logo
Apache Lounge
Webmasters

 


About

Forum Index Downloads Search Register Log in  RSS Apache Lounge
 



Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Apache Lounge is not sponsored.

Your donations will help to keep this site alive and well, and continuing building binaries.



Lets Encrypt Module mod_md "Invalid Domain Name"

 
Post new topic   Reply to topic    Apache Forum Index -> Apache third-party Modules



View previous topic :: View next topic  
Author Message
Izomye



Joined: 15 Dec 2016
Posts: 17
Location: Hammerfest

PostPosted: Mon 04 Sep '17 2:34    Post subject: Lets Encrypt Module mod_md "Invalid Domain Name" Reply with quote

Hi,

i have intalled the Apache Module for Lets Encrypt, but if starting my Apache i get the error:

Code:
AH00016: Configuration Failed
[Mon Sep 04 01:55:35.014620 2017] [md:error] [pid 1820:tid 400] (22)Invalid argument: md www.example.eu with invalid domain name: null
[Mon Sep 04 01:55:35.015620 2017] [md:error] [pid 1820:tid 400] (22)Invalid argument: AH10073: synching 1 mds to registry
AH00016: Configuration Failed


The Parameter on httpd.conf for mod_md:


Code:

ServerAdmin mailto:abc@example.eu
MDCertificateAgreement https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf
MDPrivateKeys RSA 4096
MDStoreDir "X:/ABC/LetsEncrypt"
MDRenewWindow 12d


and for the domain:

ManagedDomain: www.example.eu

Code:
<VirtualHost *:443>
ServerName www.example.eu
ServerAlias example.eu
DocumentRoot "X:/ABC"
SSLEngine on
Header always set Strict-Transport-Security "max-age=69072000; preload"
H2Direct on
</VirtualHost>


Have anyone a idea what is the reason for this one?
Back to top
Steffen
Moderator


Joined: 15 Oct 2005
Posts: 2580
Location: Hilversum, NL, EU

PostPosted: Mon 04 Sep '17 7:35    Post subject: Reply with quote

Try to remove the ":" from ManagedDomain:
Back to top
icing



Joined: 22 Sep 2015
Posts: 38
Location: Münster, Germany

PostPosted: Mon 04 Sep '17 10:34    Post subject: Reply with quote

Yeah, the config line with 'ManagedDomain' would be interesting.
Back to top
Izomye



Joined: 15 Dec 2016
Posts: 17
Location: Hammerfest

PostPosted: Mon 04 Sep '17 22:23    Post subject: Reply with quote

Oh sorry, this was a postingfailure. This is the config of the domain (With this one, i get the error):

Code:

ManagedDomain www.example.eu

<VirtualHost *:443>
ServerName www.example.eu
ServerAlias example.eu
DocumentRoot "X:/ABC"
SSLEngine on
Header always set Strict-Transport-Security "max-age=69072000; preload"
H2Direct on
</VirtualHost>
Back to top
icing



Joined: 22 Sep 2015
Posts: 38
Location: Münster, Germany

PostPosted: Tue 05 Sep '17 10:37    Post subject: Reply with quote

Thanks! However that runs here on our test servers without errors.

How does your store look? See <server-root/md/domains. There should be a directory 'www.example.eu'. What does it contain? How about <server-root/md/staging?

It would be interesting to learn what the behaviour is if you move the store aside and restart. Will it run into the same problem again? Then it would be interesting to learn what the 'md.json' files look like.
Back to top
Izomye



Joined: 15 Dec 2016
Posts: 17
Location: Hammerfest

PostPosted: Tue 05 Sep '17 12:07    Post subject: Reply with quote

Quote:
How does your store look? See <server-root/md/domains


This directory isnt subsisted on both (with an without MDStore

Quote:
How about <server-root/md/staging?


This directory is subsisted on both variants, but empty.

For Testing, i have created the following one:

Code:

ManagedDomain test.example.eu

<VirtualHost *:80>
ServerName test.example.eu
ServerAlias wch.example.eu
DocumentRoot "X:/ABC/"
</VirtualHost>

<VirtualHost *:443>
ServerName test.example.eu
ServerAlias wch.example.eu
DocumentRoot "X:/ABC/"
SSLEngine on
Header always set Strict-Transport-Security "max-age=63072000; preload"
H2Direct on
</VirtualHost>


I have the problem with both methods of (with an without MDStore)

On the storedir give it two files a htpd.json and a md.json.

