With caddy x509: certificate relies on legacy Common Name field, use SANs instead

yodatak · February 13, 2023, 10:25am

1. Caddy version:

v2.6.2 h1:wKoFIxpmOJLGl3QXoo6PNbYvGW4xLEgo32GPBEjWL8o=

2. How I installed, and run Caddy:

Rpm install

a. System environment:

Red Hat Enterprise Linux release 8.7 (Ootpa)

b. Command:

c. Service/unit/compose file:

d. My complete Caddy config:

gitlab.ok.com {
        tls /etc/ssl/eamb.apicil.com.crt /etc/ssl/eamb.apicil.com.pem
        reverse_proxy /* https://gitlab.eamb.apicil.com:8443
}

3. The problem I’m having:

No show of gitlab

4. Error messages and/or full log output:

"msg":"x509: certificate relies on legacy Common Name field, use SANs instead","request":

5. What I already tried:

put in /etc/profile/
GODEBUG=x509ignoreCN=0

6. Links to relevant resources:

francislavoie · February 14, 2023, 1:43am

The error message is self explanatory. Your certificate isn’t valid. It needs to use the SubjectAlternativeNames field (SAN).

yodatak · February 17, 2023, 11:12pm

I know but in a work place i can changed the mistake of another people ^^

francislavoie · February 18, 2023, 5:37am

I don’t understand what you’re trying to say.

Either way, Caddy doesn’t support invalid certificates.

matt · February 21, 2023, 6:59pm

Specifically, CommonName has been deprecated for 23 years, and this error message comes from the Go standard library because it is no longer a supported field.