Untrusted certificate

Hi, I’m trying to use Caddy for local development.
I’m using caddy in my docker-compose with the below config:

    image: caddy:alpine
      - './docker/Caddyfile:/etc/caddy/Caddyfile'
      - './.caddy/data:/data'
      - './.caddy/config:/config'
      - '80:80'
      - '443:443'
      - '443:443/udp'

and my Caddyfile content is like the below:

buynow.localhost {
  reverse_proxy http://buynow:3000

I tried to install the root.crt to my trusted certificate store in ubuntu.

sudo cp root.crt /usr/local/share/ca-certificates
sudo update-ca-certificates

and I give the below log:

Updating certificates in /etc/ssl/certs...
rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
1 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d...

Adding debian:root.pem

when I visit my domain at buynow.localhost the certificate is still untrusted. can anyone help what should I do?

What browser do you use to visit buynow.localhost ? Probably you should install root.crt in your browser.

1 Like

I tried firefox and chrome. none of those works. I don’t think I need to install it for the browser cause I used mkcert before and it works the way caddy works. mkcert worked for me (I think caddy will work if I don’t use docker)

You do need to install the root cert for your browser/client to trust Caddy.

The problem is that when you run Caddy in Docker, then Caddy is isolated from the host machine, so it’s not able to automate installation of the root cert to your system and browser trust stores.

So you’ll need to install it yourself manually, if using Docker. You’ll only need to do this once (as long as you don’t wipe out Caddy’s storage).

You can find the root cert in /data/caddy/pki/authorities/local/root.crt

Chrome and Firefox now have their own trust stores, and they ignore the system’s trust store in many cases. So you might need to install it in your browser’s trust store as well. The instructions depend on your browser – use Google to find instructions for that :+1:

Try making a request with curl -v https://buynow.localhost and see if that works. Curl will use your system’s trust store (usually).


This topic was automatically closed after 30 days. New replies are no longer allowed.