The content of the httpd.json:

Code:

{
  "proto": {
    "http": true,
    "https": true
  }
}


and of the md.json:

Code:
{
  "version": "0.8.1-git",
  "store": {
    "version": 2.0
  },
  "key": "Bvr9RSnj9hIUS3tiweaxd7Im4KnBMF6ztZXe1-Jl"
}


(Its a randomkey from a generator of me. Is not the original key of the tool which is created)

The modules where is loading from Apache:

Code:

LoadModule md_module modules/mod_md.so
LoadModule watchdog_module modules/mod_watchdog.so
LoadModule access_compat_module modules/mod_access_compat.so
LoadModule actions_module modules/mod_actions.so
LoadModule alias_module modules/mod_alias.so
LoadModule allowmethods_module modules/mod_allowmethods.so
LoadModule asis_module modules/mod_asis.so
LoadModule authn_core_module modules/mod_authn_core.so
LoadModule authn_file_module modules/mod_authn_file.so
LoadModule authz_core_module modules/mod_authz_core.so
LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule authz_user_module modules/mod_authz_user.so
LoadModule deflate_module modules/mod_deflate.so
LoadModule dir_module modules/mod_dir.so
LoadModule env_module modules/mod_env.so
LoadModule filter_module modules/mod_filter.so
LoadModule http2_module modules/mod_http2.so
LoadModule headers_module modules/mod_headers.so
LoadModule include_module modules/mod_include.so
LoadModule isapi_module modules/mod_isapi.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule mime_module modules/mod_mime.so
LoadModule negotiation_module modules/mod_negotiation.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
LoadModule ssl_module modules/mod_ssl.so
LoadModule unique_id_module modules/mod_unique_id.so
Back to top
icing



Joined: 22 Sep 2015
Posts: 38
Location: Münster, Germany

PostPosted: Tue 05 Sep '17 14:42    Post subject: Reply with quote

Quote:

How does your store look? See <server-root/md/domains

This directory isnt subsisted on both (with an without MDStore


This directory *has* to exist. In it there is a sub-directory for each of your ManagedDomains. Not a Windows expert. but doe the access controls and service user etc. allow Apache to create things here?
Back to top
Izomye



Joined: 15 Dec 2016
Posts: 17
Location: Hammerfest

PostPosted: Tue 05 Sep '17 16:26    Post subject: Reply with quote

The Apacheserver create on the start:


Code:
<server-root/md/>


with the subdirectories and files:

- accounts
- challenge
- staging
- httpd.json
- md_store.json

but not a directory "domains" and each subdirectory on this one. Apache is be allowed to create it.

I create it manually on /md/. Same Failure.
Back to top
Steffen
Moderator


Joined: 15 Oct 2005
Posts: 2580
Location: Hilversum, NL, EU

PostPosted: Thu 07 Sep '17 11:23    Post subject: Reply with quote

Try to remove the /md folder and use v0.8.2

and remove the lines in httpd.conf:

MDPrivateKeys RSA 4096
MDStoreDir "X:/ABC/LetsEncrypt"
MDRenewWindow 12d

and have:

ManagedDomain example.eu www.example.eu
Back to top
Izomye



Joined: 15 Dec 2016
Posts: 17
Location: Hammerfest

PostPosted: Thu 07 Sep '17 11:52    Post subject: Reply with quote

I have delete:
Code:

MDPrivateKeys RSA 4096
MDStoreDir "X:/ABC/LetsEncrypt"
MDRenewWindow 12d


and set:

Code:
ManagedDomain example.eu www.example.eu


Same One:

Code:
[md:error] [pid 6632:tid 400] (22)Invalid argument: md example.eu with invalid domain name: null
[md:error] [pid 6632:tid 400] (22)Invalid argument: AH10073: synching 1 mds to registry


I will be create a vm with a clear Apache and only the module mod_md and post the results here. I need a little bit time for this one Smile.
Back to top
Steffen
Moderator


Joined: 15 Oct 2005
Posts: 2580
Location: Hilversum, NL, EU

PostPosted: Thu 07 Sep '17 12:03    Post subject: Reply with quote

Sure you have a vhost with:

<VirtualHost *:443>
ServerName www.example.eu
ServerAlias example.eu

ps.
I suppose that you replace example.eu with a domain you own and is reachable by your apache.
Back to top
Izomye



Joined: 15 Dec 2016
Posts: 17
Location: Hammerfest

PostPosted: Thu 07 Sep '17 12:30    Post subject: Reply with quote

Hi Steffen. I have found the problem!

I have for each Domain a Config File. For Domains, which is not on my server used this one:

Code:
<VirtualHost *:80>
     ServerName null
     ServerAlias *
     Redirect 404 /
</VirtualHost>


If i disable this one, the module is starting. It is a vhost for blocking domainspamming.

