logo
Apache Lounge
Webmasters

 

About Forum Index Downloads Search Register Log in RSS X


Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
Post new topic   Forum Index -> Building & Member Downloads View previous topic :: View next topic
Reply to topic   Topic: mod_md 1.1.10 for 2.4.30+
Author
Steffen
Moderator


Joined: 15 Oct 2005
Posts: 3092
Location: Hilversum, NL, EU

PostPosted: Mon 19 Mar '18 12:46    Post subject: mod_md 1.1.10 for 2.4.30+ Reply with quote

mod_md version 1.1.10 (in 2.4.33 it is 1.1.8 )

Solves the ApacheLounge reported issues with 1.1.8 :

https://www.apachelounge.com/viewtopic.php?p=36633

http://www.apachelounge.com/viewtopic.php?p=36634

download : Removed

Applied fixes:

http://svn.apache.org/viewvc?view=revision&sortby=date&revision=1827180

http://svn.apache.org/viewvc?view=revision&sortby=date&revision=1827175

The ASF is not including this fix in the current 2.4.33.

Change log 1.1.10 over 1.1.8

•fixes error in renew window calculation that may lead to mod_md running
watchdog in a tight loop until actual renewal becomes necessary.
•/.well-known/acme-challenge requests that cannot be answered for hostnames
outside the configured MDs are free to be answered by other handlers. This allows
co-existance between mod_md and other ACME clients on the same server (implements PR62189).
•Removed bould check from configure. Not everone building the module needs it installed.
Fixes #76.
•Tests with boulder now need a mater revision >= 2018-01-10 or you will see failures in the
0800 tests.
•Updated with log format fixes and copyright ASF insistence from apache httpd trunk


Last edited by Steffen on Tue 20 Mar '18 17:54; edited 1 time in total
Back to top
Steffen
Moderator


Joined: 15 Oct 2005
Posts: 3092
Location: Hilversum, NL, EU

PostPosted: Tue 20 Mar '18 12:50    Post subject: Reply with quote

Still not ok with the.well-know dir :

Chrome:
This site can’t be reached
ERR_SPDY_PROTOCOL_ERROR

IE:
This page can’t be displayed


With 1.1.8 it was:

Just a Not Found
Back to top
pbhq



Joined: 17 Mar 2013
Posts: 37
Location: Germany

PostPosted: Tue 20 Mar '18 17:49    Post subject: Reply with quote

Steffen wrote:
Still not ok with the.well-know dir :


Yes, unfortunately I can confirm that.

But with Firefox, I have an interesting effect:

- I test with ftp.pbhq.com (mod_md) and have access
- I test with www.pbhq.com (LE/ACME) and sometimes I have one-time access

It basically does not work with other LE/ACME domains and WGET/IE/etc.. Well, a little strange Mr. Green
Back to top
Steffen
Moderator


Joined: 15 Oct 2005
Posts: 3092
Location: Hilversum, NL, EU

PostPosted: Tue 20 Mar '18 17:51    Post subject: Reply with quote

And the watchdog loop ?
Back to top
pbhq



Joined: 17 Mar 2013
Posts: 37
Location: Germany

PostPosted: Tue 20 Mar '18 18:00    Post subject: Reply with quote

Steffen wrote:
And the watchdog loop ?


The problem with the watchdog loop has resolved itself after a few days (2-3). No idea why ...

Next weekend, a Renew would have to queue again (per "84d" config)
Back to top
admin
Site Admin


Joined: 15 Oct 2005
Posts: 692

PostPosted: Thu 22 Mar '18 18:16    Post subject: Reply with quote

Fingers crossed.
Back to top
pbhq



Joined: 17 Mar 2013
Posts: 37
Location: Germany

PostPosted: Sun 25 Mar '18 13:28    Post subject: Reply with quote

admin wrote:
Fingers crossed.


So, yesterday was the magic day (85d) ... Mr. Green


...



...



...



...



... and the Renew per watchdog worked without any problems!

Today the server was restarted via MDNotifyCMD succesfully, but already after 23h and not after 24h (according to documentation). Ok, the error can now find another user, but not Stefan Razz Razz

What I personally do not understand with Renew, why mod_MD requests two different certificates, one yesterday (in the staging area), the other today, which is probably used. Anyway, it worked.
Back to top
admin
Site Admin


Joined: 15 Oct 2005
Posts: 692

PostPosted: Mon 26 Mar '18 15:57    Post subject: Reply with quote

So we have the first success story on windows. Was a long way.
Back to top
pbhq



Joined: 17 Mar 2013
Posts: 37
Location: Germany

PostPosted: Mon 26 Mar '18 17:31    Post subject: Reply with quote

admin wrote:
So we have the first success story on windows. Was a long way.


But actually Peanuts, if I see against it, how to restart the Apache with MDNotifyCMD under Windows .

The short version: In the absence of the lack of rights of the Apache service, this just does not work, even with the usual tricks for extending the rights.

For me, the restart works, but here are 3 accounts involved. Razz
Back to top
bagu



Joined: 06 Jan 2011
Posts: 193
Location: France

PostPosted: Tue 27 Mar '18 10:05    Post subject: Reply with quote

I use this :

Code:
@ECHO OFF

:: On execute les commandes en administateur

REM  -->  Verification des permissions
>nul 2>&1 "%SYSTEMROOT%\system32\cacls.exe" "%SYSTEMROOT%\system32\config\system"

REM --> Erreur vous ne possedez pas les droits admin
if '%errorlevel%' NEQ '0' (
echo Verification des privileges administrateur
goto UACPrompt
) else ( goto gotAdmin )

:UACPrompt
echo Set UAC = CreateObject^("Shell.Application"^) > "%temp%\getadmin.vbs"
set params = %*:"="
echo UAC.ShellExecute "%~s0", "%params%", "", "runas", 1 >> "%temp%\getadmin.vbs"

"%temp%\getadmin.vbs"
exit /B

:gotAdmin
if exist "%temp%\getadmin.vbs" ( del "%temp%\getadmin.vbs" )
pushd "%CD%"
CD /D "%~dp0"

Net stop Apache2.4

REM kill eventually zombie php-cgi.exe's when you run php with mod_fcgid
taskkill /F /T /IM php-cgi*

Net start Apache2.4


To restart apache with admin rights.
Back to top
pbhq



Joined: 17 Mar 2013
Posts: 37
Location: Germany

PostPosted: Sun 01 Apr '18 17:04    Post subject: Reply with quote

bagu wrote:
I use this :

goto UACPrompt


I'm talking about the automatic restart of Apache from the MDNotifyCMD function. This does not work because the necessary rights are missing as a service and these rights can not be acquired with the usual tricks (RunAs, SCHTASKS.etc.) Wink
Back to top
bagu



Joined: 06 Jan 2011
Posts: 193
Location: France

PostPosted: Mon 02 Apr '18 21:55    Post subject: Reply with quote

MDNotifyCMD function launch the .bat wich have the code i wrote. (which restart apache with admin right and bypass UAC promt with my config of UAC)

With this solution, apache restart well on my server.
Maybe i don't understand what you expect.
Back to top


Reply to topic   Topic: mod_md 1.1.10 for 2.4.30+ View previous topic :: View next topic
Post new topic   Forum Index -> Building & Member Downloads