Error Stapling OCSP


(Tobias) #1

After reboot of my server I get the following response of the caddy status:

Error: Stapling OCSP: invalid: OCSP response for [mydomain] valid after certificate

Do you know what to do?


(Tobias) #2

in the error log is also [ERROR] Renewing [www.mydomain.com]: acme: Error -> One or more domains had a problem:
Mär 29 09:29:11 myserver caddy[825]: [www.mydomain.com] acme: error: 403 :: urn:ietf:params:acme:error:unauthorized :: Cannot negotiate ALPN protocol "acme

what to do? I did nothing just restarted my server.


(Matthew Fay) #3

Hi @Tobias,

Looks like www.mydomain.com is served by an Apache server.

Do ports 80 and 443 at your public IP address reach your Caddy server?


(Maholloway) #4

I’m also seeing the same issue on Caddy 0.11.5 startup using no Caddyfile and the -host option.

When I run https://github.com/bleenco/bproxy I can establish an https connection via 443 so the issue does not lie at the system level.

Beyond downloading and running the Caddy binary I’ve manually set up certbot (previously, for bproxy which I’m trying to replace) and opened 80 443 on my firewall.

Update: Disabling SELinux as a workaround results in the expected behaviour (a successful response to the challenge and an issued cert)


(Matthew Fay) #5

What distro are you two running it on, @Tobias and @maholloway?