Keep Server Online
If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.
or
A donation makes a contribution towards the costs, the time and effort that's going in this site and building.
Thank You! Steffen
Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
| |
|
Topic: mod_md and MDNotifyCmd - failed with exit code 1 |
|
Author |
|
EIKA
Joined: 22 Jan 2019 Posts: 43 Location: US
|
Posted: Mon 06 Jul '20 23:28 Post subject: mod_md and MDNotifyCmd - failed with exit code 1 |
|
|
Hi all!
I am using MDNotifyCmd. Here is part of my .conf:
Code: | MDCertificateAuthority https://acme-v02.api.letsencrypt.org/directory
MDCertificateAgreement accepted
MDRenewWindow 31d
MDNotifyCmd "|bin/ssl.bat"
MDomain domaind.dom www.domaind.dom |
It basically works, i.e. I am getting new LE's certs, auto-renewal, etc.
I am using MDNotifyCmd to run ssl.bat file. Batch file is relatively simple:
Code: | @ECHO OFF
powershell -command "Start-Sleep -s 0"
Net stop Apache2.4
powershell -command "Start-Sleep -s 10"
Net start Apache2.4
"C:\blat.exe" "D:\SSL.txt" -tf "D:\addr.txt" -subject "Subject" -charset windows-1251" |
It stops Apache, starts Apache, and sends e-mail to a few addresses from addr.txt.
All looks very simple. And batch file works file when run manually as admin. Also, it works fine when run under Apache Windows user. Including sending emails.
But if I wait until certs renewed automatically (by MDRenewWindow), nothing happens. No emails at all. Meanwhile I see this record in Apache errog.log file:
Code: | [Wed June 27 22:10:41.012038 2020] [md:error] [pid 1920:tid 484] (20014)Internal error (specific information not available): md[domain.dom] problem[urn:org:apache:httpd:log:AH10108:] detail[MDNotifyCmd "|bin/ssl.bat" failed with exit code 1.] |
I searched and found similar issue reported by Steffen (I believe he is local moderator): https://github.com/icing/mod_md/issues/146
But I see no any resolution.
Any ideas? |
|
Back to top |
|
icing
Joined: 22 Sep 2015 Posts: 41 Location: Münster, Germany
|
Posted: Tue 07 Jul '20 9:31 Post subject: |
|
|
I am not a Windows export and cannot help you with this, I'm afraid.
Your batch file is run (otherwise mod_md wouild not log its exit code), but for some reason it fails.
If this were on a UNIX machine, I'd say it is unwise to stop the server from a script that has been started by the server. Because when the "parent" process exits, all children usually exit too.
There should be Windows users here that have similar setups and can help you. |
|
Back to top |
|
Steffen Moderator
Joined: 15 Oct 2005 Posts: 3094 Location: Hilversum, NL, EU
|
Posted: Tue 07 Jul '20 9:59 Post subject: |
|
|
It is also not doing a stop start ?
Why you have | in front ? |
|
Back to top |
|
EIKA
Joined: 22 Jan 2019 Posts: 43 Location: US
|
Posted: Tue 07 Jul '20 21:42 Post subject: |
|
|
Steffen wrote: | It is also not doing a stop start ?
|
When I run in manually, it does everything including both start/stop and email sending. But when rut automatically? I don't know. Because it's not easy to notice and I don't know how force Apache to run all of these stiff. I don't like idea to wait for next renewal or changing expiration to something like 89 to enable daily renewal.
Do you have ideas how to force Apache to do that when I need?
Quote: | Why you have | in front ? |
I believe that it's the same as full path to Apache dir. Because I've seen in in Apache examples and it works for other things, like logs. Anyway, I tried full paths as well. No changes sadly. |
|
Back to top |
|
EIKA
Joined: 22 Jan 2019 Posts: 43 Location: US
|
Posted: Tue 07 Jul '20 21:47 Post subject: |
|
|
icing wrote: | I am not a Windows export and cannot help you with this, I'm afraid. |
Hi icing! Nice to see it here.
Quote: | Your batch file is run (otherwise mod_md wouild not log its exit code), but for some reason it fails. | Totally agree.
Quote: | If this were on a UNIX machine, I'd say it is unwise to stop the server from a script that has been started by the server. Because when the "parent" process exits, all children usually exit too. |
I can suppose that problem isn't here. Because it works fine in Windows. CMD.exe isn't child process and has nothing common with httpd.exe. One process runs another one and they exist separately. You can stop any one independently.
Quote: | There should be Windows users here that have similar setups and can help you. |
Yep! I will waiting for and keep trying.
Anyway, really appreciate your input. |
|
Back to top |
|
pleo87508
Joined: 14 Apr 2021 Posts: 1 Location: USA, Santa Fe
|
Posted: Tue 27 Apr '21 19:22 Post subject: |
|
|
What if you removed @echo off, captured all output to a log file, and reviewed the contents of log file? |
|
Back to top |
|
tangent Moderator
Joined: 16 Aug 2020 Posts: 348 Location: UK
|
Posted: Tue 27 Apr '21 23:23 Post subject: |
|
|
Are you running the Apache service under the Local System account, or your Windows Apache account?
Since your batch files run correctly interactively, under a normal user account, I'd suggest you should run the Apache service using a named service account (which has been granted Log on As a Service right). If your Windows server is part of a domain, and you're obliged to use a domain account rather than a local one, you'll also need to manage password expiry. Depending on your security policies, your domain administrators should have rules for managing domain based service accounts. |
|
Back to top |
|
|
|
|
|
|