Caddy serving wrong SSL for subdomain

Aman_Bansal · December 8, 2021, 11:33am

1. Caddy version (`caddy version`):

v2.4.5

2. How I run Caddy:

caddy run --config /etc/caddy/Caddyfile

a. System environment:

Ubuntu 20

b. Command:

caddy run --config /etc/caddy/Caddyfile

c. Service/unit/compose file:

Paste full file contents here.
Make sure backticks stay on their own lines,
and the post looks nice in the preview pane.

d. My complete Caddyfile or JSON config:

:80 {
    redir https://{host}{uri}
}

:443 {
    reverse_proxy localhost:2127
    encode gzip
    header /assets/* Cache-Control max-age=31536000
    
    tls {
        on_demand 
       
    }
    
    log {
        level DEBUG
        output file /var/log/caddy/access.log
    }
}

https://code-docs.mydomain.app {
    reverse_proxy localhost:8081
    tls /etc/caddy/ssl/cfare.crt /etc/caddy/ssl/cfare.pem 
}

3. The problem I’m having:

I have auto SSL for wildcard domain so when I try to open this domain https://docs.mydomain.app it tries to server the Cloudflare Certificate which is configured only for the domain https://code-docs.mydomain.app as you can see into the config file.

when I disable the code block for the https://code-docs.mydomain.app then https://docs.mydomain.app stars working fine and uses the lets encrypt certificate.

4. Error messages and/or full log output:

No Logs showing

5. What I already tried:

I tried every method

6. Links to relevant resources:

francislavoie · December 8, 2021, 1:32pm

Please upgrade to v2.4.6!

I think you need to configure this global option to make it ignore loaded certificates:

{
    auto_https ignore_loaded_certs
}

Aman_Bansal · December 8, 2021, 1:50pm

Not working same issue it still using the certificate from code-docs.analyzify.app

matt · December 8, 2021, 6:11pm

What are the names on the certificate at /etc/caddy/ssl/cfare.crt? And what is your complete config, without redactions? Please don’t redact information, exact values are necessary here or we can’t look into this.

Aman_Bansal · December 8, 2021, 7:10pm

@matt

PS: Sorry for hiding the domain info. As this is my client’s server and forum is public so Google will index the client domain name which my client will never want it. That’s why I did that to prevent google to crawl the domain.

I have fixed it anyway. I have created a new certificate that is exclusive to the subdomain only. The previous certificate was the wildcard certificate.

But I still have one question when I included that certificate within the subdomain whether it’s a wildcard it should NOT apply to the other domain. Can you give some insight into this behavior?

matt · December 9, 2021, 1:25am

I’d probably be able to if I had the exact domain names and certificate information. If you want to send us that privately, we can arrange paid support for your company rather than having to rely on free help in a public forum.

Aman_Bansal · December 9, 2021, 7:13am

Thank you matt.

I will ask the client,

Can you send me the link from where he can buy the support plan ?

francislavoie · December 9, 2021, 4:21pm

matt · December 9, 2021, 6:17pm

Yeah ^ Alternatively, a higher-tier sponsorship might be more in line with what you’re looking for.

system · January 7, 2022, 11:33am

This topic was automatically closed after 30 days. New replies are no longer allowed.