| Author |
|
Izomye
Joined: 15 Dec 2016
Posts: 17
Location: Hammerfest
|
 Posted: Mon 04 Sep '17 2:34 Post subject: Lets Encrypt Module mod_md "Invalid Domain Name" |
 |
|
Hi,
i have intalled the Apache Module for Lets Encrypt, but if starting my Apache i get the error:
| Code: | AH00016: Configuration Failed
[Mon Sep 04 01:55:35.014620 2017] [md:error] [pid 1820:tid 400] (22)Invalid argument: md www.example.eu with invalid domain name: null
[Mon Sep 04 01:55:35.015620 2017] [md:error] [pid 1820:tid 400] (22)Invalid argument: AH10073: synching 1 mds to registry
AH00016: Configuration Failed |
The Parameter on httpd.conf for mod_md:
| Code: |
ServerAdmin mailto:abc@example.eu
MDCertificateAgreement https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf
MDPrivateKeys RSA 4096
MDStoreDir "X:/ABC/LetsEncrypt"
MDRenewWindow 12d |
and for the domain:
ManagedDomain: www.example.eu
| Code: | <VirtualHost *:443>
ServerName www.example.eu
ServerAlias example.eu
DocumentRoot "X:/ABC"
SSLEngine on
Header always set Strict-Transport-Security "max-age=69072000; preload"
H2Direct on
</VirtualHost> |
Have anyone a idea what is the reason for this one? |
|
| Back to top |
|
Steffen
Moderator
Joined: 15 Oct 2005
Posts: 3092
Location: Hilversum, NL, EU
|
| Posted: Mon 04 Sep '17 7:35 Post subject: |
|
|
| Try to remove the ":" from ManagedDomain: |
|
| Back to top |
|
icing
Joined: 22 Sep 2015
Posts: 41
Location: Münster, Germany
|
| Posted: Mon 04 Sep '17 10:34 Post subject: |
|
|
| Yeah, the config line with 'ManagedDomain' would be interesting. |
|
| Back to top |
|
Izomye
Joined: 15 Dec 2016
Posts: 17
Location: Hammerfest
|
| Posted: Mon 04 Sep '17 22:23 Post subject: |
|
|
Oh sorry, this was a postingfailure. This is the config of the domain (With this one, i get the error):
| Code: |
ManagedDomain www.example.eu
<VirtualHost *:443>
ServerName www.example.eu
ServerAlias example.eu
DocumentRoot "X:/ABC"
SSLEngine on
Header always set Strict-Transport-Security "max-age=69072000; preload"
H2Direct on
</VirtualHost>
|
|
|
| Back to top |
|
icing
Joined: 22 Sep 2015
Posts: 41
Location: Münster, Germany
|
| Posted: Tue 05 Sep '17 10:37 Post subject: |
|
|
Thanks! However that runs here on our test servers without errors.
How does your store look? See <server-root/md/domains. There should be a directory 'www.example.eu'. What does it contain? How about <server-root/md/staging?
It would be interesting to learn what the behaviour is if you move the store aside and restart. Will it run into the same problem again? Then it would be interesting to learn what the 'md.json' files look like. |
|
| Back to top |
|
Izomye
Joined: 15 Dec 2016
Posts: 17
Location: Hammerfest
|
| Posted: Tue 05 Sep '17 12:07 Post subject: |
|
|
| Quote: | | How does your store look? See <server-root/md/domains |
This directory isn´t subsisted on both (with an without MDStore
| Quote: | | How about <server-root/md/staging? |
This directory is subsisted on both variants, but empty.
For Testing, i have created the following one:
| Code: |
ManagedDomain test.example.eu
<VirtualHost *:80>
ServerName test.example.eu
ServerAlias wch.example.eu
DocumentRoot "X:/ABC/"
</VirtualHost>
<VirtualHost *:443>
ServerName test.example.eu
ServerAlias wch.example.eu
DocumentRoot "X:/ABC/"
SSLEngine on
Header always set Strict-Transport-Security "max-age=63072000; preload"
H2Direct on
</VirtualHost>
|
I have the problem with both methods of (with an without MDStore)
On the storedir give it two files a htpd.json and a md.json.
The content of the httpd.json:
| Code: |
{
"proto": {
"http": true,
"https": true
}
}
|
and of the md.json:
| Code: | {
"version": "0.8.1-git",
"store": {
"version": 2.0
},
"key": "Bvr9RSnj9hIUS3tiweaxd7Im4KnBMF6ztZXe1-Jl"
} |
(Its a randomkey from a generator of me. Is not the original key of the tool which is created)
The modules where is loading from Apache:
| Code: |
LoadModule md_module modules/mod_md.so
LoadModule watchdog_module modules/mod_watchdog.so
LoadModule access_compat_module modules/mod_access_compat.so
LoadModule actions_module modules/mod_actions.so
LoadModule alias_module modules/mod_alias.so
LoadModule allowmethods_module modules/mod_allowmethods.so
LoadModule asis_module modules/mod_asis.so
LoadModule authn_core_module modules/mod_authn_core.so
LoadModule authn_file_module modules/mod_authn_file.so
LoadModule authz_core_module modules/mod_authz_core.so
LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule authz_user_module modules/mod_authz_user.so
LoadModule deflate_module modules/mod_deflate.so
LoadModule dir_module modules/mod_dir.so
LoadModule env_module modules/mod_env.so
LoadModule filter_module modules/mod_filter.so
LoadModule http2_module modules/mod_http2.so
LoadModule headers_module modules/mod_headers.so
LoadModule include_module modules/mod_include.so
LoadModule isapi_module modules/mod_isapi.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule mime_module modules/mod_mime.so
LoadModule negotiation_module modules/mod_negotiation.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
LoadModule ssl_module modules/mod_ssl.so
LoadModule unique_id_module modules/mod_unique_id.so |
|
|
| Back to top |
|
icing
Joined: 22 Sep 2015
Posts: 41
Location: Münster, Germany
|
| Posted: Tue 05 Sep '17 14:42 Post subject: |
|
|
| Quote: |
How does your store look? See <server-root/md/domains
This directory isn´t subsisted on both (with an without MDStore
|
This directory *has* to exist. In it there is a sub-directory for each of your ManagedDomains. Not a Windows expert. but doe the access controls and service user etc. allow Apache to create things here? |
|
| Back to top |
|
Izomye
Joined: 15 Dec 2016
Posts: 17
Location: Hammerfest
|
| Posted: Tue 05 Sep '17 16:26 Post subject: |
|
|
The Apacheserver create on the start:
with the subdirectories and files:
- accounts
- challenge
- staging
- httpd.json
- md_store.json
but not a directory "domains" and each subdirectory on this one. Apache is be allowed to create it.
I create it manually on /md/. Same Failure. |
|
| Back to top |
|
Steffen
Moderator
Joined: 15 Oct 2005
Posts: 3092
Location: Hilversum, NL, EU
|
| Posted: Thu 07 Sep '17 11:23 Post subject: |
|
|
Try to remove the /md folder and use v0.8.2
and remove the lines in httpd.conf:
MDPrivateKeys RSA 4096
MDStoreDir "X:/ABC/LetsEncrypt"
MDRenewWindow 12d
and have:
ManagedDomain example.eu www.example.eu |
|
| Back to top |
|
Izomye
Joined: 15 Dec 2016
Posts: 17
Location: Hammerfest
|
| Posted: Thu 07 Sep '17 11:52 Post subject: |
|
|
I have delete:
| Code: |
MDPrivateKeys RSA 4096
MDStoreDir "X:/ABC/LetsEncrypt"
MDRenewWindow 12d |
and set:
Same One:
| Code: | [md:error] [pid 6632:tid 400] (22)Invalid argument: md example.eu with invalid domain name: null
[md:error] [pid 6632:tid 400] (22)Invalid argument: AH10073: synching 1 mds to registry |
I will be create a vm with a clear Apache and only the module mod_md and post the results here. I need a little bit time for this one  . |
|
| Back to top |
|
Steffen
Moderator
Joined: 15 Oct 2005
Posts: 3092
Location: Hilversum, NL, EU
|
| Posted: Thu 07 Sep '17 12:03 Post subject: |
|
|
Sure you have a vhost with:
<VirtualHost *:443>
ServerName www.example.eu
ServerAlias example.eu
ps.
I suppose that you replace example.eu with a domain you own and is reachable by your apache. |
|
| Back to top |
|
Izomye
Joined: 15 Dec 2016
Posts: 17
Location: Hammerfest
|
| Posted: Thu 07 Sep '17 12:30 Post subject: |
|
|
Hi Steffen. I have found the problem!
I have for each Domain a Config File. For Domains, which is not on my server used this one:
| Code: | <VirtualHost *:80>
ServerName null
ServerAlias *
Redirect 404 /
</VirtualHost> |
If i disable this one, the module is starting. It is a vhost for blocking domainspamming.
