When I sshed into my server today, it said I had mail. I checked /var/mail/{myuser} and got a mail from caddy. The title was “SECURITY information for {hostname}”. The message was this.
caddy : user NOT in sudoers ; PWD=/ ; USER=root ; COMMAND=/usr/bin/tee /usr/local/share/ca-certificates/Caddy_Local_Authority_-_2025_ECC_Root_31435960950297150297199787413716908247066220.crt
I’m still learning this self-hosting thing, I know enough to set stuff up but I still know barely anything about security, and the message looks kinda scary, so I would like to know what it means, thanks in advance. Note that I was messing around with Caddy and stuff yesterday, so maybe that has something to do with it, but I’m not sure.
You must log in or register to comment.
I can’t believe it. The incident has actually been reported!
I don’t use Caddy, but it seems like it tried to generate and write a TLS certificate into
/usr/local, but didn’t have the necessary permissions. Basically it tried to usesudo tee ...to write a file. Is Caddy running in a container? If it is, you might need to create a volume at/usr/local/share/ca-certificates. If not in a container, you’ll need to grant thecaddyuser write permissions in that directory.But to answer your question directly, it’s not a cause for concern. You’re not getting hacked, it’s just a configuration error.
You’re likely looking for this docs section for Caddy. The failure is the automated request to populate Caddy’s root CA cert to the host system, but obviously failed as it doesn’t have root permissions. As the docs state, if you intend to use the local HTTPS functionality of Caddy, you can manually run
caddy trustprivileged in order to populate the Caddy root CA cert manually. If you intend to disable the local HTTPS functionality (such as if you’re running Caddy behind a http reverse proxy), you can ignore the mail message.If you have anything exposed, scripts and bots are testing your server all day, every day. So long as you’ve got proper security in place, ignore the failed attempts.
