Phoenix release + Caddy web server problem - "cookie store expects conn.secret_key_base to be at least 64 bytes"


I’m trying to setup a production server for my web app and I just can’t get it working.
So, I’m using releases and Caddy as a web server.

Here are my files


reverse_proxy :4000


use Mix.Config
config :MYAPPNAME, MYAPPNAMEWeb.Endpoint,
url: [host: “MYDOMAIN.COM”, port: 80],
cache_static_manifest: “priv/static/cache_manifest.json”

I followed the docs to create a release and all steps were successful but when I visit my website, there is a blank white page and in my server terminal I get the following message:

11:13:06.458 [error] #PID<0.3724.0> running MYAPPNAMEWeb.Endpoint (connection #PID<0.3723.0>, stream id 1) terminated
Server: MYDOMAIN.COM:80 (http)
Request: GET /
** (exit) an exception was raised:
** (ArgumentError) cookie store expects conn.secret_key_base to be at least 64 bytes
(plug 1.11.1) lib/plug/session/cookie.ex:206: Plug.Session.COOKIE.validate_secret_key_base/1
(plug 1.11.1) lib/plug/session/cookie.ex:198: Plug.Session.COOKIE.derive/3
(plug 1.11.1) lib/plug/session/cookie.ex:117: Plug.Session.COOKIE.put/4
(plug 1.11.1) lib/plug/session.ex:96: anonymous fn/3 in Plug.Session.before_send/2
(elixir 1.12.1) lib/enum.ex:2356: Enum."-reduce/3-lists^foldl/2-0-"/3
(plug 1.11.1) lib/plug/conn.ex:1691: Plug.Conn.run_before_send/2
(plug 1.11.1) lib/plug/conn.ex:407: Plug.Conn.send_resp/1
(phoenix 1.5.9) lib/phoenix/endpoint/render_errors.ex:78: >Phoenix.Endpoint.RenderErrors.instrument_render_and_send/5

Does anyone have any idea what could cause this?

The secret_key_base you configured for your endpoint is not valid. The part of the config you showed doesn’t show a secret_key_base at all.

I’m new to this so I’m probably missing something… there is nothing more except some commented out lines inside my prod.exs file. I create secret key when creating release as an env variable so it’s not in the file.

Then either your key is to short or something is off with reading that env variable into the app env on startup.


this is one of the keys created so it’s not too short

As another option, I’ve tried setting SSL inside prod.exs but that doesn’t work either, it doesn’t even create a release, I get the following message:

10:44:26.017 [error] Failed to start Ranch listener MYAPPNAME.Endpoint.HTTPS in :ranch_ssl:listen([{:cacerts, :…}, {:key, :…}, {:cert, :…}, {:alpn_preferred_protocols, [“h2”, “http/1.1”]}, {:next_protocols_advertised, [“h2”, “http/1.1”]}, :inet6, {:versions, [:“tlsv1.2”]}, {:ciphers, [‘ECDHE-RSA-AES256-GCM-SHA384’, ‘ECDHE-ECDSA-AES256-GCM-SHA384’, ‘ECDHE-RSA-AES128-GCM-SHA256’, ‘ECDHE-ECDSA-AES128-GCM-SHA256’, ‘DHE-RSA-AES256-GCM-SHA384’, ‘DHE-RSA-AES128-GCM-SHA256’]}, {:eccs, [:secp256r1, :secp384r1, :secp521r1]}, {:honor_cipher_order, true}, {:reuse_sessions, true}, {:secure_renegotiate, true}, {:port, 443}, {:keyfile, nil}, {:certfile, nil}]) for reason {:options, {:certfile, nil}} (unknown POSIX error)

and here is prod.exs when I tried it that way

config :MYAPPNAME, MYAPPNAMEWeb.Endpoint,
url: [host: “MYDOMAIN.COM”, port: 443],
https: [
port: 443,
cipher_suite: :strong,
keyfile: System.get_env(“SOME_APP_SSL_KEY_PATH”),
certfile: System.get_env(“SOME_APP_SSL_CERT_PATH”),
transport_options: [socket_opts: [:inet6]]

Here’s my releases.exs file

import Config

database_url =
System.get_env(“DATABASE_URL”) ||
raise “”"
environment variable DATABASE_URL is missing.
For example: ecto://USER:PASS@HOST/DATABASE

config :MYAPP, MYAPP.Repo,

ssl: true,

url: database_url,
pool_size: String.to_integer(System.get_env(“POOL_SIZE”) || “10”)

secret_key_base =
System.get_env(“SECRET_KEY_BASE”) ||
raise “”"
environment variable SECRET_KEY_BASE is missing.
You can generate one by calling: mix phx.gen.secret

config :MYAPP, MYAPPWeb.Endpoint,
http: [
port: String.to_integer(System.get_env(“PORT”) || “4000”),
transport_options: [socket_opts: [:inet6]]
secret_key_base: secret_key_base

To update this… I’m not really sure what went wrong, but after restarting server everything worked as it should.