1. The problem I’m having:
I am trying to use the caddy certificates for mail.example.au, which are used for the Poste.io nginx admin portal and roundcube webmail via the reverse proxy shown below. Caddy, the reverse proxy and the admin portal and roundcube are all working perfectly.
My issue is working out HOW to use the working certificates with poste.io SMTP TLS.
2. Error messages and/or full log output:
PASTE OVER THIS, BETWEEN THE ``` LINES.
Please use the preview pane to ensure it looks nice.
3. Caddy version:
unknown - literally returns “unknown,” i’m guessing a bug in the current release for alpine.
4. How I installed and ran Caddy:
apk add caddy
a. System environment:
alpine amd64
b. Command:
service caddy start
c. Service/unit/compose file:
#!/sbin/openrc-run
supervisor=supervise-daemon
name="Caddy web server"
description="Fast, multi-platform web server with automatic HTTPS"
description_checkconfig="Check configuration"
description_reload="Reload configuration without downtime"
: ${caddy_opts:="--config /etc/caddy/Caddyfile --adapter caddyfile"}
command=/usr/sbin/caddy
command_args="run $caddy_opts"
command_user=caddy:caddy
extra_commands="checkconfig"
extra_started_commands="reload"
depend() {
need net localmount
after firewall
}
checkconfig() {
ebegin "Checking configuration for $name"
su ${command_user%:*} -s /bin/sh -c "$command validate $caddy_opts"
eend $?
}
reload() {
ebegin "Reloading $name"
su ${command_user%:*} -s /bin/sh -c "$command reload $caddy_opts"
eend $?
}
stop_pre() {
if [ "$RC_CMD" = restart ]; then
checkconfig || return $?
fi
}
d. My complete Caddy config:
{
admin localhost:2019 {
origins 203.12.4.138 localhost:2019
}
email yay101@gmail.com
}
cdtech.au {
root * /var/www/cdtech.au
file_server
@post {
method POST
}
reverse_proxy @post localhost:3000
}
ip.cdtech.au {
header Content-Type text/plain
header Access-Control-Allow-Origin *
templates
respond "{{.RemoteIP}}"
}
portainer.cdtech.au {
reverse_proxy localhost:9000
}
mail.cdtech.au {
reverse_proxy localhost:8000
}
mm.cdtech.au {
reverse_proxy localhost:8065
}
5. Links to relevant resources:
The poste.io readme with the vague explaination:
cat /opt/poste/ssl/README.md
This directory is supposed to have 3 keys which are copied to various places to mailserver.
- ca.crt
Certification authority public keys (or "intermediate certificate"). There is
"-----BEGIN CERTIFICATE-----" once or more times.
- server.crt
Your public key generated by your CA. It should have one "-----BEGIN CERTIFICATE-----"
in it
- server.key
Your private key, it should have "-----BEGIN RSA PRIVATE KEY-----" in it
There is also
- dh1024.pem
Its generated Diffie-Hellman paramaters. File is generated once at first container startup - there is no need to manipulate with that file even if you changi
I’ve tried the appropriate mail.example.au.crt as both/ either the ca.crt and server.crt and mail.example.au.key as the server.key.
I tried Steps to convert certificates generated by Caddy Server to certificates that Nginx can use · GitHub suggestion of using the pem from LE as both/ either the the ca.crt and server.crt as well. I also tried combining them just in case the poste.io actually wanted the full chain.
I noticed the readme asks for “-----BEGIN RSA PRIVATE KEY-----” but instead the key from caddy is “-----BEGIN EC PRIVATE KEY-----” i don’t feel like this should be an issue.
I will be posting where i can for poste.io as well, i just know there are some very switched on people here who may have an idea.