What does it mean TLS certificate must be a bundle?

Abscon_Ditus · January 23, 2020, 9:31am

Hello guys,

I’ve set up a reverse proxy using Caddyserver version 1.

My requirements are to manually install a TLS certificate. While reading the V1 documentation, I got confused regarding ‘tls’ directive, and more specifically the first parameter ‘cert’. The documentation states:

cert is the certificate file. If the certificate is signed by a CA, this certificate file should be a bundle: a concatenation of the server’s certificate followed by the CA’s certificate (root certificate usually not necessary).

Link to documentation: https://caddyserver.com/v1/docs/tls

I’ve already bought my certificate and I received two files:
Sectigo_RSA_Domain_Validation_Secure_Server_CA.crt
USERTrust_RSA_Certification_Authority.crt

What does the documentation mean by bundle, a concatenation of the server’s certificate followed by CA’s certificate? Where do I get the server’s certificate and also how do I concatenate them to create the bundle?

Many thanks for this great software and sorry if my question is dumb.

Best regards,
Abscon

francislavoie · January 23, 2020, 10:56am

Open a text editor, paste the contents of Sectigo_RSA_Domain_Validation_Secure_Server_CA.crt first, then the contents of USERTrust_RSA_Certification_Authority.crt after it.

It should look like this:

-----BEGIN CERTIFICATE----- 
<contents>
-----END CERTIFICATE----- 
-----BEGIN CERTIFICATE----- 
<contents>
-----END CERTIFICATE-----

That said, is there a reason you don’t use Automatic HTTPS? See https://caddyserver.com/v1/docs/automatic-https, you don’t need to buy certificates anymore, you can let Caddy issue a certificate for you automatically from Let’s Encrypt, for free.

Abscon_Ditus · January 23, 2020, 11:54am

Hello Francis,

Thank you for your clear explanation. I wish I could let Caddyserver deal with TLS automatically but my client insists to use his own certificate.

Anyways, kudos to Caddy and the community for developing and supporting this great product.

Best regards,
Abscon

system · April 22, 2020, 12:00pm

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.