You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Steffen <in...@apachelounge.com> on 2019/10/22 13:07:08 UTC

Notes mod_md v2.2.0

Mod_md v2.2.0 from trunk did a complete cycle with "renew-window": "86d" 
and    "warn-window": "87d",

All looks fine including the stapling renew, but some user notes:

The  mod_md times are in the log and mod_status in GMT, it should be 
better the computer/local time zone and not only in GMT, this like 
mod_status and log  does.

===server-status [Sun Oct 20 08:50:46] Activity: Renew in ~4 hours

After that ~4hours the  renew time has reached but not run yet:
===server-status    [Sun Oct 20 16:50] Activity: Ongoing...
Maybe better a  message that explains what is ongoing ?

When the time for the next run has reached, it is renewed :
===server-status [Sun Oct 20 18:56:10] Activity:    The certificate for 
the managed domain has been renewed successfully and can be used from 
Mon, 21 Oct 2019 15:56:08 GMT on. Next run in ~22 hours

It is already valid/usable by restarting Apache and we do not have to 
wait ~22 hours. It conflicts also with the Valid-From date in the 
certificate which is a day earlier (the real valid date), that is Sun, 
20 Oct 2019 15:56:08 GMT

Maybe better to explain more ?

After that ~22 hours the Notify command  starts my script which restarts 
Apache, and we have the new certificate running :)

In have Logevel info. The only entry from mod_md during the cycle is 
with the restart :
[Mon Oct 21 18:01:54.277303 2019] [md:info] [pid 8656:tid 776] AH10068: 
apachelounge.com: staged set activated

Maybe to  consider more log entries for loglevel info.
Suggestion log every status change from server-status Activity

Also there is a job.json file left in the md/tmp. This file has more 
info then the copied file to md/domains, namely is contains also at the top:
...
     "detail": "new certificate successfully saved in domains",
     "activity": "moving tmp to become new domains"
...
      "type": "message-installed"

I think it is save to delete the md/temp/job.json ?

Steffen




On 16-10-2019 16:18, Steffen wrote: and
>
> Had an issue with v2.1.9-beta :  Renew Error :: challenge-mismatch.
>
> Looks good now. After upgrading to the trunk version 2.2.0, it is 
> renewing (did not change config and /md folder):
>
> server-status Activity:
> The certificate for the managed domain has been renewed successfully 
> and can be used from Thu, 17 Oct 2019 12:46:49 GMT on. Next run ~22 hours.
>
> After a restart got a MDMessageCmd:
>
> installed  apachelounge.com
>
> Closed the issues on github.
>
>
> Steffen
>
>
> On Wednesday 16/10/2019 at 15:37, Stefan Eissing wrote:
>> Thanks!
>>
>>> Am 16.10.2019 um 15:26 schrieb Steffen <in...@apachelounge.com>:
>>>
>>> mod_md.dsp is fine.
>>>
>>> It builds fine here.
>>>
>>> Steffen
>>>
>>> On Wednesday 16/10/2019 at 14:34, Stefan Eissing wrote:
>>>> Update from github tested mod_md in r1868506.
>>>>
>>>> 2 new source files added, you probably need to buildconfig. I added 
>>>> the files to the CMakeLists.txt and modules/md/mod_md.dsp. Hope it 
>>>> works. Would be nice if someone could verify it.
>>>>
>>>> Cheers, Stefan
>>>
>>>
>>
>