I am in the same situation and would be better if I don’t create a new ticket but please tell me how can you handle this issue to avoid using tls_insecure_skip_verify
I have a similar caddyfile as @Raider . I have a website that requires a SSL cert so I make Caddy to generate the SSL with RSA encoding and transform the key and the cert into a PFX file. I automatically move that file into the config folder of my website so my APP can use the cert to work (openiddict) but when I try to reach to my domain app.example.com. I have the same issue.
tls: failed to verify certificate: x509: certificate relies on legacy Common Name field, use SANs instead
Caddyfile
app.example.com {
reverse_proxy https://192.168.60.1:1443
}
This is from the logs
ERR | ts=1707908792.5125453 logger=http.log.error msg=tls: failed to verify certificate: x509: cannot validate certificate for 192.168.60.1 because it doesn't contain any IP SANs request={"remote_ip":"200.100.50.25","remote_port":"9349","client_ip":"200.100.50.25","proto":"HTTP/3.0","method":"GET","host":"app.example.com","uri":"/","headers":{"Sec-Fetch-Mode":["navigate"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8"],"Accept-Encoding":["gzip, deflate, br"],"Sec-Fetch-User":["?1"],"Priority":["u=1"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:122.0) Gecko/20100101 Firefox/122.0"],"Alt-Used":["app.example.com"],"Cookie":[],"Upgrade-Insecure-Requests":["1"],"Sec-Fetch-Dest":["document"],"Sec-Fetch-Site":["same-origin"],"Accept-Language":["es-ES,es;q=0.8,en-US;q=0.5,en;q=0.3"],"Referer":["https://app.example.com/Account/Login"]},"tls":{"resumed":true,"version":772,"cipher_suite":4865,"proto":"h3","server_name":"app.example.com"}} duration=0.023410576 status=502 err_id=t6p08shdz err_trace=reverseproxy.statusError (reverseproxy.go:1267)
Is there anything I need to add to caddyfile to issue the correct certificate?