Various Permission Errors etc when caddy adapt and caddy run

Help
1

1. The problem I’m having:

I get a number of permission errors and depreciation warnings with my very simple caddyfile

2. Error messages and/or full log output:

2023/10/02 23:25:26.817	WARN	tls	stapling OCSP	{"error": "unable to write OCSP staple file for [*.example.net example.net]: mkdir /Users/user/Library/Application Support/Caddy/ocsp: permission denied"}

2023/10/02 23:25:26.818 ERROR unable to autosave config {“file”: “/Users/user/Library/Application Support/Caddy/autosave.json”, “error”: “open /Users/user/Library/Application Support/Caddy/autosave.json: permission denied”}

2023/10/02 23:51:41.960	WARN	caddyfile	Using a path in a site address is deprecated; please use the 'handle' directive instead	{"address": ""}

Error: loading initial config: loading new config: tls app module: start: automate: managing [tls]: automate: manage [tls]: tls: caching certificate: open /Users/user/Library/Application Support/Caddy/certificates/acme-v02.api.letsencrypt.org-directory/tls/tls.key: permission denied
user@example~ %


## 3. Caddy version:

v2.7.4

## 4. How I installed and ran Caddy:

https://ports.macports.org/port/caddy/

## a. System environment:
<!-- OS, architecture, relevant versions, systemd? Docker? etc. -->
MacOS Catalina on 2012 i7 Mac Mini

## b. Command:

caddy adapt

caddy run

d. My complete Caddy config:

tls /etc/ssl/certificate.pem /etc/ssl/serverKey.pem
respond "Hiya World!"

5. Links to relevant resources:

2

This all just means that Caddy doesn’t have permission to access these files. That’s something you’ll need to adjust on your system somehow (better to ask a Mac forum that probably).

It’s hard to say since I don’t think your post is formatted properly and it’s missing information and it’s hard to read. Please correct the formatting so we can make sense of it.

3

2023/10/02 23:55:55.489 WARN caddyfile Using a path in a site address is deprecated; please use the ‘handle’ directive instead {“address”: “”}

4

You haven’t shared your Caddyfile. Without seeing it, we can’t recommend what to do to fix the warning.

5

Now throwing continual errors about trying to reach certificate issuer, however I have a commercial certificate from GoDaddy, how do I stop these errors?

2023/10/03 02:06:35.503 ERROR tls.obtain could not get certificate from issuer {identifier: tls, issuer: acme.zerossl.com-v2-DV90, error: HTTP 400 urn:ietf:params:acme:error:rejectedIdentifier - Invalid DNS identifier [tls]}
2023/10/03 02:06:35.504 ERROR tls.obtain will retry {error: [tls] Obtain: [tls] creating new order: attempt 1: https://acme.zerossl.com/v2/DV90/newOrder: HTTP 400 urn:ietf:params:acme:error:rejectedIdentifier - Invalid DNS identifier [tls] (ca=https://acme.zerossl.com/v2/DV90), attempt: 1, retrying_in: 60, elapsed: 6.417913977, max_duration: 2592000}
2023/10/03 02:07:35.506 INFO tls.obtain obtaining certificate {identifier: tls}
2023/10/03 02:07:36.737 ERROR tls.obtain could not get certificate from issuer {identifier: tls, issuer: acme-v02.api.letsencrypt.org-directory, error: HTTP 400 urn:ietf:params:acme:error:rejectedIdentifier - Error creating new order :: Cannot issue for \tls: Domain name needs at least one dot}
2023/10/03 02:07:37.739 ERROR tls.obtain could not get certificate from issuer {identifier: tls, issuer: acme.zerossl.com-v2-DV90, error: HTTP 400 urn:ietf:params:acme:error:rejectedIdentifier - Invalid DNS identifier [tls]}
2023/10/03 02:07:37.739 ERROR tls.obtain will retry {error: [tls] Obtain: [tls] creating new order: attempt 1: https://acme.zerossl.com/v2/DV90/newOrder: HTTP 400 urn:ietf:params:acme:error:rejectedIdentifier - Invalid DNS identifier [tls] (ca=https://acme.zerossl.com/v2/DV90), attempt: 2, retrying_in: 120, elapsed: 68.654623413, max_duration: 2592000}
6

Caddy file is as above, also now below:

### d. My complete Caddy config:

tls /etc/ssl/certificate.pem /etc/ssl/serverKey.pem
respond “Hiya World!”

7

And also now longer serving secure https pages, although it was working OK for a couple of hours

8

The formatting is still messed up, and I think only part of your config file is there. It’s hard to know for sure what the real situation is with bad formatting + partial config file.

That said, we are very impressed that you posted your logs as a table. That is surprisingly helpful for readability.

9

I think you might be confused about how to structure your Caddyfile. You must have a site address as the first thing in your config.

Your formatting is still messed up. Please make sure your config/logs are within code blocks, i.e. starting and ending with ``` on each their own lines.

1 Like
10

Sorry I don’t know why formatting is messed up, I have hash hash at beginning of lines and they are not formatting as headings, and I have ``` between code blocks, no idea why that isn’t working.

Thanks, I have added the site address at the beginning of my caddyfile and fixed the directory privileges where caddy was trying to write, and the error messages have stopped. Caddy is now hosting securely again.
My revised caddy file is:

serve.example.com
tls /etc/ssl/certificate.pem /etc/ssl/key.pem
respond “Hiya World!”
1 Like
11

Hurray! That looks much better. :slight_smile: Good job figuring that out!

12

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.