Steps to convert certificates generated by Caddy Server to certificates that Nginx can use

convertCaddyCerts.md

Convert Caddy Server certificates to LetsEncrypt certificates to be used by Nginx

Caddy

When using Caddy Server, it stores certificates in ~/.caddy/acme/acme-v01.api.letsencrypt.org/sites/{your domain name}/

3 files are stored in the folder called:

• {yourdomain}.crt
• {yourdomain}.json
• {yourdomain}.key

LetsEncrypt + Nginx

When using LetsEncrypt's Certbot and Nginx, LetsEncrypt will store its certificates in /etc/letsencrypt/archive/{your domain name}/ with symbolic links to /etc/letsencrypt/live/{your domain name}/ with the following files:

• cert.pem
• chain.pem
• fullchain.pem
• privkey.pem

Steps to convert Caddy to LetsEncrypt:

• Copy ~/.caddy/acme/acme-v01.api.letsencrypt.org/sites/{yourdomain}/{yourdomain}.crt to cert.pem

• Copy the Active 'Intermediate Certificate' from https://letsencrypt.org/certificates/ and safe it as chain.pem

• copy cert.pem + chain.pem in that order to one file called fullchain.pem

• copy ~/.caddy/acme/acme-v01.api.letsencrypt.org/sites/{yourdomain}/{yourdomain}.key to privkey.pem

You can then use the *.pem files in an Nginx virtual host config file similar to the following:

server {
 
    [..]
 
    location / {
        [..]
    }

    listen 443 ssl;
    ssl_certificate /your/chosen/path/to/fullchain.pem;
    ssl_certificate_key /your/chosen/path/to/privkey.pem;
    include /your/chosen/path/to/options-ssl-nginx.conf;
    ssl_dhparam /your/chosen/path/to/ssl-dhparams.pem;

}

When you say

copy cert.pem + chain.pem in that order to one file called fullchain.pem

Do you mean cat cert.pem chain.pem > fullchain.pem ?

Do you mean cat cert.pem chain.pem > fullchain.pem ?

Yup, exactly

Okay thank you very much. :)

…

Le 5 avr. 2021 à 14:29, Gordon Murray ***@***.***> a écrit : @gordonmurray commented on this gist. Do you mean cat cert.pem chain.pem > fullchain.pem ? Yup, exactly — You are receiving this because you commented. Reply to this email directly, view it on GitHub <https://gist.github.com/433e455653983adc67df6754e4e9b3f5#gistcomment-3693562>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAA34XKPDEZULGTJNLHMX23THGUJXANCNFSM42MXKTBQ>.

@gordonmurray: Am I correct in thinking that PEM_BUNDLE="$(cat privkey.pem chain.pem | tr '\n' ' ')" would satisfy this portion of HashiCorp Vault setup of PKI? (See warning in paragraph 1 here for context.)

@gordonmurray: Am I correct in thinking that PEM_BUNDLE="$(cat privkey.pem chain.pem | tr '\n' ' ')" would satisfy this portion of HashiCorp Vault setup of PKI?

It looks like that would suffice alright, though I don't know enough about Vault I'm afraid to know if its definitely going to work.