Using wget to grab a binary I get this
wget -O gitea https://dl.gitea.io/gitea/1.6.0/gitea-1.6.0-linux-arm64 --2018-12-02 08:58:29-- https://dl.gitea.io/gitea/1.6.0/gitea-1.6.0-linux-arm64 Resolving dl.gitea.io (dl.gitea.io)... 126.96.36.199, 188.8.131.52, 2606:4700:30::681b:8e9b, ... Connecting to dl.gitea.io (dl.gitea.io)|184.108.40.206|:443... connected. ERROR: cannot verify dl.gitea.io's certificate, issued by ‘CN=COMODO ECC Domain Validation Secure Server CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB’: Unable to locally verify the issuer's authority. To connect to dl.gitea.io insecurely, use `--no-check-certificate'.
I see that gitea.io is using letsencrypt cert but it looks like dl.gitea.io is still using some old comodo cert??? I see you are running caddy for the dl web in which case maybe you just need to provide either your wildcard cert if that is what you have or get Caddy to grab a cert in the CaddyFile