1. Caddy version (caddy version
):
-
Current:
v2.0.0-beta.15 h1:Td1esMk7bebftnoBuT3gOqUGxew5HqdIKw3s36S8tNw=
-
Want to update to:
v2.3.0 h1:fnrqJLa3G5vfxcxmOH/+kJOcunPLhSBnjgIvjXV/QTA=
2. How I run Caddy:
a. System environment:
- Ubuntu: 20.04.1
- Go: 1.15.7
- xcaddy: 0.1.7
b. Command:
sudo systemctl daemon-reload
sudo systemctl enable caddy
sudo systemctl start caddy
c. Service/unit/compose file:
[Unit]
Description=Caddy Web Server
Documentation=https://caddyserver.com/docs/
After=network.target
[Service]
User=caddy
Group=caddy
ExecStart=/usr/bin/caddy run --config /etc/caddy/caddy.json --resume --environ
ExecReload=/usr/bin/caddy reload --config /etc/caddy/caddy.json
TimeoutStopSec=5s
LimitNOFILE=1048576
LimitNPROC=512
PrivateTmp=true
ProtectSystem=full
AmbientCapabilities=CAP_NET_BIND_SERVICE
[Install]
WantedBy=multi-user.target
d. My complete Caddyfile or JSON config:
{
"apps": {
"tls": {
"automation": {
"policies": [{
"hosts": ["*.tryhexadecimal.com"],
"management": {
"module": "acme",
"email": "letsencrypt@tryhexadecimal.com",
"challenges": {
"dns": {
"provider": "cloudflare",
"api_token": ""
}
}
}
},
{
"management": {
"module": "acme",
"email": "letsencrypt@tryhexadecimal.com",
"on_demand": true
}
}],
"on_demand": {
"ask": "https://dashboard.tryhexadecimal.com/webhooks/caddy"
}
}
},
"http": {
"servers": {
"srv0": {
"listen": [
":443"
],
"routes": [
{
"match": [
{
"host": [
"*.tryhexadecimal.com",
"*.*.*"
]
}
],
"handle": [
{
"handler": "subroute",
"routes": [
{
"handle": [
{
"encodings": {
"gzip": {}
},
"handler": "encode"
},
{
"handler": "reverse_proxy",
"headers": {
"request": {
"set": {
"Host": [
"{http.request.host}"
],
"X-Forwarded-For": [
"{http.request.remote.host}"
],
"X-Forwarded-Port": [
"{server_port}"
],
"X-Forwarded-Proto": [
"{http.request.scheme}"
],
"X-Real-Ip": [
"{http.request.remote.host}"
]
}
}
},
"upstreams": [
{
"dial": "0.0.0.0:3000"
}
]
}
]
}
]
}
],
"terminal": true
}
]
}
}
}
}
}
3. The problem I’m having:
I’m trying to upgrade Caddy from 2.0.0.beta15
to 2.3.0
. I just want to make sure I didn’t miss anything:
-
tls > automation > policies:
management
was renamed toissuers
- tls > automation > policies:
hosts
was renamed tosubjects
- tls > automation > policies:
issuers
is now an array of objects, instead of an object - tls > automation > policies:
on_demand
field is not part of theissuers
anymore -
tls > automation > policies > issuers > acme > challenges > dns > provider:
provider
is now an object, instead of a string
Based on the above, here’s the updated config file. Am I missing something?
{
"apps": {
"tls": {
"automation": {
"policies": [{
"subjects": ["*.tryhexadecimal.com"],
"issuers": [{
"module": "acme",
"email": "letsencrypt@tryhexadecimal.com",
"challenges": {
"dns": {
"provider": {
"name": "cloudflare",
"api_token": "API KEY"
}
}
}
}]
},
{
"issuers": [{
"module": "acme",
"email": "letsencrypt@tryhexadecimal.com"
}],
"on_demand": true
}],
"on_demand": {
"ask": "WEBHOOK URL"
}
}
},
"http": {
"servers": {
"srv0": {
"listen": [
":443"
],
"routes": [
{
"match": [
{
"host": [
"*.tryhexadecimal.com",
"*.*.*"
]
}
],
"handle": [
{
"handler": "subroute",
"routes": [
{
"handle": [
{
"encodings": {
"gzip": {}
},
"handler": "encode"
},
{
"handler": "reverse_proxy",
"headers": {
"request": {
"set": {
"Host": [
"{http.request.host}"
],
"X-Forwarded-For": [
"{http.request.remote.host}"
],
"X-Forwarded-Port": [
"{server_port}"
],
"X-Forwarded-Proto": [
"{http.request.scheme}"
],
"X-Real-Ip": [
"{http.request.remote.host}"
]
}
}
},
"upstreams": [
{
"dial": "0.0.0.0:3000"
}
]
}
]
}
]
}
],
"terminal": true
}
]
}
}
}
}
}
I get the “failed to install root certificate” message. Based on the previous threads, this shouldn’t be a big deal?
{"level":"error","ts":1611840704.7908254,"logger":"pki.ca.local","msg":"failed to install root certificate","error":"failed to execute sudo: exit status 1","certificate_file":"storage:pki/authorities/local/root.crt"}