Error Stapling OCSP

After reboot of my server I get the following response of the caddy status:

Error: Stapling OCSP: invalid: OCSP response for [mydomain] valid after certificate

Do you know what to do?

in the error log is also [ERROR] Renewing []: acme: Error → One or more domains had a problem:
Mär 29 09:29:11 myserver caddy[825]: [] acme: error: 403 :: urn:ietf:params:acme:error:unauthorized :: Cannot negotiate ALPN protocol "acme

what to do? I did nothing just restarted my server.

Hi @Tobias,

Looks like is served by an Apache server.

Do ports 80 and 443 at your public IP address reach your Caddy server?

I’m also seeing the same issue on Caddy 0.11.5 startup using no Caddyfile and the -host option.

When I run GitHub - bleenco/bproxy: high-performance minimal HTTP reverse proxy I can establish an https connection via 443 so the issue does not lie at the system level.

Beyond downloading and running the Caddy binary I’ve manually set up certbot (previously, for bproxy which I’m trying to replace) and opened 80 443 on my firewall.

Update: Disabling SELinux as a workaround results in the expected behaviour (a successful response to the challenge and an issued cert)

What distro are you two running it on, @Tobias and @maholloway?

I think this is because the selinux boolean httpd_can_network_connect is off by default. Check out my response on your GitHub issue for more details on how to configure selinux for caddy behavior.

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.