1. Caddy version (caddy version
):
v2.0.0 h1:pQSaIJGFluFvu8KDGDODV8u4/QRED/OPyIR+MWYYse8=
2. How I run Caddy:
a. System environment:
Linux rpi 5.4.35-1-ARCH #1 SMP PREEMPT Sun May 3 21:53:49 UTC 2020 armv7l GNU/Linux
Running standalone, no internet access. Trying and configuring caddy as regular user with executable, config and certs at $HOME/caddyserver/
.
b. Command:
./caddy run --config test.json
d. My complete Caddyfile or JSON config:
{
"apps": {
"http": {
"servers": {
"srv0": {
"automatic_https": { "disable_redirects": true },
"listen": [ "127.0.0.1:8080" ],
"routes": [
{
"handle": [
{
"encodings": { "gzip": {} },
"handler": "encode"
},
{
"handler": "file_server",
"hide": [ "Caddyfile" ]
}
]
}
],
"tls_connection_policies": [
{
"certificate_selection": {
"any_tag": [ "cert0" ]
},
"client_authentication": {
"trusted_ca_certs": [ "/home/user/caddyserver/ca.crt" ]
}
}
],
"logs": { "default_logger_name": "log0" }
}
}
},
"tls": {
"certificates": {
"load_files": [
{
"certificate": "/home/user/caddyserver/selfsigned.crt",
"key": "/home/user/caddyserver/selfsigned.key",
"tags": [ "cert0" ]
}
]
},
"automation": {
"policies": [
{
"issuer": {
"challenges": { "bind_host": "127.0.0.1" },
"module": "acme"
}
}
]
}
}
},
"admin": { "disabled": true },
"logging": {
"logs": {
"default": {
"exclude": [ "http.log.access.log0" ]
},
"log0": {
"level": "DEBUG",
"writer": { "output": "stdout" },
"encoder": { "format": "console" },
"include": [ "http.log.access.log0" ]
}
}
}
}
3. The problem I’m having:
Unable to get client_authentication
working for Caddy v2.
I’ve generated CA root cert (openssl req -new -x509 -days 3650 -key ca.key -out ca.crt
) from RSA 4096 key and included path to ca.crt
in JSON Config (tls_connection_policies/client_authentication/trusted_ca_certs
). However caddy fails to run and throws an error.
4. Error messages and/or full log output:
[INFO][cache:0x3b8e000] Stopped certificate maintenance routine
run: loading initial config: loading new config: loading http app module: provision http: server srv0: setting up TLS connection policies: connection policy 0: building standard TLS config: configuring TLS client authentication: parsing certificate: illegal base64 data at input byte 24
5. What I already tried:
Spent significant time searching for mistakes, looked at this forum and other places online, tested many different certificate formats and initial root key types. Strangely even if I provide incorrect path (to a non existing file i.e. “trusted_ca_certs”: ["/var/tmp/foobar.crt"]) - I get similar error except different input byte number.
Same ca.crt works as expected with Caddy v1 (in Caddyfile tls { clients ... }
) therefore either v2 requires something different or could there be some bug…?
Any ideas appreciated. Thank you!