Hi!
The problem is, that the script "mod_md_worker.sh" does not seem to get executed at all
(I have debug code in the script, and I checked using "strace"). I see no indication in
any log, that httpd has trouble executing the file, it seems to ignore it completely.
I am using httpd 2.4.37 and mod_md 1.15.7.
1.15.7 looks more like a mod_http2 version. Could you check again which mod_md
version you have?
Yes, indeed, that was the version for mod_http2. The mod_md package is
"1:2.0.8-8.module+el8.3.0+6814+67d1e611" (from RHEL8 appstream).
In a "new enough" version, there will be a file `job.json` in the domain and/or
staging folder where you can see details of the renewal attempts for that specific
MDomain. Do you see anything there?
Yes, that file is populated. I see (in chronological order, and the two
hostnames replaced by "foo" and "bar"):
"detail": "Checking staging area"
"detail": "Resetting staging area"
"detail": "Assessing current status"
"detail": "Contacting ACME server for foo at
https://acme-v02.api.letsencrypt.org/directory";
"detail": "Resetting staging for foo"
"detail": "Driving ACME protocol for renewal of foo"
"detail": "Selecting account to use for foo"
"detail": "Creating new ACME account for foo"
"detail": "Creating new order"
"detail": "Starting challenges for domains"
"detail": "Setting up challenge 'dns-01' for domain foo"
"detail": "Setting up challenge 'dns-01' for domain bar"
"detail": "Monitoring challenge status for foo"
"detail": "Monitoring challenge status for foo: domain
authorization for foo is valid"
"detail": "Monitoring challenge status for foo: domain
authorization for bar failed with state 3"
"detail": "domain authorization for bar failed with state 3"
"detail": "Monitoring challenge status for foo"
"detail": "Checking staging area"
"detail": "Assessing current status"
"detail": "Contacting ACME server for foo at
https://acme-v02.api.letsencrypt.org/directory";
"detail": "Driving ACME protocol for renewal of foo"
"detail": "Selecting account to use for foo"
"detail": "Loaded order from staging"
"detail": "Starting challenges for domains"
"detail": "Starting challenges for domains: unexpected AUTHZ
state 3 for domain bar"
"detail": "unexpected AUTHZ state 3 for domain bar"
"detail": "Starting challenges for domains"
"detail": "Checking staging area"
"detail": "Assessing current status"
"detail": "Contacting ACME server for foo at
https://acme-v02.api.letsencrypt.org/directory";
"detail": "Driving ACME protocol for renewal of foo"
"detail": "Selecting account to use for foo"
"detail": "Loaded order from staging"
"detail": "Starting challenges for domains"
"detail": "Starting challenges for domains: unexpected AUTHZ
state 3 for domain bar"
"detail": "unexpected AUTHZ state 3 for domain bar"
I guess "Setting up challenge 'dns-01' for ..." is the part where the
configured script should be executed.
I checked that user "apache" can access and run this script (using "sudo
-u apache ...", this will create the expected debug output from the
script), so I think I can rule out any permission problems.
--
Jörn Clausen
BITS - Bielefelder IT-Servicezentrum
https://www.uni-bielefeld.de/bits
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
