Creating local ssl certificate with mkcert and caddy - mkdir /homeless-shelter: permission denied


I try to use mkcert with caddy in order to get local ssl certificates.
I didn’t find many code examples on sourcegraph neither on google.

I was able to write this code (not even sure it’s the right way to do this)

  cert = domain: pkgs.runCommand "cert" { } ''
    ${pkgs.mkcert}/bin/mkcert ${domain} 
services.caddy = {
    enable = true;
    virtualHosts = {

      "domain.php81.localhost" = {
        extraConfig =
            root * /var/www
            php_fastcgi unix/${}
            tls ${cert}/domain.php81.localhost.pem ${cert}/domain.php81.localhost-key.pem

But I get this error at build

ERROR: failed to create the CAROOT: mkdir /homeless-shelter: permission denied

any ideas ?


not sure if what you are doing is general correct but that can be fixed with export HOME=$TMPDIR or export HOME=$(mktemp -d)

Thanks, it worked ! :smiley:

After that I got another error that I was able to solve

  mkCert = domain: pkgs.runCommand "cert" { } ''
    ${pkgs.mkcert}/bin/mkcert -cert-file ${domain}.pem -key-file ${domain}-key.pem ${domain}

produced the following error

error: builder for '/nix/store/6kwsarsdd10h4s3j5gkz9y3184cfcvzc-cert.drv' failed to produce output path for output 'out' at '/nix/store/6kwsarsdd10h4s3j5gkz9y3184cfcvzc-cert.drv.chroot/nix/store/zwi9rhyj5wpxyv8q4ilrw1nm9ka65w2a-cert'

I found out that adding mkdir $out solves it.

But can someone explain why in this case I have to create the $out directory ? I guess this has something to do with runCommand.

runCommand uses mkDerivation under the hood and that must produce a store output otherwise it is counted as a failed build.

1 Like