Unrecognized global option: preferred_chains

wordlesswind · July 6, 2021, 12:10pm

Hello there,

I added preferred_chains to the global options according to the documentation, but I was told that the parameter was not recognized.

preferred_chains smallest

Has this option been removed?

And, I want to know whether Caddy supports applying for ECDSA and RSA certificates from Let’s Encrypt at the same time?
The requirements are similar to Multiple certificate support (e.g. ECDSA & RSA) · Issue #1575 · caddyserver/caddy · GitHub
But the difference is that I want to apply for ECDSA and RSA certificates directly from Let’s Encrypt or ZeroSSL instead of manually specifying them.
This is not very important, but I want to increase the compatibility of the website as much as possible.

Thanks!

Best Regards,
Gentry

francislavoie · July 6, 2021, 12:29pm

Please fill out the help topic template. What version are you using? Make sure you’re using the latest. Caddyfile support for the feature first landed in v2.4.2.

wordlesswind · July 6, 2021, 12:51pm

I’m sorry, I’m using Docker Compose.

I checked the container, its version is 2.4.1, but I have already done a build yesterday.

I just tried to rebuild, but it uses cache.

Dockerfile:

FROM caddy:builder-alpine AS builder

RUN xcaddy build \
    --with github.com/caddy-dns/cloudflare \
    --with github.com/porech/caddy-maxmind-geolocation

FROM caddy:alpine

COPY --from=builder /usr/bin/caddy /usr/bin/caddy

docker-compose.yml:

version: "3.9"

services:
    proxy:
        build: ./dir
        volumes:
            - ./data:/data
            - ./config:/config
            - ./caddy/Caddyfile:/etc/caddy/Caddyfile
        restart: unless-stopped
        expose:
            - "2019"
        ports:
            - "80:80"
            - "443:443"
            - "443:443/udp"

Command:

docker-compose up -d --build

Shell:

docker-compose up -d --build
Creating network "docker_default" with the default driver
Building proxy
Sending build context to Docker daemon  2.048kB
Step 1/4 : FROM caddy:builder-alpine AS builder
 ---> 357afcbcbb21
Step 2/4 : RUN xcaddy build     --with github.com/caddy-dns/cloudflare     --with github.com/porech/caddy-maxmind-geolocation
 ---> Using cache
 ---> 75f66cd4b09d
Step 3/4 : FROM caddy:alpine
 ---> b59636b13884
Step 4/4 : COPY --from=builder /usr/bin/caddy /usr/bin/caddy
 ---> Using cache
 ---> c3defb55e518
Successfully built c3defb55e518
Successfully tagged docker_proxy:latest
Creating docker_proxy_1 ... done

wordlesswind · July 6, 2021, 12:58pm

This seems to be caused by not knowing why it kept a container that stopped running five weeks ago.
I have deleted it and can now build normally.

Thank you for your help!

And, I want to know whether Caddy supports applying for ECDSA and RSA certificates from Let’s Encrypt at the same time?

francislavoie · July 6, 2021, 1:06pm

If you mean “will Caddy manage two certificates for the same domain with different key types at the same time”, the answer is no, not at this time.

/cc @matt I think you implemented the core functionality for that in caddytls: Refactor certificate selection policies (close #1575) · caddyserver/caddy@6ca5828 · GitHub but I don’t think that’s ever bubbled up to automated cert management (I think), or support in the Caddyfile via specifying multiple key pairs for a single site. Is this something you care to add at some point?

matt · July 8, 2021, 5:21am

I imagine RSA certificates will eventually be phased out by ECC. I’m not sure there’s much lasting value in supporting both (and the complexity there in automating that is not trivial).

I could be wrong. But I’d rather have a simpler code base than try to implement even more code related to that.

system · August 5, 2021, 12:10pm

This topic was automatically closed after 30 days. New replies are no longer allowed.