logo
Apache Lounge
Webmasters

 


About

Forum Index Downloads Search Register Log in  RSS Apache Lounge
 


Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Apache Lounge is not sponsored.

Your donations will help to keep this site alive and well, and continuing building binaries.



Mod_md 2.0.1 strange error

 
Post new topic   Reply to topic    Apache Forum Index -> Apache third-party Modules



View previous topic :: View next topic  
Author Message
bagu



Joined: 06 Jan 2011
Posts: 148
Location: France

PostPosted: Fri 31 May '19 15:13    Post subject: Mod_md 2.0.1 strange error Reply with quote

Hello,

Since i upgrade to mod_md 2.0.1, i get these errors in logs :
Code:
[Fri May 31 15:12:07.707843 2019] [ssl:error] [pid 7580:tid 620] AH02217: ssl_stapling_init_cert: can't retrieve issuer certificate! [subject: CN=Apache Managed Domain Fallback / issuer: CN=Apache Managed Domain Fallback / serial: 67AB5A455D2E5289FE4EFBD707CB73FA361D88C7 / notbefore: May 29 19:48:11 2019 GMT / notafter: Jun 12 19:48:11 2019 GMT]
[Fri May 31 15:12:07.707843 2019] [ssl:error] [pid 7580:tid 620] AH02604: Unable to configure certificate hyze.fr:443:0 for stapling
[Fri May 31 15:12:08.264325 2019] [ssl:error] [pid 2160:tid 588] AH02217: ssl_stapling_init_cert: can't retrieve issuer certificate! [subject: CN=Apache Managed Domain Fallback / issuer: CN=Apache Managed Domain Fallback / serial: 67AB5A455D2E5289FE4EFBD707CB73FA361D88C7 / notbefore: May 29 19:48:11 2019 GMT / notafter: Jun 12 19:48:11 2019 GMT]
[Fri May 31 15:12:08.265325 2019] [ssl:error] [pid 2160:tid 588] AH02604: Unable to configure certificate hyze.fr:443:0 for stapling


Do you know how to correct this ?

Thanks.
Back to top
nono303



Joined: 20 Dec 2016
Posts: 83
Location: France, Lille

PostPosted: Fri 31 May '19 21:22    Post subject: Reply with quote

Hi Bagu,

Did not have this error with V2.0.1 upgrade and this Stapling conf:
Code:
SSLUseStapling on
SSLStaplingResponderTimeout 5
SSLStaplingReturnResponderErrors off
SSLStaplingCache shmcb:${RUN_DIR}/ssl_ocsp(128000)
MDMustStaple on

Maybe, you can open an issue at https://github.com/icing/mod_md/issues as I do when I encouter trouble...


Last edited by nono303 on Sat 01 Jun '19 9:26; edited 1 time in total
Back to top
bagu



Joined: 06 Jan 2011
Posts: 148
Location: France

PostPosted: Fri 31 May '19 22:59    Post subject: Reply with quote

I have this conf :

Code:
# OCSP Stapling, only in httpd 2.3.3 and later
SSLUseStapling          on
SSLStaplingResponderTimeout 5
SSLStaplingReturnResponderErrors off


I no idea, i will open an issue, but i prefer asking before Wink
Back to top
James Blond
Moderator


Joined: 19 Jan 2006
Posts: 6628
Location: Germany, Next to Hamburg

PostPosted: Mon 03 Jun '19 13:00    Post subject: Reply with quote

There was an error like that before see https://github.com/icing/mod_md/issues/94
Back to top
bagu



Joined: 06 Jan 2011
Posts: 148
Location: France

PostPosted: Mon 03 Jun '19 13:16    Post subject: Reply with quote

Yes, i see it, but i don't think it's the same issue.

I do not understand the whole problem described in this ticket.

I opened a new ticket with this one for reference.
Back to top
James Blond
Moderator


Joined: 19 Jan 2006
Posts: 6628
Location: Germany, Next to Hamburg

PostPosted: Mon 03 Jun '19 15:16    Post subject: Reply with quote

In the old days if was because of the missing CA cert. Do you use the fullchain cert?

e.g.
Code:
   SSLCertificateFile conf/certs/fullchain.pem
   SSLCertificateKeyFile conf/certs/privkey.pem
Back to top
bagu



Joined: 06 Jan 2011
Posts: 148
Location: France

PostPosted: Mon 03 Jun '19 20:29    Post subject: Reply with quote

Waiting the new build (2.0.2) from nono303 Wink

https://github.com/icing/mod_md/issues/125

Mr. Green
Back to top
nono303



Joined: 20 Dec 2016
Posts: 83
Location: France, Lille

PostPosted: Tue 11 Jun '19 15:38    Post subject: Reply with quote

Here we are https://github.com/nono303/mod_md/tree/v2.0.3 ^^
Back to top
bagu



Joined: 06 Jan 2011
Posts: 148
Location: France

PostPosted: Tue 11 Jun '19 17:11    Post subject: Reply with quote

Thanks a lot, everything work fine for the moment.
Back to top


Post new topic   Reply to topic    Apache Forum Index -> Apache third-party Modules
Page 1 of 1