Updating certificates in /etc/ssl/certs...
rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
1 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d...
Adding debian:root.pem
done.
done.
when I visit my domain at buynow.localhost the certificate is still untrusted. can anyone help what should I do?
I tried firefox and chrome. none of those works. I don’t think I need to install it for the browser cause I used mkcert before and it works the way caddy works. mkcert worked for me (I think caddy will work if I don’t use docker)
You do need to install the root cert for your browser/client to trust Caddy.
The problem is that when you run Caddy in Docker, then Caddy is isolated from the host machine, so it’s not able to automate installation of the root cert to your system and browser trust stores.
So you’ll need to install it yourself manually, if using Docker. You’ll only need to do this once (as long as you don’t wipe out Caddy’s storage).
You can find the root cert in /data/caddy/pki/authorities/local/root.crt
Chrome and Firefox now have their own trust stores, and they ignore the system’s trust store in many cases. So you might need to install it in your browser’s trust store as well. The instructions depend on your browser – use Google to find instructions for that
Try making a request with curl -v https://buynow.localhost and see if that works. Curl will use your system’s trust store (usually).