Think I’ve gone down the rabbit hole on this one.
I have more than one Debian machine that I host apps on. I want to serve them with https, so I decided it was best to centrally get the domain cert/key (I’ve used certwarden) and use a script/cron job on each server to get the certs. Then use caddy to reverse-proxy.
So, after some research I decided that certs should be placed in /etc/SSL/certs (keys in /etc/SSL/private). Problem is caddy can’t get to them. I’ve tried messing around with permissions etc but I suspect I’m running into issues because I’m not doing this the proper way.
What is the proper way of doing it? Or is there a much easier solution?
You could try to debug the permission issue… Like take a note of the current permissions, chmod the certificates to 666 and the parent directories to 777 and see if that works. Then progressively cut them down again and see when it fails. And/or give caddy all the group permissions ssl, acme, certwarden… and then check which one makes it fail or work.