Well, that’s probably why. You’re telling Caddy to serve mydomain.com but only gave it a certificate for *.mydomain.com, so it has to obtain one for mydomain.com.
If you configure foo.mydomain.com or *.mydomain.com instead, Caddy (shouldn’t, I think) get a certificate in that case.
Well… I mean, that’s exactly what it does. What are you thinking, Hit [Enter] to obtain certificate:? Caddy is a web server and cannot run interactively.
That’s why I asked for the PEM content of the certificate, to check things like this. Caddy will always try to avoid serving expired certificates. Glad you solved the problem. Next time please follow the instructions on our help template; it’s one our forum rules so we can help you.