One of my domain don't get the SSL while other is working

job_noam · August 16, 2021, 12:27am

This server runs Caddy 0.11.4 (I know )
One of my domain names doesn’t get an SSL.
All existing domains working well, also the new ones.
This is the error I keep getting on that domain:

Aug 16 00:02:39 ip-172-30-3-236 caddy[1026]: 2021/08/16 00:02:39 [INFO] [www.userDomain.com.au] acme: Obtaining bundled SAN certificate
Aug 16 00:02:39 ip-172-30-3-236 caddy[1026]: 2021/08/16 00:02:39 [INFO] nonce error retry: acme: error: 400 :: POST :: https://acme-v02.api.letsencrypt.org/acme/new-order :: urn:ietf:params:acme:error:badNonce :: JWS has an invalid anti-replay nonce: "0101G9PMTXw5oiriHBCoq28DpfOV1RUxOJcpFJH_K3E6Ok0", url:
Aug 16 00:02:40 ip-172-30-3-236 caddy[1026]: 2021/08/16 00:02:40 [INFO] [www.userDomain.com.au] acme: Obtaining bundled SAN certificate
Aug 16 00:03:28 ip-172-30-3-236 sshd[14799]: Accepted publickey for ubuntu from 212.235.8.000 port 53531 ssh2: RSA SHA256:0ZkeQjlpyNtAJY5fVlAH87j8y5d1Qdtc6coxWLdkFk8

francislavoie · August 16, 2021, 12:43am

That’s too old of a Caddy version, and it’s no longer supported. Please upgrade to Caddy v2.

job_noam · August 16, 2021, 12:44am

Yes I’m working on it
But I still need to fix bugs until I finish the transfer.

francislavoie · August 16, 2021, 12:57am

It’s very possible that just upgrading Caddy will fix the issue. Try that first.

job_noam · August 16, 2021, 12:59am

It’s a really big server, I can’t just “upgrade” it before we build a mirror environment.
So we’re doing it step-by-step but until we finish all the tests we still need to understand this error that start showing.

francislavoie · August 16, 2021, 1:11am

Well, the reality is, you’ve waited 2.5 years to upgrade. That’s too long. It’s no longer supported.

matt · August 16, 2021, 3:39am

That’s a known bug in old Caddy caused by the lego library, which Caddy 2 no longer uses.

I haven’t seen any recent reports of that error in Caddy v2, so I suspect upgrading will fix it. I wish I could help any other way with your transition to v2, but for this specific question/error, that’s the best I can do because we fixed the bug over a year ago by replacing lego with acmez.

job_noam · August 16, 2021, 6:54am

Thx for all the details. So we will make the upgrade this week

matt · August 17, 2021, 4:08am

Keep us posted! I’m curious how it goes.

job_noam · August 18, 2021, 7:44am

We stopped getting this error on the new servers (Caddy 2.4.3). The domain that didn’t work on 0.11 starts working now.

system · September 15, 2021, 12:27am

This topic was automatically closed after 30 days. New replies are no longer allowed.