One of my domain don't get the SSL while other is working

  1. This server runs Caddy 0.11.4 (I know :slight_smile: )
  2. One of my domain names doesn’t get an SSL.
  3. All existing domains working well, also the new ones.
  4. This is the error I keep getting on that domain:
Aug 16 00:02:39 ip-172-30-3-236 caddy[1026]: 2021/08/16 00:02:39 [INFO] [] acme: Obtaining bundled SAN certificate
Aug 16 00:02:39 ip-172-30-3-236 caddy[1026]: 2021/08/16 00:02:39 [INFO] nonce error retry: acme: error: 400 :: POST :: :: urn:ietf:params:acme:error:badNonce :: JWS has an invalid anti-replay nonce: "0101G9PMTXw5oiriHBCoq28DpfOV1RUxOJcpFJH_K3E6Ok0", url:
Aug 16 00:02:40 ip-172-30-3-236 caddy[1026]: 2021/08/16 00:02:40 [INFO] [] acme: Obtaining bundled SAN certificate
Aug 16 00:03:28 ip-172-30-3-236 sshd[14799]: Accepted publickey for ubuntu from port 53531 ssh2: RSA SHA256:0ZkeQjlpyNtAJY5fVlAH87j8y5d1Qdtc6coxWLdkFk8

That’s too old of a Caddy version, and it’s no longer supported. Please upgrade to Caddy v2.

Yes I’m working on it :slight_smile:
But I still need to fix bugs until I finish the transfer.

It’s very possible that just upgrading Caddy will fix the issue. Try that first.

It’s a really big server, I can’t just “upgrade” it before we build a mirror environment.
So we’re doing it step-by-step but until we finish all the tests we still need to understand this error that start showing.

Well, the reality is, you’ve waited 2.5 years to upgrade. That’s too long. It’s no longer supported.

That’s a known bug in old Caddy caused by the lego library, which Caddy 2 no longer uses.

I haven’t seen any recent reports of that error in Caddy v2, so I suspect upgrading will fix it. I wish I could help any other way with your transition to v2, but for this specific question/error, that’s the best I can do because we fixed the bug over a year ago by replacing lego with acmez.

1 Like

Thx for all the details. So we will make the upgrade this week :muscle:


Keep us posted! I’m curious how it goes.

We stopped getting this error on the new servers (Caddy 2.4.3). The domain that didn’t work on 0.11 starts working now.


This topic was automatically closed after 30 days. New replies are no longer allowed.