Warnings with wildcard certificate

1. Caddy version (caddy version):

Using Caddy in docker. Version 2.1.1

2. How I run Caddy:

The failing command: caddy validate --config /etc/caddy/Caddyfile

a. System environment:

Linux … 4.9.0-14-amd64 #1 SMP Debian 4.9.240-2 (2020-10-30) x86_64 GNU/Linux

Docker version 19.03.13, build 4484c46d9d

Official caddy Docker Image

b. Command:

caddy validate --config /etc/caddy/Caddyfile

c. Service/unit/compose file:

FROM caddy:2.1.1

COPY Caddyfile /etc/caddy/Caddyfile
COPY wildcard-my-domain-org.pem /etc/ssl/
COPY wildcard-my-domain-org.key /etc/ssl/
RUN caddy validate --config /etc/caddy/Caddyfile

d. My complete Caddyfile or JSON config:

datax.my-domain.org {
    # General Configuration
    @isJson path *.json
    header @isJson Content-Type "application/json; charset=UTF-8"

    tls /etc/ssl/wildcard-my-domain-org.pem /etc/ssl/wildcard-my-domain-org.key
}

3. The problem I’m having:

I received the wildcard certificate as 3 file:

wildcard-my-domain-org.crt
wildcard-my-domain-org.csr
wildcard-my-domain-org.intermdiat
wildcard-my-domain-org.key

As far as I understood I could concate the crt and intermediat file into one pem file.
I did so and this is how the file looks (omittin all the base 64 characters in-between)

-----BEGIN CERTIFICATE-----
MIIHPjCCBiagAwIBAgIQAheaSIVJNyMZqtpSqAab3TANBgkqhkiG9w0BAQsFADBZ
[…]
t9ODZ7+fv3rsNRz/APDD5P1xe50rBMEdeMI9eF1+ItfeOw==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIDrzCCApegAwIBAgIQCDvgVpBCRrGhdWrJWZHHSjANBgkqhkiG9w0BAQUFADBh
[…]
CAUw7C29C79Fv1C5qfPrmAESrciIxpg0X40KPMbp1ZWVbd4=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIFUTCCBDmgAwIBAgIQB5g2A63jmQghnKAMJ7yKbDANBgkqhkiG9w0BAQsFADBh
[…]
yWQlk9VDV296EI/kQOJNLVEkJ54P
-----END CERTIFICATE-----

I get a warning when valdating my Caddyfile and when starting the server.

4. Error messages and/or full log output:

{“level”:“info”,“ts”:1607500171.5655055,“msg”:“using provided configuration”,“config_file”:"/etc/caddy/Caddyfile",“config_adapter”:""}
2020/12/09 07:49:31 [INFO][cache:0xc000075ce0] Started certificate maintenance routine
2020/12/09 07:49:31 [WARNING] Stapling OCSP: no OCSP stapling for [*.my-domain.org my-domain.org]: parsing OCSP response: bad OCSP signature: crypto/rsa: verification error
{“level”:“info”,“ts”:1607500171.7454128,“logger”:“http”,“msg”:“skipping automatic certificate management because one or more matching certificates are already loaded”,“domain”:“datax.my-domain.org”,“server_name”:“srv0”}
{“level”:“info”,“ts”:1607500171.7454813,“logger”:“http”,“msg”:“enabling automatic HTTP->HTTPS redirects”,“server_name”:“srv0”}
Valid configuration
2020/12/09 07:49:31 [INFO][cache:0xc000075ce0] Stopped certificate maintenance routine

5. What I already tried:

I tried without the intermediate certificates and the warning disappeard. But then, of course, the certicate cain can’t be verified on the client’s side.

6. Links to relevant resources:

Thar warning should be harmless. It just means that Caddy won’t be doing OCSP for that certificate. Should be fine.

Also, please upgrade to Caddy v2.2.1!

This topic was automatically closed after 30 days. New replies are no longer allowed.