I think this is a really stupid question, but I can’t quite figure it out from the docs - I really hope the answer to this is a RTFM pointing me to the right bit of the docs.
1. Caddy version (caddy version
):
v2.3.0 h1:fnrqJLa3G5vfxcxmOH/+kJOcunPLhSBnjgIvjXV/QTA=
2. How I run Caddy:
a. System environment:
mac os
b. Command:
caddy run
c. Service/unit/compose file:
Don’t think this is relevant but maybe I’m wrong
d. My complete Caddyfile or JSON config:
{
local_certs
}
ghost.eris
reverse_proxy localhost:2368
3. The problem I’m having:
I’m using Caddy just for local development and I would like to tell Caddy to always use local TLS for a particular TLD. Traditionally peopled used .local or .dev but those are both bad ideas now as bonjour on mac uses .local and chrome uses .dev, so I am trying to setup my own .eris purely for local dev.
I have the above Caddyfile that works for one domain, but I have to manually set local_certs
otherwise it errors. I either want Caddy to know .eris is local, or just to use local by default always as I’m running on my local box.
4. Error messages and/or full log output:
Here’s the logs if I don’t set local_certs, which obviously doesn’t work
2021/04/07 14:17:24.735 INFO using adjacent Caddyfile
2021/04/07 14:17:24.737 INFO admin admin endpoint started {"address": "tcp/localhost:2019", "enforce_origin": false, "origins": ["localhost:2019", "[::1]:2019", "127.0.0.1:2019"]}
2021/04/07 14:17:24.737 INFO tls.cache.maintenance started background certificate maintenance {"cache": "0xc0003a4000"}
2021/04/07 14:17:24.738 INFO http server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS {"server_name": "srv0", "https_port": 443}
2021/04/07 14:17:24.738 INFO http enabling automatic HTTP->HTTPS redirects {"server_name": "srv0"}
2021/04/07 14:17:24.738 INFO http enabling automatic TLS certificate management {"domains": ["ghost.eris"]}
2021/04/07 14:17:24.738 INFO autosaved config {"file": "/Users/hannah/Library/Application Support/Caddy/autosave.json"}
2021/04/07 14:17:24.738 INFO serving initial configuration
2021/04/07 14:17:24.738 INFO tls cleaned up storage units
2021/04/07 14:17:24.739 INFO tls.obtain acquiring lock {"identifier": "ghost.eris"}
2021/04/07 14:17:24.739 INFO tls.obtain lock acquired {"identifier": "ghost.eris"}
2021/04/07 14:17:24.750 INFO tls.issuance.acme waiting on internal rate limiter {"identifiers": ["ghost.eris"]}
2021/04/07 14:17:24.750 INFO tls.issuance.acme done waiting on internal rate limiter {"identifiers": ["ghost.eris"]}
2021/04/07 14:17:25.744 INFO tls.issuance.acme waiting on internal rate limiter {"identifiers": ["ghost.eris"]}
2021/04/07 14:17:25.744 INFO tls.issuance.acme done waiting on internal rate limiter {"identifiers": ["ghost.eris"]}
2021/04/07 14:17:27.355 ERROR tls.obtain will retry {"error": "[ghost.eris] Obtain: [ghost.eris] creating new order: request to https://acme.zerossl.com/v2/DV90/newOrder failed after 1 attempts: HTTP 400 urn:ietf:params:acme:error:rejectedIdentifier - Invalid DNS identifier [ghost.eris] (ca=https://acme.zerossl.com/v2/DV90)", "attempt": 1, "retrying_in": 60, "elapsed": 2.616209947, "max_duration": 2592000}
2021/04/07 14:18:29.162 ERROR tls.obtain will retry {"error": "[ghost.eris] Obtain: [ghost.eris] creating new order: request to https://acme.zerossl.com/v2/DV90/newOrder failed after 1 attempts: HTTP 400 urn:ietf:params:acme:error:rejectedIdentifier - Invalid DNS identifier [ghost.eris] (ca=https://acme.zerossl.com/v2/DV90)", "attempt": 2, "retrying_in": 120, "elapsed": 64.42429126, "max_duration": 2592000}
^C2021/04/07 14:18:42.567 INFO shutting down {"signal": "SIGINT"}
2021/04/07 14:18:43.572 INFO tls.cache.maintenance stopped background certificate maintenance {"cache": "0xc0003a4000"}
2021/04/07 14:18:43.572 INFO tls.obtain releasing lock {"identifier": "ghost.eris"}
2021/04/07 14:18:43.572 ERROR tls job failed {"error": "ghost.eris: obtaining certificate: context canceled"}
2021/04/07 14:18:44.074 INFO admin stopped previous server
2021/04/07 14:18:44.074 INFO shutdown done {"signal": "SIGINT"}
5. What I already tried:
I have read the docs about local TLS and Caddy JSON but I’m struggling to understand how I can set this at a system level.
6. Links to relevant resources:
Hopefully you can link me to what I’m missing