669661966.5824776,"msg":"autosaved config (load with --resume flag)","file":"/config/caddy/autosave.json"}
{"level":"info","ts":1669661966.5829363,"msg":"serving initial configuration"}
{"level":"info","ts":1669661966.5917335,"logger":"tls.obtain","msg":"certificate obtained successfully","identifier":""}
{"level":"info","ts":1669661966.5918114,"logger":"tls.obtain","msg":"releasing lock","identifier":""}
{"level":"warn","ts":1669661966.592534,"logger":"tls","msg":"stapling OCSP","error":"no OCSP stapling for []: no OCSP server specified in certificate","identifiers":[""]}

5. What I already tried:

I tried using zerossl-bot but no luck.

6. Links to relevant resources:

See this issue:

Essentially, it seems like they support IP certs via their REST API, but not via the ACME protocol.

Currently Caddy is set up to always generate certs using its internal issuer for IP certs, i.e. using its own CA (self-signed, ish) because none of the ACME issuers actually seem to support IP certs.


I am trying both via REST API and Caddyfile.
This is my new Caddyfile:

        http_port 80
        https_port 443
#    acme_ca # it thows error acme_ca is unknown directive
    acme_eab {
        key_id  KEY_ID
        mac_key MAC_KEY
    } {
        root * /usr/share/caddy

This is docker logs caddy:

{"level":"info","ts":1669720185.4050546,"logger":"http.log","msg":"server running","name":"srv0","protocols":["h1","h2","h3"]}
{"level":"info","ts":1669720185.4062505,"logger":"http.log","msg":"server running","name":"remaining_auto_https_redirects","protocols":["h1","h2","h3"]}
{"level":"info","ts":1669720185.406399,"logger":"http","msg":"enabling automatic TLS certificate management","domains":[""]}
{"level":"warn","ts":1669720185.4103563,"logger":"tls","msg":"stapling OCSP","error":"no OCSP stapling for []: no OCSP server specified in certificate","identifiers":[""]}
{"level":"info","ts":1669720185.4110456,"msg":"autosaved config (load with --resume flag)","file":"/config/caddy/autosave.json"}
{"level":"info","ts":1669720185.411852,"msg":"serving initial configuration"}

Regarding REST API, I am trying to use curl but I do not find any examples.
I tried something myself, but it does not work.
Do you have any example for the REST API?

I don’t. It’s not a pattern supported by Caddy itself. You’ll need to reach out to ZeroSSL for help.

Like I said, Caddy always uses its internal issuer for sites using an IP address. It completely ignores your ACME config.

This topic was automatically closed after 30 days. New replies are no longer allowed.