logo
Apache Lounge
Webmasters

 

About Forum Index Downloads Search Register Log in RSS X


Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
Post new topic   Forum Index -> Third-party Modules View previous topic :: View next topic
Reply to topic   Topic: mod_md and MDNotifyCmd - failed with exit code 1
Author
EIKA



Joined: 22 Jan 2019
Posts: 43
Location: US

PostPosted: Mon 06 Jul '20 23:28    Post subject: mod_md and MDNotifyCmd - failed with exit code 1 Reply with quote

Hi all!

I am using MDNotifyCmd. Here is part of my .conf:
Code:
MDCertificateAuthority https://acme-v02.api.letsencrypt.org/directory
MDCertificateAgreement accepted
MDRenewWindow 31d
MDNotifyCmd "|bin/ssl.bat"
MDomain domaind.dom www.domaind.dom

It basically works, i.e. I am getting new LE's certs, auto-renewal, etc.

I am using MDNotifyCmd to run ssl.bat file. Batch file is relatively simple:
Code:
@ECHO OFF
powershell -command "Start-Sleep -s 0"
Net stop Apache2.4
powershell -command "Start-Sleep -s 10"
Net start Apache2.4
"C:\blat.exe" "D:\SSL.txt" -tf "D:\addr.txt" -subject "Subject" -charset windows-1251"

It stops Apache, starts Apache, and sends e-mail to a few addresses from addr.txt.

All looks very simple. And batch file works file when run manually as admin. Also, it works fine when run under Apache Windows user. Including sending emails.

But if I wait until certs renewed automatically (by MDRenewWindow), nothing happens. No emails at all. Meanwhile I see this record in Apache errog.log file:
Code:
[Wed June 27 22:10:41.012038 2020] [md:error] [pid 1920:tid 484] (20014)Internal error (specific information not available): md[domain.dom] problem[urn:org:apache:httpd:log:AH10108:] detail[MDNotifyCmd "|bin/ssl.bat" failed with exit code 1.]

I searched and found similar issue reported by Steffen (I believe he is local moderator): https://github.com/icing/mod_md/issues/146

But I see no any resolution.

Any ideas?
Back to top
icing



Joined: 22 Sep 2015
Posts: 41
Location: Münster, Germany

PostPosted: Tue 07 Jul '20 9:31    Post subject: Reply with quote

I am not a Windows export and cannot help you with this, I'm afraid.

Your batch file is run (otherwise mod_md wouild not log its exit code), but for some reason it fails.

If this were on a UNIX machine, I'd say it is unwise to stop the server from a script that has been started by the server. Because when the "parent" process exits, all children usually exit too.

There should be Windows users here that have similar setups and can help you.
Back to top
Steffen
Moderator


Joined: 15 Oct 2005
Posts: 3046
Location: Hilversum, NL, EU

PostPosted: Tue 07 Jul '20 9:59    Post subject: Reply with quote

It is also not doing a stop start ?

Why you have | in front ?
Back to top
EIKA



Joined: 22 Jan 2019
Posts: 43
Location: US

PostPosted: Tue 07 Jul '20 21:42    Post subject: Reply with quote

Steffen wrote:
It is also not doing a stop start ?

When I run in manually, it does everything including both start/stop and email sending. But when rut automatically? I don't know. Because it's not easy to notice and I don't know how force Apache to run all of these stiff. I don't like idea to wait for next renewal or changing expiration to something like 89 to enable daily renewal.

Do you have ideas how to force Apache to do that when I need?
Quote:
Why you have | in front ?

I believe that it's the same as full path to Apache dir. Because I've seen in in Apache examples and it works for other things, like logs. Anyway, I tried full paths as well. No changes sadly.
Back to top
EIKA



Joined: 22 Jan 2019
Posts: 43
Location: US

PostPosted: Tue 07 Jul '20 21:47    Post subject: Reply with quote

icing wrote:
I am not a Windows export and cannot help you with this, I'm afraid.

Hi icing! Nice to see it here.
Quote:
Your batch file is run (otherwise mod_md wouild not log its exit code), but for some reason it fails.
Totally agree.
Quote:
If this were on a UNIX machine, I'd say it is unwise to stop the server from a script that has been started by the server. Because when the "parent" process exits, all children usually exit too.

I can suppose that problem isn't here. Because it works fine in Windows. CMD.exe isn't child process and has nothing common with httpd.exe. One process runs another one and they exist separately. You can stop any one independently.
Quote:
There should be Windows users here that have similar setups and can help you.

Yep! I will waiting for and keep trying.

Anyway, really appreciate your input.
Back to top
pleo87508



Joined: 14 Apr 2021
Posts: 1
Location: USA, Santa Fe

PostPosted: Tue 27 Apr '21 19:22    Post subject: Reply with quote

What if you removed @echo off, captured all output to a log file, and reviewed the contents of log file?
Back to top
tangent
Moderator


Joined: 16 Aug 2020
Posts: 305
Location: UK

PostPosted: Tue 27 Apr '21 23:23    Post subject: Reply with quote

Are you running the Apache service under the Local System account, or your Windows Apache account?

Since your batch files run correctly interactively, under a normal user account, I'd suggest you should run the Apache service using a named service account (which has been granted Log on As a Service right). If your Windows server is part of a domain, and you're obliged to use a domain account rather than a local one, you'll also need to manage password expiry. Depending on your security policies, your domain administrators should have rules for managing domain based service accounts.
Back to top


Reply to topic   Topic: mod_md and MDNotifyCmd - failed with exit code 1 View previous topic :: View next topic
Post new topic   Forum Index -> Third-party Modules