Think I’ve gone down the rabbit hole on this one.
I have more than one Debian machine that I host apps on. I want to serve them with https, so I decided it was best to centrally get the domain cert/key (I’ve used certwarden) and use a script/cron job on each server to get the certs. Then use caddy to reverse-proxy.
So, after some research I decided that certs should be placed in /etc/SSL/certs (keys in /etc/SSL/private). Problem is caddy can’t get to them. I’ve tried messing around with permissions etc but I suspect I’m running into issues because I’m not doing this the proper way.
What is the proper way of doing it? Or is there a much easier solution?
You mean you have a script that pulls in the cert from a central source (where certwarden renews it), and then caddy can’t access it locally?
Exactly what error is Caddy giving? What permissions have you tried and what was the result? How are you restarting Caddy after renewal? Why do you have multiple reverse proxies?