You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Nick Gearls <ni...@gmail.com> on 2021/06/21 11:27:15 UTC

[users@httpd] mod_md problem

I'm trying to use mod_md (httpd 2.4 on CentOS 8) and, when trying to 
ceate a certificate, it complains it cannot write onto the disk (at 
least that's what I understand).
I cannot find any permission problems in /var/log/audit/audit.log,  
/var/log/messages, nor "journalctl -xe".
All connections to LetsEncrypt are correct and the certificate is, I 
think, generated.

I have the following errors:
[md:error] (20014)Internal error (specific information not available): 
AH10056: processing mysite.mycompany.com: Unable to retrive certificate 
chain.
[...]
[md:trace1] (1)Operation not permitted: mysite.mycompany.com: saving job 
props

ls -alZ /var/run/httpd/md/:
 > drwxr-xr-x. 6 root apache system_u:object_r:httpd_var_run_t:s0     
120 Jun 21 11:17 staging
Same permissions for all files in it, like staging/mysite.mycompany.com/ 
md.json

In case it matters, the site is chrooted and /var/run/httpd/md points to 
the one in the chroot with exactly the same permissions.

Does anybody see where I could look for more info?
Thanks a lot

Here is the complete relevant part of the error log, in full debug:
[2021-06-21 11:17:50.488908] [md:trace1] [pid 424510:tid 
140357450503936] request --> POST 
https://acme-v02.api.letsencrypt.org/acme/new-acct
*   Trying 172.65.32.248...
* TCP_NODELAY set
* Connected to acme-v02.api.letsencrypt.org (172.65.32.248) port 443 (#0)
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
   CApath: none
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN, server accepted to use http/1.1
* Server certificate:
*  subject: CN=acme-v01.api.letsencrypt.org
*  start date: Jun  3 22:30:18 2021 GMT
*  expire date: Sep  1 22:30:18 2021 GMT
*  subjectAltName: host "acme-v02.api.letsencrypt.org" matched cert's 
"acme-v02.api.letsencrypt.org"
*  issuer: C=US; O=Let's Encrypt; CN=R3
*  SSL certificate verify ok.
 > POST /acme/new-acct HTTP/1.1
Host: acme-v02.api.letsencrypt.org
User-Agent: Apache/2.4.37 mod_md/2.0.8-git
Accept: */*
Content-Type: application/jose+json
Content-Length: 1574
Expect: 100-continue

