Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Steps to convert certificates generated by Caddy Server to certificates that Nginx can use

Convert Caddy Server certificates to LetsEncrypt certificates to be used by Nginx

Caddy

When using Caddy Server, it stores certificates in ~/.caddy/acme/acme-v01.api.letsencrypt.org/sites/{your domain name}/

3 files are stored in the folder called:

  • {yourdomain}.crt
  • {yourdomain}.json
  • {yourdomain}.key

LetsEncrypt + Nginx

When using LetsEncrypt's Certbot and Nginx, LetsEncrypt will store its certificates in /etc/letsencrypt/archive/{your domain name}/ with symbolic links to /etc/letsencrypt/live/{your domain name}/ with the following files:

  • cert.pem
  • chain.pem
  • fullchain.pem
  • privkey.pem

Steps to convert Caddy to LetsEncrypt:

  • Copy ~/.caddy/acme/acme-v01.api.letsencrypt.org/sites/{yourdomain}/{yourdomain}.crt to cert.pem

  • Copy the Active 'Intermediate Certificate' from https://letsencrypt.org/certificates/ and safe it as chain.pem

  • copy cert.pem + chain.pem in that order to one file called fullchain.pem

  • copy ~/.caddy/acme/acme-v01.api.letsencrypt.org/sites/{yourdomain}/{yourdomain}.key to privkey.pem

You can then use the *.pem files in an Nginx virtual host config file similar to the following:

server {
 
    [..]
 
    location / {
        [..]
    }

    listen 443 ssl;
    ssl_certificate /your/chosen/path/to/fullchain.pem;
    ssl_certificate_key /your/chosen/path/to/privkey.pem;
    include /your/chosen/path/to/options-ssl-nginx.conf;
    ssl_dhparam /your/chosen/path/to/ssl-dhparams.pem;

}
@yifu

This comment has been minimized.

Copy link

@yifu yifu commented Apr 5, 2021

When you say

copy cert.pem + chain.pem in that order to one file called fullchain.pem

Do you mean cat cert.pem chain.pem > fullchain.pem ?

@gordonmurray

This comment has been minimized.

Copy link
Owner Author

@gordonmurray gordonmurray commented Apr 5, 2021

Do you mean cat cert.pem chain.pem > fullchain.pem ?

Yup, exactly

@yifu

This comment has been minimized.

Copy link

@yifu yifu commented Apr 5, 2021

@allen-woods

This comment has been minimized.

Copy link

@allen-woods allen-woods commented Apr 7, 2021

@gordonmurray: Am I correct in thinking that PEM_BUNDLE="$(cat privkey.pem chain.pem | tr '\n' ' ')" would satisfy this portion of HashiCorp Vault setup of PKI? (See warning in paragraph 1 here for context.)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment