You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Steffen <in...@apachelounge.com> on 2019/10/22 13:07:08 UTC
Notes mod_md v2.2.0
Mod_md v2.2.0 from trunk did a complete cycle with "renew-window": "86d"
and "warn-window": "87d",
All looks fine including the stapling renew, but some user notes:
The mod_md times are in the log and mod_status in GMT, it should be
better the computer/local time zone and not only in GMT, this like
mod_status and log does.
===server-status [Sun Oct 20 08:50:46] Activity: Renew in ~4 hours
After that ~4hours the renew time has reached but not run yet:
===server-status [Sun Oct 20 16:50] Activity: Ongoing...
Maybe better a message that explains what is ongoing ?
When the time for the next run has reached, it is renewed :
===server-status [Sun Oct 20 18:56:10] Activity: The certificate for
the managed domain has been renewed successfully and can be used from
Mon, 21 Oct 2019 15:56:08 GMT on. Next run in ~22 hours
It is already valid/usable by restarting Apache and we do not have to
wait ~22 hours. It conflicts also with the Valid-From date in the
certificate which is a day earlier (the real valid date), that is Sun,
20 Oct 2019 15:56:08 GMT
Maybe better to explain more ?
After that ~22 hours the Notify command starts my script which restarts
Apache, and we have the new certificate running :)
In have Logevel info. The only entry from mod_md during the cycle is
with the restart :
[Mon Oct 21 18:01:54.277303 2019] [md:info] [pid 8656:tid 776] AH10068:
apachelounge.com: staged set activated
Maybe to consider more log entries for loglevel info.
Suggestion log every status change from server-status Activity
Also there is a job.json file left in the md/tmp. This file has more
info then the copied file to md/domains, namely is contains also at the top:
...
"detail": "new certificate successfully saved in domains",
"activity": "moving tmp to become new domains"
...
"type": "message-installed"
I think it is save to delete the md/temp/job.json ?
Steffen
On 16-10-2019 16:18, Steffen wrote: and
>
> Had an issue with v2.1.9-beta : Renew Error :: challenge-mismatch.
>
> Looks good now. After upgrading to the trunk version 2.2.0, it is
> renewing (did not change config and /md folder):
>
> server-status Activity:
> The certificate for the managed domain has been renewed successfully
> and can be used from Thu, 17 Oct 2019 12:46:49 GMT on. Next run ~22 hours.
>
> After a restart got a MDMessageCmd:
>
> installed apachelounge.com
>
> Closed the issues on github.
>
>
> Steffen
>
>
> On Wednesday 16/10/2019 at 15:37, Stefan Eissing wrote:
>> Thanks!
>>
>>> Am 16.10.2019 um 15:26 schrieb Steffen <in...@apachelounge.com>:
>>>
>>> mod_md.dsp is fine.
>>>
>>> It builds fine here.
>>>
>>> Steffen
>>>
>>> On Wednesday 16/10/2019 at 14:34, Stefan Eissing wrote:
>>>> Update from github tested mod_md in r1868506.
>>>>
>>>> 2 new source files added, you probably need to buildconfig. I added
>>>> the files to the CMakeLists.txt and modules/md/mod_md.dsp. Hope it
>>>> works. Would be nice if someone could verify it.
>>>>
>>>> Cheers, Stefan
>>>
>>>
>>
>