| Author |
|
bagu
Joined: 06 Jan 2011
Posts: 193
Location: France
|
 Posted: Fri 31 May '19 15:13 Post subject: Mod_md 2.0.1 strange error |
 |
|
Hello,
Since i upgrade to mod_md 2.0.1, i get these errors in logs :
| Code: | [Fri May 31 15:12:07.707843 2019] [ssl:error] [pid 7580:tid 620] AH02217: ssl_stapling_init_cert: can't retrieve issuer certificate! [subject: CN=Apache Managed Domain Fallback / issuer: CN=Apache Managed Domain Fallback / serial: 67AB5A455D2E5289FE4EFBD707CB73FA361D88C7 / notbefore: May 29 19:48:11 2019 GMT / notafter: Jun 12 19:48:11 2019 GMT]
[Fri May 31 15:12:07.707843 2019] [ssl:error] [pid 7580:tid 620] AH02604: Unable to configure certificate hyze.fr:443:0 for stapling
[Fri May 31 15:12:08.264325 2019] [ssl:error] [pid 2160:tid 588] AH02217: ssl_stapling_init_cert: can't retrieve issuer certificate! [subject: CN=Apache Managed Domain Fallback / issuer: CN=Apache Managed Domain Fallback / serial: 67AB5A455D2E5289FE4EFBD707CB73FA361D88C7 / notbefore: May 29 19:48:11 2019 GMT / notafter: Jun 12 19:48:11 2019 GMT]
[Fri May 31 15:12:08.265325 2019] [ssl:error] [pid 2160:tid 588] AH02604: Unable to configure certificate hyze.fr:443:0 for stapling |
Do you know how to correct this ?
Thanks. |
|
| Back to top |
|
nono303
Joined: 20 Dec 2016
Posts: 214
Location: Lille, FR, EU
|
| Posted: Fri 31 May '19 21:22 Post subject: |
|
|
Hi Bagu,
Did not have this error with V2.0.1 upgrade and this Stapling conf:
| Code: | SSLUseStapling on
SSLStaplingResponderTimeout 5
SSLStaplingReturnResponderErrors off
SSLStaplingCache shmcb:${RUN_DIR}/ssl_ocsp(128000)
MDMustStaple on |
Maybe, you can open an issue at https://github.com/icing/mod_md/issues as I do when I encouter trouble...
Last edited by nono303 on Sat 01 Jun '19 9:26; edited 1 time in total |
|
| Back to top |
|
bagu
Joined: 06 Jan 2011
Posts: 193
Location: France
|
| Posted: Fri 31 May '19 22:59 Post subject: |
|
|
I have this conf :
| Code: | # OCSP Stapling, only in httpd 2.3.3 and later
SSLUseStapling on
SSLStaplingResponderTimeout 5
SSLStaplingReturnResponderErrors off |
I no idea, i will open an issue, but i prefer asking before  |
|
| Back to top |
|
James Blond
Moderator
Joined: 19 Jan 2006
Posts: 7442
Location: EU, Germany, Next to Hamburg
|
|
| Back to top |
|
bagu
Joined: 06 Jan 2011
Posts: 193
Location: France
|
| Posted: Mon 03 Jun '19 13:16 Post subject: |
|
|
Yes, i see it, but i don't think it's the same issue.
I do not understand the whole problem described in this ticket.
I opened a new ticket with this one for reference. |
|
| Back to top |
|
James Blond
Moderator
Joined: 19 Jan 2006
Posts: 7442
Location: EU, Germany, Next to Hamburg
|
| Posted: Mon 03 Jun '19 15:16 Post subject: |
|
|
In the old days if was because of the missing CA cert. Do you use the fullchain cert?
e.g.
| Code: | SSLCertificateFile conf/certs/fullchain.pem
SSLCertificateKeyFile conf/certs/privkey.pem |
|
|
| Back to top |
|
bagu
Joined: 06 Jan 2011
Posts: 193
Location: France
|
|
| Back to top |
|
nono303
Joined: 20 Dec 2016
Posts: 214
Location: Lille, FR, EU
|
|
| Back to top |
|
bagu
Joined: 06 Jan 2011
Posts: 193
Location: France
|
| Posted: Tue 11 Jun '19 17:11 Post subject: |
|
|
| Thanks a lot, everything work fine for the moment. |
|
| Back to top |
|
