Thanks!
Very good news : build against 2.4.41 a certificate was generated
with the domains in MDomain.
When no certificate was specified global, the Apache does not start.
After adding a valid other certificate a new certificate is created
with the domains in MDomain. Then I replaced the certificate (.pem
files) with the one generated in the /md folder. So there is a copy
step (no problem for me).
Ideal should be that it could generate a certificate without first
adding adding a certificate.
Config:
No vhosts.
ProtocolsHonorOrder On
Protocols h2 http/1.1 acme-tls/1
SSLEngine on
MDomain apachelounge.nl www.apachelounge.nl vosadministraties.nl
www.vosadministraties.nl land10web.com
MDBaseServer on
MDPortMap https:443
MDCertificateAgreement accepted
MDRenewMode Always
MDRenewWindow 85d
- Steffen
On Thursday 22/08/2019 at 15:58, Stefan Eissing wrote:
Hi Steffen,
could you check the v2.1.1 I just released? I fixed the recognition of
the "amce-tls/1" protocol when using it in the base server. Hope this
works for you as well.
- Stefan
Am 06.08.2019 um 10:48 schrieb Steffen <[email protected]>:
Forget to attached the log.
On 5-8-2019 15:19, Steffen wrote:
Thanks,
Same, also get again :
The https: challenge 'tls-alpn-01' is disabled because the Protocols
configuration does not include the 'acme-tls/1' protocol.
It is in the protocols directive:
ProtocolsHonorOrder On
Protocols h2 http/1.1 acme-tls/1
MDomain apachelounge.nl http://www.apachelounge.nl
vosadministraties.nl http://www.vosadministraties.nl land10web.com
MDBaseServer on
MDPortMap https:443
MDCertificateAgreement accepted
MDRenewMode Always
- Steffen
On Monday 05/08/2019 at 14:52, Stefan Eissing wrote:
I think mod_md is not particularly suited to server setups without any
VirtualHosts. I have at least no tests for this.
You can try (with a 2.4.40):
# the new, shorter form
MDCertificateAgreement accepted
# we want the base server to be managed
MDBaseServer on
# the list of domains, including one from the base server
MDomain apachelounge.nl http://www.apachelounge.nl
vosadministraties.nlhttp://www.vosadministraties.nl land10web.com
# since we have no vhost, we need to say where https requests arrive
MDPortMap https:443
# since we have only https, we need to enable the new ACME tls
challenge protocol
Protocols h2 http/1.1 acme-tls/1
...
- Stefan
Am 05.08.2019 um 14:06 schrieb Steffen <[email protected]>:
I read in the new docu that you can generate a certificate for
domains(s) that does not appear in any host.
So I did a try to generate one certificate for two domains (in Subject
Alternative Name)
Configuration
SSL only on port 443
No vhosts
Listen 443
Protocols h2 http/1.1 acme-tls/1
MDomain apachelounge.nl http://www.apachelounge.nl
vosadministraties.nlhttp://www.vosadministraties.nl
MDCertificateAgreement
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf
MDRenewMode Always
ServerName land10web.com
SSLEngine on
...
...
Apache does not start. It exits with a mod_ssl error, no SSL
certificates configured and no other module contributed any
See attachment serror1.log
When I add to the config a valid certificate
SSLCertificateFile conf/land10web.com-chain.pem
SSLCertificateKeyFile conf/land10web.com key.pem
Then Apache starts but mod_md gives error in the log.
See attachment serror2.log
See now e.g. : .
- server seems not reachable via http: (port 80->80) and reachable via
https: (port 443->443)
- The https: challenge 'tls-alpn-01' is disabled because the Protocols
configuration does not include the 'acme-tls/1' protocol. (it is in
the protocols directive).
Or what I want is not supported, or I do some wrong. Appreciate some
help.
- Steffen
<serror.log>
