Caddy on-demand-tls giving certificate expired

1. Caddy version (caddy version):

v2.1.1 h1:X9k1+ehZPYYrSqBvf/ocUgdLSRIuiNiMo7CvyGUQKeA=

2. How I run Caddy:

a. System environment:

Ubuntu 20.04 (AWS EC2 Instance)

b. Command:

curl localhost:2020/load -H 'Content-Type: application/json' -d @final_with_headers.json

c. Service/unit/compose file:

Paste full file contents here.
Make sure backticks stay on their own lines,
and the post looks nice in the preview pane.

d. My complete Caddyfile or JSON config:

{
  "admin": {
    "disabled": false,
    "enforce_origin": true,
    "listen": ":2020"
  },
  "apps": {
    "http": {
      "servers": {
        "srv0": {
          "listen": [
            ":443"
          ],
          "routes": [
            {
              "handle": [
                {
                  "handler": "headers",
                  "response": {
                    "set": {
                      "Referrer-Policy": [
                        "same-origin"
                      ],
                      "X-Content-Type-Options": [
                        "nosniff"
                      ],
                      "X-Frame-Options": [
                        "DENY"
                      ],
                      "X-Xss-Protection": [
                        "1; mode=block"
                      ]
                    }
                  }
                },
                {
                  "handler": "subroute",
                  "routes": [
                    {
                      "handle": [
                        {
                          "handler": "vars",
                          "root": "/var/www/html/app/dist/webapp/"
                        }
                      ]
                    },
                    {
                      "handle": [
                        {
                          "handler": "rewrite",
                          "uri": "{http.matchers.file.relative}"
                        }
                      ],
                      "match": [
                        {
                          "file": {
                            "try_files": [
                              "{http.request.uri.path}",
                              "{http.request.uri.path}/",
                              "/index.html"
                            ]
                          }
                        }
                      ]
                    },
                    {
                      "handle": [
                        {
                          "encodings": {
                            "gzip": {},
                            "zstd": {}
                          },
                          "handler": "encode"
                        },
                        {
                          "handler": "file_server",
                          "hide": [
                            "Caddyfile"
                          ]
                        }
                      ]
                    }
                  ]
                }
              ]
            }
          ]
        }
      }
    },
    "tls": {
      "automation": {
        "on_demand": {
          "ask": "https://example.com/custom-domain/ssl-allowed/"
        },
        "policies": [
          {
            "on_demand": true
          }
        ]
      }
    }
  }
}

3. The problem I’m having:

The domain sub.domain.com was working earlier with SSL, not it is showing an expired certificate error.

Other domains are working fine.

Is it some cache issue? How can I restore the SSL for a single domain?

4. Error messages and/or full log output:

5. What I already tried:

6. Links to relevant resources:

That’s an extremely old version. Please upgrade to v2.4.5

@francislavoie I know it is very outdated but couldn’t update it because it’s running on a single instance (AWS EC2) and handling hundreds of requests per second. Upgrading to a major release might introduce downtime to the server.

Is there a way to handle the above situation in the installed version itself?

I don’t understand, half of the help template was left empty. What are the logs? You might need to enable debug logging.

If it’s a bug, it’s also quite likely that it has been fixed since a year ago. Upgrading is recommended. Please test out the new version first.

1 Like

This topic was automatically closed after 30 days. New replies are no longer allowed.