Caddy does not manage any automatic certificates

Started by BombusAlpinus, December 04, 2024, 09:27:59 AM

Previous topic - Next topic
Hi, upgraded today from 24.7.9_1 to 24.7.10_1 and the caddy widget shows
"Caddy does not manage any automatic certificates" as shown in the attachment.

This was not the case in 24.7.9_1 where the certificates and their due date was shown.

Anyone also experiencing this? Is this only a display/cosmetic issue or will the certs not be renewed in future?
Settings are the same as before the update where it was working.

Thanks!




December 04, 2024, 01:14:17 PM #1 Last Edit: December 04, 2024, 01:27:34 PM by Monviech (Cedrik)
I have rewritten the certificate widget to not show certificates that have no corresponding domain configured.

https://github.com/opnsense/plugins/pull/4372

For me it worked when I tested it, maybe there is a difference for you.

Can you tell me how the folders are named in /var/db/caddy/data/caddy/certificates/
Go into the sub paths until you find your folders that contain the certificates.
I want to know if theres something different regarding your domain names.

Also please tell me your domain names (can be generalized). Are you using wildcard domains by any chance?

I want to know if the configured domain name and the name of the folders match.

E.g.:

Configured Domain: sub1.example.com
Folder: sub1.example.com

Configured Domain: *.example.com
Folder: *.example.com
Hardware:
DEC740

December 04, 2024, 01:59:57 PM #2 Last Edit: December 04, 2024, 02:31:16 PM by BombusAlpinus
hi, thanks for reply.

i'm using three wildcard domains. one of them is deactivated in the gui.
in the folder structure my domain folders look like this:

configured domain: *.domain01.tld
folder: wildcard_.domain01.tld

configured domain: *.domain02.tld
folder: wildcard_.domain02.tld

and i found one domain folder from a domain which has been deleted some time ago which looks like orphaned data in the certificates folder...

hope this helps.





Oh thank you, yeah that helps. I can see about patching that later. Thanks for your report.

And yes, there will be orphaned data in there, the storage is controlled by caddy itself with storage routines. Better not mess with it.

Thats why I changed the widget to only show relevant data.
Hardware:
DEC740

u're welcome and thanks for taking care of it  ;)

If the file is also called

wildcard_.example.com

then this patch should fix it. I have tested it in my own caddy and it shows the fake wildcard cert I created.

https://github.com/opnsense/plugins/pull/4385
Hardware:
DEC740

December 05, 2024, 05:51:05 AM #6 Last Edit: December 05, 2024, 05:53:31 AM by BombusAlpinus
hi, just "patched" the corresponding file manually and... the patch works  ;)
thanks!


December 05, 2024, 06:12:07 AM #7 Last Edit: December 05, 2024, 08:12:08 AM by Monviech (Cedrik)
Nice thank you for testing  ;D

EDIT:

Here is the patch for anybody else with the same problem:


opnsense-patch -c plugins 6d79d32ea8e94e522e53d16d6c7871414340110c
Hardware:
DEC740