It seems like Caddy tries each trust store in order and if one could not be found or if there was an error, it stops completely.
So if there is no NSS security database, Caddy does not try to add the CA to the macOS keychain as that would be the next in the line.
Steps to reproduce:
- Use a machine where Firefox is not installed.
- Run
caddy run --config /path/to/Caddyfile
- Log output:
ERROR pki failed to install root certificate {"error": "not NSS security databases found", "certificate_file": "storage:pki/authorities/local/root.crt"}; see that the root CA is also not installed to the macOS keychain
- Install and open Firefox
- Run
caddy run --config /path/to/Caddyfile again
- The root CA is installed properly to both the NSS security database as well as to the macOS keychain
Original thread in the forum with more details and full log output: https://caddy.community/t/v2-local-root-cert-is-not-automatically-trusted-by-macos/7368?u=lukas
It seems like Caddy tries each trust store in order and if one could not be found or if there was an error, it stops completely.
So if there is no NSS security database, Caddy does not try to add the CA to the macOS keychain as that would be the next in the line.
Steps to reproduce:
caddy run --config /path/to/CaddyfileERROR pki failed to install root certificate {"error": "not NSS security databases found", "certificate_file": "storage:pki/authorities/local/root.crt"}; see that the root CA is also not installed to the macOS keychaincaddy run --config /path/to/CaddyfileagainOriginal thread in the forum with more details and full log output: https://caddy.community/t/v2-local-root-cert-is-not-automatically-trusted-by-macos/7368?u=lukas