You are not logged in.

Pages: 1

#1 2023-02-21 07:19:55

felixculpa
Member
From: Alberta, Canada
Registered: 2012-06-12
Posts: 252

Certificate Failures with Caddy (Security issue?)

Hi all.

I did a massive update today (almost 3gb of stuff) and everything seemed to be fine, but I've been getting this really weird error where services and websites I'm self hosting all of a sudden stop having their Let's Encrypt cert being served.

It's intermittent too, so sometimes the sites are working fine but then other times I get a "Your Connection Is Not Private" error and the Certificate Details show a certificate with the following details:

Common Name: SMB
Version: Version 3
Issuer: CN=SMB, C=KH
...
Subjects Key Algorith: PKCS #1 RSA Encryption

Along with fingerprints, etc. The validity period spans from 2019 until 2038.

Another super weird oddity is sometimes I get locked out from SSHing to the server (within the same environment!!!).

It feels like I've been hacked.

Offline

#2 2023-02-21 08:24:52

seth
Member
Registered: 2012-09-03
Posts: 38,797

Re: Certificate Failures with Caddy (Security issue?)

"intermittent" "sometimes I get locked out from SSH"

System time/ntp issue?

How to upload text · How to boot w/o GUI · Disable Windows Fast-Start! · Your xinitrc is broken

Online

#3 2023-02-21 15:41:12

felixculpa
Member
From: Alberta, Canada
Registered: 2012-06-12
Posts: 252

Re: Certificate Failures with Caddy (Security issue?)

This didn't occur to me. I will double check my NTP setttings.

However things seem all fine today so far.

The router had a firmware update which I ran last night and everything seems to be working now for reaching the hosted services from the outside. Seems the router wasn't forwarding ports so wasn't even hitting my reverse proxy.

Last edited by felixculpa (2023-02-21 15:42:39)

Offline

#4 2023-02-22 03:13:57

felixculpa
Member
From: Alberta, Canada
Registered: 2012-06-12
Posts: 252

Re: Certificate Failures with Caddy (Security issue?)

I got the errors a few times again today.  I made a mistake with identifying the cert, it has a C value of HK indicating it's from Hong Kong. This seems like a suspicious Chinese cert problem...

Hoping it's something else that I can't figure out, I would prefer that...

Offline

#5 2023-02-22 07:08:18

seth
Member
Registered: 2012-09-03
Posts: 38,797

Re: Certificate Failures with Caddy (Security issue?)

https://bbs.archlinux.org/viewtopic.php?id=57855

Please post the actual errors and the entire certificate details.

How to upload text · How to boot w/o GUI · Disable Windows Fast-Start! · Your xinitrc is broken

Online

Pages: 1

Board footer

Powered by FluxBB