Segfault during getCertDuringHandshake

[borgmanJeremy]

Description of issue: Caddy is crashing periodically after starting due a segfault.

System: Ubuntu 22.04 Fully updated
Caddy installed through apt.

Version
jeremy@caddyproxy:~$ /usr/bin/caddy version
v2.7.2 h1:QqThyoyUFAv1B7A2NMeaWlz7xmgKqU49PXBX08A+6xg=

systemd file is default provided through apt installation

jeremy@caddyproxy:~$ cat /lib/systemd/system/caddy.service
# caddy.service
#
# For using Caddy with a config file.
#
# Make sure the ExecStart and ExecReload commands are correct
# for your installation.
#
# See https://caddyserver.com/docs/install for instructions.
#
# WARNING: This service does not use the --resume flag, so if you
# use the API to make changes, they will be overwritten by the
# Caddyfile next time the service is restarted. If you intend to
# use Caddy's API to configure it, add the --resume flag to the
# `caddy run` command or use the caddy-api.service file instead.

[Unit]
Description=Caddy
Documentation=https://caddyserver.com/docs/
After=network.target network-online.target
Requires=network-online.target

[Service]
Type=notify
User=caddy
Group=caddy
ExecStart=/usr/bin/caddy run --environ --config /etc/caddy/Caddyfile
ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile --force
TimeoutStopSec=5s
LimitNOFILE=1048576
LimitNPROC=512
PrivateTmp=true
ProtectSystem=full
AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE

[Install]
WantedBy=multi-user.target

journalctl logs:

Aug 04 16:24:51 caddyproxy caddy[821]: panic: runtime error: invalid memory address or nil pointer dereference
Aug 04 16:24:51 caddyproxy caddy[821]: [signal SIGSEGV: segmentation violation code=0x1 addr=0x30 pc=0x903750]
Aug 04 16:24:51 caddyproxy caddy[821]: goroutine 2099 [running]:
Aug 04 16:24:51 caddyproxy caddy[821]: github.com/caddyserver/certmagic.(*Config).getCertDuringHandshake(0xc0006c44e0, {0x1f09a88, 0xc000042048}, _, _)
Aug 04 16:24:51 caddyproxy caddy[821]:         github.com/caddyserver/[email protected]/handshake.go:378 +0x1390
Aug 04 16:24:51 caddyproxy caddy[821]: github.com/caddyserver/certmagic.(*Config).GetCertificateWithContext(0xc0006c44e0, {0x1f09a88, 0xc000042048}, 0xc0006c4410)
Aug 04 16:24:51 caddyproxy caddy[821]:         github.com/caddyserver/[email protected]/handshake.go:84 +0xbff
Aug 04 16:24:51 caddyproxy caddy[821]: github.com/caddyserver/certmagic.(*Config).GetCertificate(0xc000430fc0?, 0xc0006b4348?)
Aug 04 16:24:51 caddyproxy caddy[821]:         github.com/caddyserver/[email protected]/handshake.go:50 +0x2a
Aug 04 16:24:51 caddyproxy caddy[821]: github.com/caddyserver/caddy/v2/modules/caddytls.(*ConnectionPolicy).buildStandardTLSConfig.func1(0xc0006c4410)
Aug 04 16:24:51 caddyproxy caddy[821]:         github.com/caddyserver/caddy/[email protected]/modules/caddytls/connpolicy.go:232 +0x14f
Aug 04 16:24:51 caddyproxy caddy[821]: github.com/quic-go/qtls-go1-20.(*config).getCertificate(0xc00071a600, 0xc0006c4410)
Aug 04 16:24:51 caddyproxy caddy[821]:         github.com/quic-go/[email protected]/common.go:1086 +0x42
Aug 04 16:24:51 caddyproxy caddy[821]: github.com/quic-go/qtls-go1-20.(*serverHandshakeStateTLS13).pickCertificate(0xc000665be8)
Aug 04 16:24:51 caddyproxy caddy[821]:         github.com/quic-go/[email protected]/handshake_server_tls13.go:415 +0x66
Aug 04 16:24:51 caddyproxy caddy[821]: github.com/quic-go/qtls-go1-20.(*serverHandshakeStateTLS13).handshake(0xc000665be8)
Aug 04 16:24:51 caddyproxy caddy[821]:         github.com/quic-go/[email protected]/handshake_server_tls13.go:60 +0x53
Aug 04 16:24:51 caddyproxy caddy[821]: github.com/quic-go/qtls-go1-20.(*Conn).serverHandshake(0xc000348000, {0x1f09a50, 0xc00011e5f0})
Aug 04 16:24:51 caddyproxy caddy[821]:         github.com/quic-go/[email protected]/handshake_server.go:53 +0x188
Aug 04 16:24:51 caddyproxy caddy[821]: github.com/quic-go/qtls-go1-20.(*Conn).handshakeContext(0xc000348000, {0x1f09af8, 0xc000561d70})
Aug 04 16:24:51 caddyproxy caddy[821]:         github.com/quic-go/[email protected]/conn.go:1540 +0x3ce
Aug 04 16:24:51 caddyproxy caddy[821]: github.com/quic-go/qtls-go1-20.(*Conn).HandshakeContext(0xc0005aa7d0?, {0x1f09af8?, 0xc000561d70?})
Aug 04 16:24:51 caddyproxy caddy[821]:         github.com/quic-go/[email protected]/conn.go:1480 +0x25
Aug 04 16:24:51 caddyproxy caddy[821]: created by github.com/quic-go/qtls-go1-20.(*QUICConn).Start
Aug 04 16:24:51 caddyproxy caddy[821]:         github.com/quic-go/[email protected]/quic.go:179 +0xcf
Aug 04 16:24:51 caddyproxy systemd[1]: caddy.service: Main process exited, code=exited, status=2/INVALIDARGUMENT
Aug 04 16:24:51 caddyproxy systemd[1]: caddy.service: Failed with result 'exit-code'.

[francislavoie]

Duplicate of #5680