1. Caddy version (caddy version
):
Using Caddy in docker. Version 2.1.1
2. How I run Caddy:
The failing command: caddy validate --config /etc/caddy/Caddyfile
a. System environment:
Linux … 4.9.0-14-amd64 #1 SMP Debian 4.9.240-2 (2020-10-30) x86_64 GNU/Linux
Docker version 19.03.13, build 4484c46d9d
Official caddy Docker Image
b. Command:
caddy validate --config /etc/caddy/Caddyfile
c. Service/unit/compose file:
FROM caddy:2.1.1
COPY Caddyfile /etc/caddy/Caddyfile
COPY wildcard-my-domain-org.pem /etc/ssl/
COPY wildcard-my-domain-org.key /etc/ssl/
RUN caddy validate --config /etc/caddy/Caddyfile
d. My complete Caddyfile or JSON config:
datax.my-domain.org {
# General Configuration
@isJson path *.json
header @isJson Content-Type "application/json; charset=UTF-8"
tls /etc/ssl/wildcard-my-domain-org.pem /etc/ssl/wildcard-my-domain-org.key
}
3. The problem I’m having:
I received the wildcard certificate as 3 file:
wildcard-my-domain-org.crt
wildcard-my-domain-org.csr
wildcard-my-domain-org.intermdiat
wildcard-my-domain-org.key
As far as I understood I could concate the crt
and intermediat
file into one pem
file.
I did so and this is how the file looks (omittin all the base 64 characters in-between)
-----BEGIN CERTIFICATE-----
MIIHPjCCBiagAwIBAgIQAheaSIVJNyMZqtpSqAab3TANBgkqhkiG9w0BAQsFADBZ
[…]
t9ODZ7+fv3rsNRz/APDD5P1xe50rBMEdeMI9eF1+ItfeOw==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIDrzCCApegAwIBAgIQCDvgVpBCRrGhdWrJWZHHSjANBgkqhkiG9w0BAQUFADBh
[…]
CAUw7C29C79Fv1C5qfPrmAESrciIxpg0X40KPMbp1ZWVbd4=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIFUTCCBDmgAwIBAgIQB5g2A63jmQghnKAMJ7yKbDANBgkqhkiG9w0BAQsFADBh
[…]
yWQlk9VDV296EI/kQOJNLVEkJ54P
-----END CERTIFICATE-----
I get a warning when valdating my Caddyfile and when starting the server.
4. Error messages and/or full log output:
{“level”:“info”,“ts”:1607500171.5655055,“msg”:“using provided configuration”,“config_file”:"/etc/caddy/Caddyfile",“config_adapter”:""}
2020/12/09 07:49:31 [INFO][cache:0xc000075ce0] Started certificate maintenance routine
2020/12/09 07:49:31 [WARNING] Stapling OCSP: no OCSP stapling for [*.my-domain.org my-domain.org]: parsing OCSP response: bad OCSP signature: crypto/rsa: verification error
{“level”:“info”,“ts”:1607500171.7454128,“logger”:“http”,“msg”:“skipping automatic certificate management because one or more matching certificates are already loaded”,“domain”:“datax.my-domain.org”,“server_name”:“srv0”}
{“level”:“info”,“ts”:1607500171.7454813,“logger”:“http”,“msg”:“enabling automatic HTTP->HTTPS redirects”,“server_name”:“srv0”}
Valid configuration
2020/12/09 07:49:31 [INFO][cache:0xc000075ce0] Stopped certificate maintenance routine
5. What I already tried:
I tried without the intermediate certificates and the warning disappeard. But then, of course, the certicate cain can’t be verified on the client’s side.