Error: certificate has expired

1. The problem I’m having:

We have a vm running an older node application that tries to post data to a remote caddy server. The node application complains → ‘Error: certificate has expired’. Which is not true and if I understand this correctly it has to do with the way letsencrypt issues certificates and that older javascript libs can not understand it correctly.

I find online that it has to do with in what way you issue the letsencrypt certificate and that there is a flag --preferred-chain that can be used to issue the certificate differently and make it work with older javascript libs aswell. I don’t understand this fully but it has to do with -preferred-chain ISRG Root X1 it seems.
I hope someone can make sense of my explanation above.

1. Is there a way to make caddy issue certificates with another -preferred-chain so that it works with older versions of axios or similar.

2. If so how to I reissue a correct cert?

Thank you

2. Error messages and/or full log output:

PASTE OVER THIS, BETWEEN THE ``` LINES.
Please use the preview pane to ensure it looks nice.

3. Caddy version:

4. How I installed and ran Caddy:

a. System environment:

b. Command:

PASTE OVER THIS, BETWEEN THE ``` LINES.
Please use the preview pane to ensure it looks nice.

c. Service/unit/compose file:

PASTE OVER THIS, BETWEEN THE ``` LINES.
Please use the preview pane to ensure it looks nice.

d. My complete Caddy config:

PASTE OVER THIS, BETWEEN THE ``` LINES.
Please use the preview pane to ensure it looks nice.

5. Links to relevant resources:

Are you 100% sure the preferred chain is the problem for a certificate expired error? (i.e. you have tested this through another mechanism and shown that the error message is actually wrong?)

You can set the preferred chain here in JSON:

Or here in the Caddyfile:

You’d probably put “ISRG Root X1” as the root_common_name.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.