Problem with old caddy version. SSL not provided

1. My Caddy version (0.10.2):

2. How I run Caddy:

http://* *.devservers.com {

proxy / localhost:8080 {

    transparent

}



header / {

    Via "1.1 google"

}

timeouts 0



tls off    

}

site1.com, www.site1.com, site2.com, www.site2.com (and so on…) {

proxy / localhost:8080 {

    transparent

}

push

tls {

    max_certs 1000

}

}

a. System environment:

2 servers. 1: CentOS Linux release 7.2.1511 (Core) , 2: CentOS Linux release 7.6.1810 (Core)

b. Command:

caddy -agree -email mymail@mail.com -pidfile=/var/run/caddy.pid -conf=/var/bmss/caddy.conf -log=/var/bmss/caddy.log

c. Service/unit/compose file:

?

3. The problem I’m having:

We’re not getting any certificate renewal because the caddy version 0.10.2 uses ACMEv1 (which is gonna be disabled in near future I guess). I would like to update caddy version to latest stable one, But I don’t know if there may cause problems for our current sites with SSL. So my following questions are:

  • How do I update my server’s caddy version to a stable one?

  • Will the sites getting errors while I try to update caddy version?

  • If the new stable caddy version gets installed but the server doesn’t wanna work with it, is it possible to do a fallback install?

  • Do I need to authorize or do anything else if I want to use ACMEv2 instead of ACMEv1?

5. What I already tried:

I haven’t tried anything than trying to read docs online on how to update/upgrade caddy version.

Best regards,

Santino Petrovic

4. Error messages and/or full log output:

2020/01/08 14:58:23 [INFO] Certificate for [www.site1.com] expires in 262h46m23.141126s; attempting renewal
2020/01/08 14:58:23 [INFO] Renewing certificate for www.site1.com
2020/01/08 14:58:24 [INFO] acme: Registering account for
2020/01/08 14:58:24 [ERROR] Maintaining newly-loaded certificate for www.site1.com: registration error: acme: Error 403 - urn:acme:error:unauthorized - Account creation on ACMEv1 is disabled. Please upgrade your ACME client to a version that supports ACMEv2 / RFC 8555. See (link) for details.
2020/01/08 14:58:24 http: TLS handshake error from 147.186.189.100:28031: tls: no cipher suite supported by both client and server
2020/01/08 14:59:01 [INFO] SIGTERM: Terminating process

Hi Santino,

Just download the latest version (v1) and replace the binary, then restart the server using SIGUSR2.

Depends how you update the server. If you stop the server, then yes the sites will go down. If you use SIGUSR2, there will not be downtime, even if there is an error. Please see the docs: https://caddyserver.com/v1/docs/cli

Use SIGUSR2.

Also go through the change log and make sure no changes occurred which would break your setup. Caddy > v1 is stable and shouldn’t break, but you’re using a really old version.

It will probably have to regenerate the certificates. This will happen automatically but may take a few seconds or minutes depending on how many certs there are.

If you want to practice, I always recommend setting up a test/staging environment and try things out before you upgrade in production.

3 Likes

Hi Matt,

I confirm that your suggestions made it work and all certs are using acmev2. Thanks for the help!