Caddy 2 TLS Cert Problem

milanolarry · September 1, 2025, 10:32pm

1. The problem I’m having:

I am using Caddy version 2.1.1. I set up the https server 4 years ago. At the beginning, I used “milanolarry.ml” as the domain name, which was free of charge. Around one year ago, for some unknown reason, the domain name was retracted, so I purchased another one, milanolarry.xyz. I just changed the domain name in first line of Caddyfile and the server functioned normally. Last month, I received a notice from Let’s Encrypt telling me my certificate was about to expire. I followed some people’s advice and removed the old certificate. After restart, I could see a new certificate there. However, since then, I notice Caddy cannot perform some of its functions. Every time I reload the server, there is a TLS handshake error message. Besides, the old domain name also appears in it. The following are my questions:

    1. If I need to change the domain name / address of the server, is modifying Caddyfile alone enough? If not, what else do I need to change?
    2. To renew a certificate, are removing the old cert and restart good enough? Do I also need to remove the private key? If yes, where can I find the private key?

Thank you.

2. Error messages and/or full log output:

root@milanolarry:/home/milano# systemctl status caddy
● caddy.service - Caddy
Loaded: loaded (/lib/systemd/system/caddy.service; enabled; vendor preset: enabled)
Active: active (running) since Mon 2025-09-01 10:13:58 EDT; 29min ago
Docs: Welcome — Caddy Documentation
Process: 843 ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile (code=exited, status=0/SUCCESS)
Main PID: 450 (caddy)
Tasks: 8 (limit: 1168)
Memory: 45.1M
CGroup: /system.slice/caddy.service
└─450 /usr/bin/caddy run --environ --config /etc/caddy/Caddyfile
Sep 01 10:13:58 milanolarry.ml caddy[450]: 2025/09/01 10:13:58 [WARNING] Stapling OCSP: no OCSP stapling for [www.milanolarry.xyz]: no OCSP server specified in certificate
Sep 01 10:13:58 milanolarry.ml caddy[450]: {“level”:“info”,“ts”:1756736038.776209,“msg”:“autosaved config”,“file”:“/var/lib/caddy/.config/caddy/autosave.json”}
Sep 01 10:13:58 milanolarry.ml caddy[450]: {“level”:“info”,“ts”:1756736038.7762725,“msg”:“serving initial configuration”}
Sep 01 10:31:39 milanolarry.ml caddy[450]: 2025/09/01 10:31:39 http: TLS handshake error from 104.23.175.88:29606: no certificate available for ‘milanolarry.xyz’
Sep 01 10:43:12 milanolarry.ml systemd[1]: Reloading Caddy.
Sep 01 10:43:12 milanolarry.ml caddy[843]: {“level”:“info”,“ts”:1756737792.1624439,“msg”:“using provided configuration”,“config_file”:“/etc/caddy/Caddyfile”,“config_adapter”:“”}
Sep 01 10:43:12 milanolarry.ml caddy[450]: {“level”:“info”,“ts”:1756737792.1736076,“logger”:“admin.api”,“msg”:“received request”,“method”:“POST”,“host”:“localhost:2019”,“uri”:“/load”,“remote_addr”:“127.0.0.1:51998”,“headers”:{"Accept-Enc
Sep 01 10:43:12 milanolarry.ml caddy[450]: {“level”:“info”,“ts”:1756737792.1748803,“logger”:“admin.api”,“msg”:“config is unchanged”}
Sep 01 10:43:12 milanolarry.ml caddy[450]: {“level”:“info”,“ts”:1756737792.1749036,“logger”:“admin.api”,“msg”:“load complete”}
Sep 01 10:43:12 milanolarry.ml systemd[1]: Reloaded Caddy.

PASTE OVER THIS, BETWEEN THE ``` LINES.
Please use the preview pane to ensure it looks nice.

3. Caddy version:

Caddy Version 2.1.1

4. How I installed and ran Caddy:

a. System environment:

Debian 11

b. Command:

PASTE OVER THIS, BETWEEN THE ``` LINES.
Please use the preview pane to ensure it looks nice.

c. Service/unit/compose file:

PASTE OVER THIS, BETWEEN THE ``` LINES.
Please use the preview pane to ensure it looks nice.

d. My complete Caddy config:

milanolarry.xyz {
root * /var/www/nextcloud
file_server
tls {
protocols tls1.2 tls1.3
ciphers TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
curves x25519
}
log {
output file /var/log/caddy/caddy.log
}
php_fastcgi 127.0.0.1:9000 {
env PATH /bin
}
header {
Strict-Transport-Security max-age=15768000;
}
# client support (e.g. os x calendar / contacts)
redir /.well-known/carddav /remote.php/dav 301
redir /.well-known/caldav /remote.php/dav 301
# .htaccess / data / config / … shouldn’t be accessible from outside
@forbidden {
path /.htaccess
path /data/*
path /config/*
path /db_structure
path /.xml
path /README
path /3rdparty/*
path /lib/*
path /templates/*
path /occ
path /console.php
}
respond @forbidden 404

PASTE OVER THIS, BETWEEN THE ``` LINES.
Please use the preview pane to ensure it looks nice.

5. Links to relevant resources:

timelordx · September 2, 2025, 1:04am

That’s a very old Caddy version. Please upgrade.

Where? If you’re referring to this:

Sep 01 10:43:12 milanolarry.ml caddy[450]:

that seems to be your server name. The actual OS server name. Type hostname and also check your /etc/hosts. You most likely still have your old name in there. In any case, you can ignore that name. It’s not critical to what Caddy serves.

system · October 2, 2025, 1:04am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.