My read on the original post:
First we have stated that "For mod_ssl to work in the vote release,
mod_md must also be included..."
That is what I honed in on. Apache will not start if there's a module
specific directive without that module being loaded. Since the OP states
that *mod_ssl* will not work without without mod_md included, there must
be some mod_md directives not contained inside <IfModule> laying around
in the OP's config. I believe this is the first of two parts.
Now, Apache serving a 404 on /.well-known/acme-challenge/test.txt when
mod_md is loaded I think is because mod_md stores this stuff under
MDStoreDir where the acme client puts it elsewhere IIRC. So this
behavior I see as by design since mod_md intercepts the requests coming
from the acme server obviously to serve what is stored under MDStoreDir.
My guess anyway.
On 3/18/2018 12:07 PM, Eric Covener wrote:
On Sun, Mar 18, 2018 at 2:25 PM, Steffen <i...@apachelounge.com> wrote:
It is indeed a limitation for an "old" account, and when LE enables TLS
again (not sure it does already in ACMEv2 protocol)
When did this become about TLS-SNI challenges and how does that tie
into the external ACME client?
Can you connect the dots for me or is this unrelated?
In my test mod_md says;
mod_md.c(1317): [client 2001:980:a510:1:c5e7:56f7:9d:ab36:65315] Challenge
for www.apachelounge.com (/.well-known/acme-challenge/test.txt)
For me case closed., sorry for the clutter.
Does this confirm something beyond "mod_md works"?
When it is not appreciated that I share it with dev, say it please.
My own 2 cents: It would be helpful and take much less of a toll on
this volunteers time/patience/morale if this kind of feedback were
refined before being brought forward.
For example, here are hypothetical concise requirements / complaints
that someone could meaningfully address without having to pull teeth:
mod_md could do something specifically different with TLS-SNI
challenges for old users
mod_md pre-empts HTTP challenges for domains that are not mod_md managed.
mod_md can't decline/defer to an Alias for /.well-known if it has no
stored challenge
But instead we have several paragraphs about votes and releases and
mod_ssl depending on mod_md and two different clients and a request to
test "it" on Linux.
