tctlrd

Lets close this topic.

@imarkc thanks for your help. Unfortunately stalwart did not begin using the ca-certificates.crt when I adopted your modifications. You can see it here: [tctlrd/stalwart](/tctlrd/stalwart). I am deploying with podman. When...

@mdecimus what about implementing a similar option to Caddy, OpenBao, etc. where a custom Root CA cert or cert bundle can be added as trusted via the config. see the...

@mdecimus glad to hear that you will look into this. Thank you. Let us know if there are any steps for dev contribution you recommend to achieve this functionality.

thanks @mohammed90 ## 3. Tutorial (minimal steps to reproduce the bug) Create first Caddyfile: ./client ``` { local_certs on_demand_tls { ask http://localhost:5555/ } } http://localhost:5555 { respond 200 } https://client...

@mholt @francislavoie - I was running as root in podman and the trust store install succeeds as seen above. > `{"level":"info","ts":1763832993.2070396,"msg":"certificate installed properly in linux trusts"}` I jumped into the...

@mholt - Are you asking if the root CA cert is "installed in linux trusts" before the caddy process starts running in that same container? In my tutorial, this is...

> It might be an option to always include Caddy's internal CA as a trusted root on top of the system roots. This is what we do in `step-ca` too,...

> I am not sure if Caddy needs a restart if it is to use the system's updated trust store -- it depends on if the Go standard lib loads...

@mohammed90 :mailbox_with_no_mail: do we still need more info or can you remove the label?