< HTTP/1.1 100 Continue
< HTTP/1.1 201 Created
< Server: nginx
< Date: Mon, 21 Jun 2021 09:17:51 GMT
< Content-Type: application/json
< Content-Length: 733
< Connection: keep-alive
< Boulder-Requester: 127753501
< Cache-Control: public, max-age=0, no-cache
< Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
< Link: 
<https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf>;rel="terms-of-service"
< Location: https://acme-v02.api.letsencrypt.org/acme/acct/127753501
< Replay-Nonce: 0003IWS9CGYrN6SxjrANpXAuvvX0NUfJt6pPqwOxm-qzPVs
< X-Frame-Options: DENY
< Strict-Transport-Security: max-age=604800
<
* Connection #0 to host acme-v02.api.letsencrypt.org left intact
[2021-06-21 11:17:51.275576] [md:trace1] [pid 424510:tid 
140357450503936] request <-- 201
[2021-06-21 11:17:51.275611] [md:trace1] [pid 424510:tid 
140357450503936] response: 201
[2021-06-21 11:17:51.275764] [md:trace2] [pid 424510:tid 
140357450503936] response: {\n  "key": {\n    "kty": "RSA",\n "n": 
"mn-82COwom_LwiMH_U75P7vNZpFHXEkWwDdnZI500p_9PvPwZscmu1gQQ489F8a1FhrY3iBShBN-m3kb8KRLAZ7WXwBExHLbwr9ZOrVl44ivrey0L6do7L4S3ZYhcGgKXgDmFT66vSN-Hl315AY8eVDhekRAzIYj0qh3KNYPbkn_zJJlWHOO805jUbXC21WE-02kvZ9bAhbx3L8qSmhz1E8ScrUIXpZ128lefH66YlUCAmAkbtBlsg4eMN2h_SR4U4UPRzp--2Echf7GGYMYwkLgcP-KQNZT5bnPHEByB7YvBGdic-sZ9lWYWsZGBPO-ircJqqn5hCrOfPuc0iDotF3WM0H-BkVJ9nhhII2VXnNV6jjmz1xcuIU-zcctic8iTbONmlusRY_dkzXwutm63RclnZ_SLthF51geqbdL-2_4J4wWklu6SXhidNQvg-r0PuqhZTBgan_MZ3zrqcQJfEUpqMy2IOWnNbaKRA2emwA9K3_Je73RYdOvkE9aOKJx",\n 
"e": "AQAB"\n  },\n  "contact": [\n "mailto:dnsmaster@idloom.com"\n  
],\n  "initialIp": "86.39.202.101",\n  "createdAt": 
"2021-06-21T09:17:51.197951792Z",\n  "status": "valid"\n}
[2021-06-21 11:17:51.275864] [md:debug] [pid 424510:tid 140357450503936] 
updated acct https://acme-v02.api.letsencrypt.org/acme/acct/127753501
[2021-06-21 11:17:51.277869] [md:debug] [pid 424510:tid 140357450503936] 
req sent
[2021-06-21 11:17:51.277898] [md:info] [pid 424510:tid 140357450503936] 
registered new account 
https://acme-v02.api.letsencrypt.org/acme/acct/127753501
[2021-06-21 11:17:51.277975] [md:trace3] [pid 424510:tid 
140357450503936] mk_group_dir /var/run/httpd/md/staging perm set
[2021-06-21 11:17:51.277985] [md:trace3] [pid 424510:tid 
140357450503936] mk_group_dir 4 (null)
[2021-06-21 11:17:51.278004] [md:debug] [pid 424510:tid 140357450503936] 
md[mysite.mycompany.com] while[Creating new ACME account for 
mysite.mycompany.com]
[2021-06-21 11:17:51.278027] [md:info] [pid 424510:tid 140357450503936] 
mysite.mycompany.com: retrieving certificate chain
[2021-06-21 11:17:51.278036] [md:error] [pid 424510:tid 140357450503936] 
(20014)Internal error (specific information not available): 
mysite.mycompany.com: asked to retrieve chain, but no order in context
[2021-06-21 11:17:51.278057] [md:debug] [pid 424510:tid 140357450503936] 
(20014)Internal error (specific information not available): 
md[mysite.mycompany.com] while[Retrieving certificate chain for 
mysite.mycompany.com] detail[Unable to retrive certificate chain.]
[2021-06-21 11:17:51.278067] [md:debug] [pid 424510:tid 140357450503936] 
(20014)Internal error (specific information not available): 
mysite.mycompany.com: staging done
[2021-06-21 11:17:51.278081] [md:error] [pid 424510:tid 140357450503936] 
(20014)Internal error (specific information not available): AH10056: 
processing mysite.mycompany.com: Unable to retrive certificate chain.
[2021-06-21 11:17:51.278094] [md:trace1] [pid 424510:tid 
140357450503936] md(mysite.mycompany.com): check expiration
[2021-06-21 11:17:51.278120] [md:info] [pid 424510:tid 140357450503936] 
AH10057: mysite.mycompany.com: encountered error for the 1. time, next 
run in 04 seconds
[2021-06-21 11:17:51.278158] [md:trace3] [pid 424510:tid 
140357450503936] mk_group_dir /var/run/httpd/md/staging perm set
[2021-06-21 11:17:51.278167] [md:trace3] [pid 424510:tid 
140357450503936] mk_group_dir 4 (null)
[2021-06-21 11:17:51.278174] [md:trace1] [pid 424510:tid 
140357450503936] (1)Operation not permitted: mysite.mycompany.com: 
saving job props
[2021-06-21 11:17:51.278188] [md:debug] [pid 424510:tid 140357450503936] 
AH10107: next run in 04 seconds
[2021-06-21 11:17:56.289509] [md:debug] [pid 424510:tid 140357450503936] 
AH10055: md watchdog run, auto drive 1 mds
[2021-06-21 11:17:56.289624] [md:trace3] [pid 424510:tid 
140357450503936] (2)No such file or directory: loading type 1 from 
/var/run/httpd/md/staging/mysite.mycompany.com/job.json
[2021-06-21 11:17:56.289665] [md:debug] [pid 424510:tid 140357450503936] 
AH10052: md(mysite.mycompany.com): state=1, driving
[2021-06-21 11:17:56.289709] [md:trace1] [pid 424510:tid 
140357450503936] mysite.mycompany.com: init driver
[2021-06-21 11:17:56.289719] [md:debug] [pid 424510:tid 140357450503936] 
mysite.mycompany.com: init done
[2021-06-21 11:17:56.289727] [md:debug] [pid 424510:tid 140357450503936] 
mysite.mycompany.com: run staging
[2021-06-21 11:17:56.289737] [md:debug] [pid 424510:tid 140357450503936] 
mysite.mycompany.com: staging started, state=1, can_http=0, can_https=1, 
challenges='tls-alpn-01'
[2021-06-21 11:17:56.289926] [md:trace3] [pid 424510:tid 
140357450503936] loading type 1 from 
/var/run/httpd/md/staging/mysite.mycompany.com/md.json
[2021-06-21 11:17:56.290003] [md:debug] [pid 424510:tid 140357450503936] 
get directory from https://acme-v02.api.letsencrypt.org/directory
[2021-06-21 11:17:56.290937] [md:trace1] [pid 424510:tid 
140357450503936] request --> GET 
https://acme-v02.api.letsencrypt.org/directory


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org