Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Where are certs stored under the default systemd setup? #3468

Closed
makew0rld opened this issue Jun 2, 2020 · 4 comments
Closed

Where are certs stored under the default systemd setup? #3468

makew0rld opened this issue Jun 2, 2020 · 4 comments

Comments

@makew0rld
Copy link

I installed caddy on Debian, using the recommended apt package. This package also installed the following systemd service file (comments removed):

[Unit]
Description=Caddy
Documentation=https://caddyserver.com/docs/
After=network.target

[Service]
User=caddy
Group=caddy
ExecStart=/usr/bin/caddy run --environ --config /etc/caddy/Caddyfile
ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile
TimeoutStopSec=5s
LimitNOFILE=1048576
LimitNPROC=512
PrivateTmp=true
ProtectSystem=full
AmbientCapabilities=CAP_NET_BIND_SERVICE

[Install]
WantedBy=multi-user.target

This docs page suggests that I would be able to find certs under $HOME/.local/share/caddy, but Caddy is running under user caddy, which doesn't have a home directory. Where would I find the certs? They used to be in /etc/ssl/caddy for v1, but that seems to have changed.
@makew0rld
Copy link
Author

Alright, after running sudo find / -type d -name '*caddy*' for a while and waiting, I found that the certs are now stored in the /var/lib/caddy/.local/share/caddy directory. I'd appreciate if this was documented along at the page I linked above.

@mholt
Copy link
Member

mholt commented Jun 2, 2020
edited

Thanks for your question, and I'm thrilled that you're using Caddy! This looks more like a question about how to use Caddy rather than a bug report or feature request.

You can use the caddy environ to find the paths and other environmental things it sees. This is documented here: https://caddyserver.com/docs/command-line#caddy-environ

Since this issue tracker is reserved for actionable development items, I'm going to close this, but we have a community forum where more people will be exposed to your question, including people who may be more expert or experienced with the specific question you're facing. I hope you'll ask your question there, and thanks for understanding!

@mholt mholt closed this as completed Jun 2, 2020
@makew0rld
Copy link
Author

I will have to run it as the caddy user though, so the command would be sudo -u caddy caddy environ. I'd still appreciate if this was added to the docs, or as a comment in the systemd service file, because it is the default place for certs for anyone who uses the systemd service.

@mholt
Copy link
Member

mholt commented Jun 2, 2020
edited

Just append the --environ flag to your run command then. That's what our official service file does.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mholt @makew0rld