And now. i have the following problem
Crying or Very sad
Code:

[md:debug] [pid 6576:tid 408] mod_md.c(759): AH10070: initializing post config dry run
[md:debug] [pid 6576:tid 408] mod_md.c(246): AH10037: server seems reachable via http: (port 80->80) and reachable via https: (port 443->443)
[md:debug] [pid 6576:tid 408] mod_md.c(151): AH10041: Server www.example.eu:0 matches md www.example.eu (config www.example.eu[RDNS from server, default])
[md:debug] [pid 6576:tid 408] mod_md.c(167): AH10043: Managed Domain www.example.eu applies to vhost test.rundum-pc.eu:0
[md:debug] [pid 6576:tid 408] mod_md.c(177): AH10044: Managed Domain www.example.eu assigned server admin mailto:webmaster@example.eu
[md:debug] [pid 6576:tid 408] mod_md.c(151): AH10041: Server test.rundum-pc.eu:0 matches example.eu (config example.eu[RDNS from server, default])
[md:debug] [pid 6576:tid 408] mod_md.c(167): AH10043: Managed Domain example.eu applies to vhost www.example.eu.eu:0
[md:debug] [pid 6576:tid 408] mod_md.c(177): AH10044: Managed Domain example.eu assigned server admin mailto:aa@example.eu
[md:debug] [pid 6576:tid 408] mod_md.c(278): AH10039: Completed MD[www.example.eu, CA=https://acme-v01.api.letsencrypt.org/directory, Proto=ACME, Agreement=https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf, Drive=1, renew=1712881664]
[md:trace2] [pid 6576:tid 408] md_store_fs.c(424): loading type 1 from md/domains/example.eu/md.json
[md:debug] [pid 6576:tid 408] md_reg.c(693): sync: found 1 mds in store
[md:debug] [pid 6576:tid 408] mod_md.c(825): AH10074: 1 out of 1 mds are configured for auto-drive
[md:trace2] [pid 6576:tid 408] md_store_fs.c(424): loading type 1 from md/domains/example.eu/md.json
[md:trace2] [pid 6576:tid 408] md_store_fs.c(424): (2)No such file or directory: loading type 3 from md/domains/www.example.eu/privkey.pem
[md:trace2] [pid 6576:tid 408] md_store_fs.c(424): (2)No such file or directory: loading type 4 from md/domains/www.example.eu/pubcert.pem
[md:debug] [pid 6576:tid 408] md_reg.c(166): md{test.rundum-pc.eu}: incomplete, without private key
[md:debug] [pid 6576:tid 408] mod_md.c(697): AH10064: md(www.example.eu): state=1, driving
[md:debug] [pid 6576:tid 408] mod_md.c(718): AH10067: register md watchdog(_md_)


Last edited by Izomye on Thu 07 Sep '17 14:39; edited 1 time in total
Back to top
Steffen
Moderator


Joined: 15 Oct 2005
Posts: 2580
Location: Hilversum, NL, EU

PostPosted: Thu 07 Sep '17 12:55    Post subject: Reply with quote

I do not understand your:

<VirtualHost *:80>
ServerName null
ServerAlias *
Redirect 404 /
</VirtualHost>

Remove that ones, see no need for that.


I still see example.eu , replace it with your own domain.

Be sure you have only:

<VirtualHost *:80>
ServerName www.yourdomain.eu
ServerAlias yourdomain.eu
...
</VirtualHost>

<VirtualHost *:443>
ServerName www.yourdomain.eu
ServerAlias yourdomain.eu
SSLEngine on
...
</VirtualHost>

and in httpd.conf global:

ServerName www.yourdomain.eu
ManagedDomain yourdomain.eu www.yourdomain.eu


Be sure that yourdomain.eu is reachable from the internet !!
Back to top
Izomye



Joined: 15 Dec 2016
Posts: 17
Location: Hammerfest

PostPosted: Thu 07 Sep '17 15:52    Post subject: Reply with quote

Same one. How is the module working on start?

At last time,i used lets encrypt for windows simple.
This tool create on the directory from each domain-directory a directory with the name ".well-known" and the subdir "acme-challenge". In this directory are files with the name "skjfpxykjnmvposjkfsdfj" to validating the domain with Lets Encrypt.

How validated the module the domains? Is it this redirecting to his directory /md/ ? I has not found on the wiki to this.

Which modules i needed to this?
Back to top
Izomye



Joined: 15 Dec 2016
Posts: 17
Location: Hammerfest

PostPosted: Fri 13 Oct '17 0:55    Post subject: Reply with quote

Hi there,

i would post an update about this problem.

I have updated the system to Apache 2.4.28 and mod_md 0.9.9.
With this version is all ok. The certificate was created and and Apache loaded it. The problem is solved.

With this found the following bug. If the have other certificates for domains, i must set the directive "SSLCertificateChainFile" to "SSLCACertificateFile". If they not, Apache is not starting. I think is a change on the apacheversion.
Back to top
Steffen
Moderator


Joined: 15 Oct 2005
Posts: 2580
Location: Hilversum, NL, EU

PostPosted: Fri 13 Oct '17 9:46    Post subject: Reply with quote

SSLCertificateChainFile became obsolete with version 2.4.8, when SSLCertificateFile was extended to also load intermediate CA certificates from the server certificate file.

See https://httpd.apache.org/docs/2.4/mod/mod_ssl.html#sslcertificatechainfile
Back to top


Post new topic   Reply to topic    Apache Forum Index -> Apache third-party Modules
Page 1 of 1