1. The problem I’m having:
I am using Caddy with on-demand auto-tls. Very often (50%) when a new certificate is created I will get an net::ERR_CERTIFICATE_TRANSPARENCY_REQUIRED error on the site when opening it with Chrome. This error goes away after some time. I realize this problem is probably related to Let’s Encrypt or Chrome and not Caddy but I thought I would post this here anyways to see if anyone else is seeing this.
2. Error messages and/or full log output:
net::ERR_CERTIFICATE_TRANSPARENCY_REQUIRED
Subject: ****
Issuer: E5
Expires on: May 21, 2025
Current date: Feb 20, 2025
PEM encoded chain:
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
...
VQD9F6Na/+zmXCc=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
Certificate Transparency:
SCT Google 'Argon2025h1' log (Embedded in certificate, Invalid timestamp)
SCT Cloudflare 'Nimbus2025' (Embedded in certificate, Invalid timestamp)
3. Caddy version:
v2.9.1 h1:OEYiZ7DbCzAWVb6TNEkjRcSCRGHVoZsJinoDR/n9oaY=
4. How I installed and ran Caddy:
yum -y install yum-plugin-copr
yum -y copr enable @caddy/caddy epel-9-$(arch)
yum -y install caddy
a. System environment:
Amazon Linux 2023
b. Command:
systemd
d. My complete Caddy config:
{
on_demand_tls {
ask http://localhost:3001/internal/asktls
}
}
https:// {
tls {
on_demand
}
reverse_proxy http://localhost:3002
}