If you're looking to add your own SSL certificate to a Caddy Server instance, this guide will walk you through the process. Caddy makes handling SSL certificates very simple, but in cases where you want to use your own certificate (perhaps for a custom domain or internal needs), you'll need to configure it manually. Here's how to add an SSL certificate to your Caddy server, assuming your CaddyFile is located at /etc/caddy/Caddyfile.
Ensure that your SSL certificate and the corresponding private key are placed in a secure directory on your server. For this guide, let's assume you've placed them in /etc/ssl/certs/ and /etc/ssl/private/.
For example:
/etc/ssl/certs/yourdomain.crt/etc/ssl/private/yourdomain.keyMake sure the files are only accessible by users with the appropriate permissions (preferably root) to avoid security risks.
Open your CaddyFile located at /etc/caddy/Caddyfile using a text editor such as nano or vim:
sudo nano /etc/caddy/Caddyfile
Add the configuration for your site:
example.com {
tls /etc/ssl/certs/yourdomain.crt /etc/ssl/private/yourdomain.key
}
In this example:
tls specifies the path to your custom SSL certificate and private key.example.com is your domain.Before restarting the Caddy service, you should check if the configuration is correct. You can do this by running:
sudo caddy validate --config /etc/caddy/Caddyfile
This will check for syntax errors in your CaddyFile. If there are no errors, you can proceed to restart the service.
Once you've made your changes, you'll need to restart Caddy for them to take effect:
sudo systemctl restart caddy
This command will restart the Caddy service and apply your changes. Your site should now be using your custom SSL certificate.
To verify that your SSL certificate has been properly applied, you can use a browser or tools like curl or openssl. For example, you can run:
curl -v https://example.com
Look for the SSL certificate details to confirm that the one you installed is being used.
File Permission Issues: Make sure that the SSL certificate and key files are readable by Caddy (which typically runs as the caddy user). Check the permissions using ls -l /etc/ssl/certs/yourdomain.crt and ls -l /etc/ssl/private/yourdomain.key. You can change the permissions using chmod or chown.
Caddy Won’t Restart: If Caddy fails to restart, check the logs for error messages using journalctl -u caddy or check the status of the service with systemctl status caddy.
By following these steps, you can configure Caddy to use your own SSL certificates instead of its default automatic certificates. This is especially useful if you're required to use a specific SSL certificate or for internal services where Let’s Encrypt is not preferred.