How to force the issuance of an expired certificate?

1. The problem I’m having:

Hi guys,
A legitimate user created a CNAME record for our Caddy server, this worked for quite a while. However, he later deleted this record and this also lasted for a long time. Now he has returned and created the record again.

However, Caddy is not generating the certificate for it, I have already looked at the directories where caddy stores the files and this certificate does not exist (not even old), but I see this alert in systemctl status caddy.

Please, would anyone know how to “force” the caddy to issue this again without getting “stuck” in this message?

2. Error messages and/or full log output:

● caddy.service - Caddy
     Loaded: loaded (/lib/systemd/system/caddy.service; enabled; vendor preset: enabled)
     Active: active (running) since Mon 2023-08-14 22:23:03 UTC; 10 months 19 days ago
       Docs: https://caddyserver.com/docs/
   Main PID: 1029977 (caddy)
      Tasks: 10 (limit: 1118)
     Memory: 130.7M
        CPU: 3d 19h 15min 44.620s
     CGroup: /system.slice/caddy.service
             └─1029977 /usr/bin/caddy run --environ --config /etc/caddy/Caddyfile

Jul 03 15:18:22 ip-172-31-56-195 caddy[1029977]: {"level":"error","ts":1720019902.4400039,"logger":"http.handlers.reverse_proxy","msg":"aborting with incomplete response","error":"client disconnected"}
Jul 03 15:18:22 ip-172-31-56-195 caddy[1029977]: {"level":"error","ts":1720019902.440099,"logger":"http.handlers.reverse_proxy","msg":"aborting with incomplete response","error":"client disconnected"}
Jul 03 15:18:22 ip-172-31-56-195 caddy[1029977]: {"level":"error","ts":1720019902.4402359,"logger":"http.handlers.reverse_proxy","msg":"aborting with incomplete response","error":"client disconnected"}
Jul 03 15:18:50 ip-172-31-56-195 caddy[1029977]: {"level":"error","ts":1720019930.4034615,"logger":"tls.renew","msg":"will retry","error":"open /var/lib/caddy/.local/share/caddy/certificates/acme.zerossl.com-v2-dv90/subdomain.domain.com/subdomain.domain.com.key: no such file or directory","attempt":2,"retrying_in":120,"elapsed":60.001099288,"max_duration":2592000}
Jul 03 15:19:01 ip-172-31-56-195 caddy[1029977]: {"level":"error","ts":1720019941.1505065,"logger":"http.handlers.reverse_proxy","msg":"aborting with incomplete response","error":"http2: stream closed"}
Jul 03 15:19:01 ip-172-31-56-195 caddy[1029977]: {"level":"error","ts":1720019941.150641,"logger":"http.handlers.reverse_proxy","msg":"aborting with incomplete response","error":"http2: stream closed"}
Jul 03 15:19:20 ip-172-31-56-195 caddy[1029977]: {"level":"info","ts":1720019960.399377,"logger":"tls.renew","msg":"releasing lock","identifier":"subdomain.domain.com"}
Jul 03 15:19:20 ip-172-31-56-195 caddy[1029977]: {"level":"error","ts":1720019960.3995564,"logger":"tls.on_demand","msg":"renewing and reloading certificate","server_name":"subdomain.domain.com","subjects":["subdomain.domain.com"],"expiration":1718702290,"remaining":-1317580.398280404,"revoked":false,"error":"context canceled"}
Jul 03 15:19:20 ip-172-31-56-195 caddy[1029977]: {"level":"error","ts":1720019960.3995757,"logger":"tls.on_demand","msg":"renewing certificate on-demand failed","subjects":["subdomain.domain.com"],"not_after":1718702290,"error":"context canceled"}
Jul 03 15:19:31 ip-172-31-56-195 caddy[1029977]: {"level":"info","ts":1720019971.86871,"logger":"tls.obtain","msg":"releasing lock","identifier":"172.31.56.195"}

3. Caddy version:

v2.6.2 h1:wKoFIxpmOJLGl3QXoo6PNbYvGW4xLEgo32GPBEjWL8o=

4. How I installed and ran Caddy:

a. System environment:

Ubuntu 22.04

b. Command:

https://caddyserver.com/docs/install#debian-ubuntu-raspbian

c. Service/unit/compose file:

N/A

d. My complete Caddy config:

https:// {
    tls {
        on_demand
    }
    reverse_proxy {
        to http://my.target.com
    }
}

*.example.com {
    tls {
        dns route53 {
            access_key_id "AKIAREDACTED"
            secret_access_key "a1NRedacted"
            max_retries 20
        }
    }
    reverse_proxy {
        to http://my.target.com
    }
}

5. Links to relevant resources:

That’s a really old Caddy version. Please upgrade to the latest, v2.8.4. Your problem has probably already been resolved. Once you’ve upgraded, we can take another look.

1 Like

Hi Francis,
Thanks for your reply!

Restarting the server solved the problem, but it’s not something I’d like to do every time.

So I’d also like to upgrade the version as suggested, please would that be as simple as running the caddy upgrade command?

If you installed using the apt repo as per Install — Caddy Documentation, just do sudo apt upgrade.

2 Likes

Tks! :grinning: :+1: