From acf4dde1dd1fa2d30b76c19009e5a7019cce0b2b Mon Sep 17 00:00:00 2001
From: Matthew Holt <mholt@users.noreply.github.com>
Date: Sat, 14 Mar 2020 15:20:04 -0600
Subject: pki: Don't treat cert installation failure as error

See https://caddy.community/t/fail-to-start-caddy2-not-nss-security-databases-found/7223?u=matt
---
 modules/caddypki/pki.go | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'modules/caddypki')

diff --git a/modules/caddypki/pki.go b/modules/caddypki/pki.go
index 373b4cb..562fae2 100644
--- a/modules/caddypki/pki.go
+++ b/modules/caddypki/pki.go
@@ -92,7 +92,11 @@ func (p *PKI) Start() error {
 			truststore.WithJava(),
 		)
 		if err != nil {
-			return fmt.Errorf("adding root certificate to trust store: %v", err)
+			// could be some system dependencies that are missing;
+			// shouldn't totally prevent startup, but we should log it
+			p.log.Error("failed to install root certificate",
+				zap.Error(err),
+				zap.String("certificate_file", ca.rootCertPath))
 		}
 	}
 
-- 
cgit v1.2.3