logo
Apache Lounge
Webmasters

 

About Forum Index Downloads Search Register Log in RSS X


Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
Post new topic   Forum Index -> Third-party Modules View previous topic :: View next topic
Reply to topic   Topic: Mod_md 2.0.1 strange error
Author
bagu



Joined: 06 Jan 2011
Posts: 187
Location: France

PostPosted: Fri 31 May '19 15:13    Post subject: Mod_md 2.0.1 strange error Reply with quote

Hello,

Since i upgrade to mod_md 2.0.1, i get these errors in logs :
Code:
[Fri May 31 15:12:07.707843 2019] [ssl:error] [pid 7580:tid 620] AH02217: ssl_stapling_init_cert: can't retrieve issuer certificate! [subject: CN=Apache Managed Domain Fallback / issuer: CN=Apache Managed Domain Fallback / serial: 67AB5A455D2E5289FE4EFBD707CB73FA361D88C7 / notbefore: May 29 19:48:11 2019 GMT / notafter: Jun 12 19:48:11 2019 GMT]
[Fri May 31 15:12:07.707843 2019] [ssl:error] [pid 7580:tid 620] AH02604: Unable to configure certificate hyze.fr:443:0 for stapling
[Fri May 31 15:12:08.264325 2019] [ssl:error] [pid 2160:tid 588] AH02217: ssl_stapling_init_cert: can't retrieve issuer certificate! [subject: CN=Apache Managed Domain Fallback / issuer: CN=Apache Managed Domain Fallback / serial: 67AB5A455D2E5289FE4EFBD707CB73FA361D88C7 / notbefore: May 29 19:48:11 2019 GMT / notafter: Jun 12 19:48:11 2019 GMT]
[Fri May 31 15:12:08.265325 2019] [ssl:error] [pid 2160:tid 588] AH02604: Unable to configure certificate hyze.fr:443:0 for stapling


Do you know how to correct this ?

Thanks.
Back to top
nono303



Joined: 20 Dec 2016
Posts: 191
Location: Lille, FR, EU

PostPosted: Fri 31 May '19 21:22    Post subject: Reply with quote

Hi Bagu,

Did not have this error with V2.0.1 upgrade and this Stapling conf:
Code:
SSLUseStapling on
SSLStaplingResponderTimeout 5
SSLStaplingReturnResponderErrors off
SSLStaplingCache shmcb:${RUN_DIR}/ssl_ocsp(128000)
MDMustStaple on

Maybe, you can open an issue at https://github.com/icing/mod_md/issues as I do when I encouter trouble...


Last edited by nono303 on Sat 01 Jun '19 9:26; edited 1 time in total
Back to top
bagu



Joined: 06 Jan 2011
Posts: 187
Location: France

PostPosted: Fri 31 May '19 22:59    Post subject: Reply with quote

I have this conf :

Code:
# OCSP Stapling, only in httpd 2.3.3 and later
SSLUseStapling          on
SSLStaplingResponderTimeout 5
SSLStaplingReturnResponderErrors off


I no idea, i will open an issue, but i prefer asking before Wink
Back to top
James Blond
Moderator


Joined: 19 Jan 2006
Posts: 7288
Location: Germany, Next to Hamburg

PostPosted: Mon 03 Jun '19 13:00    Post subject: Reply with quote

There was an error like that before see https://github.com/icing/mod_md/issues/94
Back to top
bagu



Joined: 06 Jan 2011
Posts: 187
Location: France

PostPosted: Mon 03 Jun '19 13:16    Post subject: Reply with quote

Yes, i see it, but i don't think it's the same issue.

I do not understand the whole problem described in this ticket.

I opened a new ticket with this one for reference.
Back to top
James Blond
Moderator


Joined: 19 Jan 2006
Posts: 7288
Location: Germany, Next to Hamburg

PostPosted: Mon 03 Jun '19 15:16    Post subject: Reply with quote

In the old days if was because of the missing CA cert. Do you use the fullchain cert?

e.g.
Code:
   SSLCertificateFile conf/certs/fullchain.pem
   SSLCertificateKeyFile conf/certs/privkey.pem
Back to top
bagu



Joined: 06 Jan 2011
Posts: 187
Location: France

PostPosted: Mon 03 Jun '19 20:29    Post subject: Reply with quote

Waiting the new build (2.0.2) from nono303 Wink

https://github.com/icing/mod_md/issues/125

Mr. Green
Back to top
nono303



Joined: 20 Dec 2016
Posts: 191
Location: Lille, FR, EU

PostPosted: Tue 11 Jun '19 15:38    Post subject: Reply with quote

Here we are https://github.com/nono303/mod_md/tree/v2.0.3 ^^
Back to top
bagu



Joined: 06 Jan 2011
Posts: 187
Location: France

PostPosted: Tue 11 Jun '19 17:11    Post subject: Reply with quote

Thanks a lot, everything work fine for the moment.
Back to top


Reply to topic   Topic: Mod_md 2.0.1 strange error View previous topic :: View next topic
Post new topic   Forum Index -> Third-party Modules