And now. i have the following problem
| Code: |
[md:debug] [pid 6576:tid 408] mod_md.c(759): AH10070: initializing post config dry run
[md:debug] [pid 6576:tid 408] mod_md.c(246): AH10037: server seems reachable via http: (port 80->80) and reachable via https: (port 443->443)
[md:debug] [pid 6576:tid 408] mod_md.c(151): AH10041: Server www.example.eu:0 matches md www.example.eu (config www.example.eu[RDNS from server, default])
[md:debug] [pid 6576:tid 408] mod_md.c(167): AH10043: Managed Domain www.example.eu applies to vhost test.rundum-pc.eu:0
[md:debug] [pid 6576:tid 408] mod_md.c(177): AH10044: Managed Domain www.example.eu assigned server admin mailto:webmaster@example.eu
[md:debug] [pid 6576:tid 408] mod_md.c(151): AH10041: Server test.rundum-pc.eu:0 matches example.eu (config example.eu[RDNS from server, default])
[md:debug] [pid 6576:tid 408] mod_md.c(167): AH10043: Managed Domain example.eu applies to vhost www.example.eu.eu:0
[md:debug] [pid 6576:tid 408] mod_md.c(177): AH10044: Managed Domain example.eu assigned server admin mailto:aa@example.eu
[md:debug] [pid 6576:tid 408] mod_md.c(278): AH10039: Completed MD[www.example.eu, CA=https://acme-v01.api.letsencrypt.org/directory, Proto=ACME, Agreement=https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf, Drive=1, renew=1712881664]
[md:trace2] [pid 6576:tid 408] md_store_fs.c(424): loading type 1 from md/domains/example.eu/md.json
[md:debug] [pid 6576:tid 408] md_reg.c(693): sync: found 1 mds in store
[md:debug] [pid 6576:tid 408] mod_md.c(825): AH10074: 1 out of 1 mds are configured for auto-drive
[md:trace2] [pid 6576:tid 408] md_store_fs.c(424): loading type 1 from md/domains/example.eu/md.json
[md:trace2] [pid 6576:tid 408] md_store_fs.c(424): (2)No such file or directory: loading type 3 from md/domains/www.example.eu/privkey.pem
[md:trace2] [pid 6576:tid 408] md_store_fs.c(424): (2)No such file or directory: loading type 4 from md/domains/www.example.eu/pubcert.pem
[md:debug] [pid 6576:tid 408] md_reg.c(166): md{test.rundum-pc.eu}: incomplete, without private key
[md:debug] [pid 6576:tid 408] mod_md.c(697): AH10064: md(www.example.eu): state=1, driving
[md:debug] [pid 6576:tid 408] mod_md.c(718): AH10067: register md watchdog(_md_) |
Last edited by Izomye on Thu 07 Sep '17 14:39; edited 1 time in total |
|
| Back to top |
|
Steffen
Moderator
Joined: 15 Oct 2005
Posts: 3092
Location: Hilversum, NL, EU
|
| Posted: Thu 07 Sep '17 12:55 Post subject: |
|
|
I do not understand your:
<VirtualHost *:80>
ServerName null
ServerAlias *
Redirect 404 /
</VirtualHost>
Remove that ones, see no need for that.
I still see example.eu , replace it with your own domain.
Be sure you have only:
<VirtualHost *:80>
ServerName www.yourdomain.eu
ServerAlias yourdomain.eu
...
</VirtualHost>
<VirtualHost *:443>
ServerName www.yourdomain.eu
ServerAlias yourdomain.eu
SSLEngine on
...
</VirtualHost>
and in httpd.conf global:
ServerName www.yourdomain.eu
ManagedDomain yourdomain.eu www.yourdomain.eu
Be sure that yourdomain.eu is reachable from the internet !! |
|
| Back to top |
|
Izomye
Joined: 15 Dec 2016
Posts: 17
Location: Hammerfest
|
| Posted: Thu 07 Sep '17 15:52 Post subject: |
|
|
Same one. How is the module working on start?
At last time,i used lets encrypt for windows simple.
This tool create on the directory from each domain-directory a directory with the name ".well-known" and the subdir "acme-challenge". In this directory are files with the name "skjfpxykjnmvposjkfßsdfj" to validating the domain with Lets Encrypt.
How validated the module the domains? Is it this redirecting to his directory /md/ ? I has not found on the wiki to this.
Which modules i needed to this? |
|
| Back to top |
|
Izomye
Joined: 15 Dec 2016
Posts: 17
Location: Hammerfest
|
| Posted: Fri 13 Oct '17 0:55 Post subject: |
|
|
Hi there,
i would post an update about this problem.
I have updated the system to Apache 2.4.28 and mod_md 0.9.9.
With this version is all ok. The certificate was created and and Apache loaded it. The problem is solved.
With this found the following bug. If the have other certificates for domains, i must set the directive "SSLCertificateChainFile" to "SSLCACertificateFile". If they not, Apache is not starting. I think is a change on the apacheversion. |
|
| Back to top |
|
Steffen
Moderator
Joined: 15 Oct 2005
Posts: 3092
Location: Hilversum, NL, EU
|
|
| Back to top |
|
