You are not logged in.

#1 2023-02-21 07:19:55

felixculpa
Member
From: Alberta, Canada
Registered: 2012-06-12
Posts: 268

Certificate Failures with Caddy (Security issue?)

Hi all.

I did a massive update today (almost 3gb of stuff) and everything seemed to be fine, but I've been getting this really weird error where services and websites I'm self hosting all of a sudden stop having their Let's Encrypt cert being served.

It's intermittent too, so sometimes the sites are working fine but then other times I get a "Your Connection Is Not Private" error and the Certificate Details show a certificate with the following details:

Common Name: SMB
Version: Version 3
Issuer: CN=SMB, C=KH
...
Subjects Key Algorith: PKCS #1 RSA Encryption

Along with fingerprints, etc. The validity period spans from 2019 until 2038.

Another super weird oddity is sometimes I get locked out from SSHing to the server (within the same environment!!!).

It feels like I've been hacked.

Offline

#2 2023-02-21 08:24:52

seth
Member
Registered: 2012-09-03
Posts: 65,087

Re: Certificate Failures with Caddy (Security issue?)

"intermittent" "sometimes I get locked out from SSH"

System time/ntp issue?

Offline

#3 2023-02-21 15:41:12

felixculpa
Member
From: Alberta, Canada
Registered: 2012-06-12
Posts: 268

Re: Certificate Failures with Caddy (Security issue?)

This didn't occur to me. I will double check my NTP setttings.

However things seem all fine today so far.

The router had a firmware update which I ran last night and everything seems to be working now for reaching the hosted services from the outside. Seems the router wasn't forwarding ports so wasn't even hitting my reverse proxy.

Last edited by felixculpa (2023-02-21 15:42:39)

Offline

#4 2023-02-22 03:13:57

felixculpa
Member
From: Alberta, Canada
Registered: 2012-06-12
Posts: 268

Re: Certificate Failures with Caddy (Security issue?)

I got the errors a few times again today.  I made a mistake with identifying the cert, it has a C value of HK indicating it's from Hong Kong. This seems like a suspicious Chinese cert problem...

Hoping it's something else that I can't figure out, I would prefer that...

Offline

#5 2023-02-22 07:08:18

seth
Member
Registered: 2012-09-03
Posts: 65,087

Re: Certificate Failures with Caddy (Security issue?)

https://bbs.archlinux.org/viewtopic.php?id=57855

Please post the actual errors and the entire certificate details.

Offline

#6 2024-12-18 14:26:58

zagzag
Member
Registered: 2024-12-18
Posts: 1

Re: Certificate Failures with Caddy (Security issue?)

It happened to me and it turned out that certificate is related to my TP-Link managed switch as it is getting an IP from the DHCP that conflicts with my static IP.

Offline

#7 2024-12-19 09:41:41

Lone_Wolf
Administrator
From: Netherlands, Europe
Registered: 2005-10-04
Posts: 13,877

Re: Certificate Failures with Caddy (Security issue?)

Please don't necro-bump .

If you do have an issue, start  a new thread and link to this one .

Closing


Disliking systemd intensely, but not satisfied with alternatives so focusing on taming systemd.

clean chroot building not flexible enough ?
Try clean chroot manager by graysky

Offline

Board footer

Powered by FluxBB