Re: mod_md with no vhosts, sni and ssl only, no go
Thanks! Very good news : build against 2.4.41 a certificate was generated with the domains in MDomain. When no certificate was specified global, the Apache does not start. After adding a valid other certificate a new certificate is created with the domains in MDomain. Then I replaced the certificate (.pem files) with the one generated in the /md folder. So there is a copy step (no problem for me). Ideal should be that it could generate a certificate without first adding adding a certificate. Config: No vhosts. ProtocolsHonorOrder On Protocols h2 http/1.1 acme-tls/1 SSLEngine on MDomain apachelounge.nl www.apachelounge.nl vosadministraties.nl www.vosadministraties.nl land10web.com MDBaseServer on MDPortMap https:443 MDCertificateAgreement accepted MDRenewMode Always MDRenewWindow 85d - Steffen On Thursday 22/08/2019 at 15:58, Stefan Eissing wrote: Hi Steffen, could you check the v2.1.1 I just released? I fixed the recognition of the "amce-tls/1" protocol when using it in the base server. Hope this works for you as well. - Stefan Am 06.08.2019 um 10:48 schrieb Steffen : Forget to attached the log. On 5-8-2019 15:19, Steffen wrote: Thanks, Same, also get again : The https: challenge 'tls-alpn-01' is disabled because the Protocols configuration does not include the 'acme-tls/1' protocol. It is in the protocols directive: ProtocolsHonorOrder On Protocols h2 http/1.1 acme-tls/1 MDomain apachelounge.nl http://www.apachelounge.nl vosadministraties.nl http://www.vosadministraties.nl land10web.com MDBaseServer on MDPortMap https:443 MDCertificateAgreement accepted MDRenewMode Always - Steffen On Monday 05/08/2019 at 14:52, Stefan Eissing wrote: I think mod_md is not particularly suited to server setups without any VirtualHosts. I have at least no tests for this. You can try (with a 2.4.40): # the new, shorter form MDCertificateAgreement accepted # we want the base server to be managed MDBaseServer on # the list of domains, including one from the base server MDomain apachelounge.nl http://www.apachelounge.nl vosadministraties.nlhttp://www.vosadministraties.nl land10web.com # since we have no vhost, we need to say where https requests arrive MDPortMap https:443 # since we have only https, we need to enable the new ACME tls challenge protocol Protocols h2 http/1.1 acme-tls/1 ... - Stefan Am 05.08.2019 um 14:06 schrieb Steffen : I read in the new docu that you can generate a certificate for domains(s) that does not appear in any host. So I did a try to generate one certificate for two domains (in Subject Alternative Name) Configuration SSL only on port 443 No vhosts Listen 443 Protocols h2 http/1.1 acme-tls/1 MDomain apachelounge.nl http://www.apachelounge.nl vosadministraties.nlhttp://www.vosadministraties.nl MDCertificateAgreement https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf MDRenewMode Always ServerName land10web.com SSLEngine on ... ... Apache does not start. It exits with a mod_ssl error, no SSL certificates configured and no other module contributed any See attachment serror1.log When I add to the config a valid certificate SSLCertificateFile conf/land10web.com-chain.pem SSLCertificateKeyFile conf/land10web.com key.pem Then Apache starts but mod_md gives error in the log. See attachment serror2.log See now e.g. : . - server seems not reachable via http: (port 80->80) and reachable via https: (port 443->443) - The https: challenge 'tls-alpn-01' is disabled because the Protocols configuration does not include the 'acme-tls/1' protocol. (it is in the protocols directive). Or what I want is not supported, or I do some wrong. Appreciate some help. - Steffen
Re: mod_md with no vhosts, sni and ssl only, no go
Hi Steffen, could you check the v2.1.1 I just released? I fixed the recognition of the "amce-tls/1" protocol when using it in the base server. Hope this works for you as well. - Stefan > Am 06.08.2019 um 10:48 schrieb Steffen : > > Forget to attached the log. > > On 5-8-2019 15:19, Steffen wrote: >> Thanks, >> >> Same, also get again : >> The https: challenge 'tls-alpn-01' is disabled because the Protocols >> configuration does not include the 'acme-tls/1' protocol. >> >> It is in the protocols directive: >> >> ProtocolsHonorOrder On >> Protocols h2 http/1.1 acme-tls/1 >> >> MDomain apachelounge.nl www.apachelounge.nl vosadministraties.nl >> www.vosadministraties.nl land10web.com >> MDBaseServer on >> MDPortMap https:443 >> MDCertificateAgreement accepted >> MDRenewMode Always >> >> - Steffen >> >> >> >> On Monday 05/08/2019 at 14:52, Stefan Eissing wrote: >>> I think mod_md is not particularly suited to server setups without any >>> VirtualHosts. I have at least no tests for this. >>> >>> You can try (with a 2.4.40): >>> >>> # the new, shorter form >>> MDCertificateAgreement accepted >>> # we want the base server to be managed >>> MDBaseServer on >>> # the list of domains, including one from the base server >>> MDomain apachelounge.nl http://www.apachelounge.nl >>> vosadministraties.nlhttp://www.vosadministraties.nl land10web.com >>> # since we have no vhost, we need to say where https requests arrive >>> MDPortMap https:443 >>> # since we have only https, we need to enable the new ACME tls challenge >>> protocol >>> Protocols h2 http/1.1 acme-tls/1 >>> ... >>> >>> - Stefan >>> >>> Am 05.08.2019 um 14:06 schrieb Steffen : I read in the new docu that you can generate a certificate for domains(s) that does not appear in any host. So I did a try to generate one certificate for two domains (in Subject Alternative Name) Configuration SSL only on port 443 No vhosts Listen 443 Protocols h2 http/1.1 acme-tls/1 MDomain apachelounge.nl http://www.apachelounge.nl vosadministraties.nlhttp://www.vosadministraties.nl MDCertificateAgreement https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf MDRenewMode Always ServerName land10web.com SSLEngine on ... ... Apache does not start. It exits with a mod_ssl error, no SSL certificates configured and no other module contributed any See attachment serror1.log When I add to the config a valid certificate SSLCertificateFile conf/land10web.com-chain.pem SSLCertificateKeyFile conf/land10web.com key.pem Then Apache starts but mod_md gives error in the log. See attachment serror2.log See now e.g. : . - server seems not reachable via http: (port 80->80) and reachable via https: (port 443->443) - The https: challenge 'tls-alpn-01' is disabled because the Protocols configuration does not include the 'acme-tls/1' protocol. (it is in the protocols directive). Or what I want is not supported, or I do some wrong. Appreciate some help. - Steffen >>> >> > >
Re: [PATCH 63628] Support specifying the http status codes to be considered by ProxyErrorOverride
From: https://httpd.apache.org/dev/patches.html > Post to the developers list pointing out your patch and why you feel it is > important. Feel free to do this about once a week and continue until you get > a response. In this regard: the weekly friendly reminder. Regards Martin Drößler Martin Drößler schrieb am 13.08.2019 10:18: > Hi, > > one and a half week ago I submitted a patch/bugreport for this feature. > See: https://bz.apache.org/bugzilla/show_bug.cgi?id=63628 > > And, as suggested by the how-to (http://httpd.apache.org/dev/patches.html), I > wanted to ask about some feedback. > > It would definitely help me and my company to decide, if we can continue with > our migration-project. > > > thanks, > Martin Drößler >