Think I’ve gone down the rabbit hole on this one.
I have more than one Debian machine that I host apps on. I want to serve them with https, so I decided it was best to centrally get the domain cert/key (I’ve used certwarden) and use a script/cron job on each server to get the certs. Then use caddy to reverse-proxy.
So, after some research I decided that certs should be placed in /etc/SSL/certs (keys in /etc/SSL/private). Problem is caddy can’t get to them. I’ve tried messing around with permissions etc but I suspect I’m running into issues because I’m not doing this the proper way.
What is the proper way of doing it? Or is there a much easier solution?
Probably need a bit more detail for this like
caddylogs and your caddy config. I did a similar thing on NixOS with services.acme getting the certs and then configuring the cert files to includecaddygroup access (I didn’t use caddy directly either for those reading as the DNS challenge approach requires third party plugins which is a bit annoying on NixOS).