Want to load my letsencrypt certificates

1. My Caddy version (caddy -version):

I use docker image: abiosoft/caddy

2. How I run Caddy:

docker-compose up -d

a. System environment:

Docker version 19.03.3, build a872fc2
docker-compose version 1.23.2, build 1110ad01

b. Command:

docker-compose up -d

c. Service/unit/compose file:

    version: '3'
    volumes:
      caddy:

    services:
      caddy:
        image: abiosoft/caddy
        ports:
          - 80:80
          - 443:443
        volumes:
          - /opt/Caddyfile:/etc/Caddyfile
          - $HOME/.caddy:/root/.caddy
        environment:
          ACME_AGREE: 'true'

d. My complete Caddyfile:

status.serverkurma.com {
  proxy / netdata:19999
  tls /opt/certs/fullchain.pem /opt/certs/privkey.pem
}

3. The problem I’m having:

I have letsencrypt certificates fullchain.pem and privkey.pem. I want to start caddy docker with them and use that local certificates files I uploaded.

4. Error messages and/or full log output:

2019/10/12 15:17:43 /etc/Caddyfile:3 - Error during parsing: Unable to load certificate and key files for ‘status.serverkurma.com’: open /opt/certs/fullchain.pem: no such file or directory

5. What I already tried:

chaning tsl block and didnt help anything. Changed permissions of certs folder.

My cert files in /opt folder

drw-r-----  2 root www-data 4096 Oct 12 17:14 certs/

Thank you.

I fixed volume problem now I get this error:

2019/10/12 19:07:54 [INFO] Successfully loaded TLS assets from /etc/ssl/fullchain.pem and /etc/ssl/privkey.pem
Activating privacy features... done.

Serving HTTPS on port 2015
https://status.serverkurma.com:2015

2019/10/12 19:07:54 [INFO] Serving https://status.serverkurma.com:2015
2019/10/12 19:07:54 [INFO][cache:0xc000032820] Started certificate maintenance routine
2019/10/12 19:07:54 [WARNING] Sending telemetry (attempt 1): Post https://telemetry.caddyserver.com/v1/update/9c4a6c78-3cbb-41ad-be77-d02eac89f471: x509: certificate signed by unknown authority - backing off and retrying
2019/10/12 19:08:02 [WARNING] Sending telemetry (attempt 2): Post https://telemetry.caddyserver.com/v1/update/9c4a6c78-3cbb-41ad-be77-d02eac89f471: x509: certificate signed by unknown authority - backing off and retrying
2019/10/12 19:08:30 [WARNING] Sending telemetry (attempt 3): Post https://telemetry.caddyserver.com/v1/update/9c4a6c78-3cbb-41ad-be77-d02eac89f471: x509: certificate signed by unknown authority - backing off and retrying
2019/10/12 19:09:34 [ERROR] Sending telemetry: Post https://telemetry.caddyserver.com/v1/update/9c4a6c78-3cbb-41ad-be77-d02eac89f471: x509: certificate signed by unknown authority


My config:

 status.serverkurma.com {
tls /etc/ssl/fullchain.pem /etc/ssl/privkey.pem

tls {
    ask http://localhost:19999
}

  proxy / netdata:19999
}

I added this line and start working :

tls {
    ask http://localhost:19999
}

but why?

Hi @abakisensoy, welcome to the Caddy community.

Have a look at the documentation for Automatic HTTPS - emphasis mine:

Caddy automatically enables HTTPS for all your sites, given that some reasonable criteria are met:

  • The hostname:
    • is not empty
    • is not localhost
    • is not an IP address
    • has no more than 1 wildcard ( * )
    • wildcard must be left-most label
  • The port is not explicitly 80
  • The scheme is not explicitly http
  • TLS is not turned off in site’s definition
  • Certificates and keys are not provided by you
  • Caddy is able to bind to ports 80 and 443 (unless you use the DNS challenge)

https://caddyserver.com/docs/automatic-https

Since you provided keys, Automatic HTTPS is disabled. With Automatic HTTPS disabled, Caddy does not manage your certificate, set up a redirect listener, or move the port to 443 - it sticks with the default port 2015.

You’d have to configure your sites manually to replicate the behaviour of Automatic HTTPS.

1 Like

Thank you I understand now.

Could you give me any guides or docs about how to set up a redirect listener, or move the port to 443 ?

Redirects are done with the redir directive:

https://caddyserver.com/docs/redir

You can specify the port in the site label:

https://caddyserver.com/docs/http-caddyfile#addresses

As a quick note also, the port is implicit in the scheme, so instead of specifying :443 for example you could use https:// (which I find looks nicer and is more intuitive).