Hello!
I would advise the following:
- configure 'LogLevel md:trace2' to see all the details the module does until
you have analyzed it
- remove the "staging/foo+bar" folder with the failed attempt
- reload your server
mod_md will pick up that foo+bar needs renewal and you will see in the log when
your script is called and what it returned.
Whoa, that helped a lot :)
Okay, let's take this one step at a time:
- Indeed, the shell script is called and actually does the right thing.
I wasn't aware that httpd has it's private /tmp and /var/tmp, so I
couldn't find the expected files.
- And indeed, on very rare occasions, the process finished and I
received a valid certificate. At the moment, I have problems that Let's
Encrypt does not register the update of the DNS record. As soon as I
stop one request and start a new one, Let's Encrypt sees the DNS entries
of the previous try. This might be a problem with TTLs on our side, I'll
have to investigate more.
- In the rare case, where registering the certificate succeeded, I could
see in the logs something about "teardown", but I couldn't find any hint
that the script was actually called to remove the TXT entry. I.e. I find
entries like
dns-01 setup command: /data/acme/mod_md_worker.sh setup ...
but entries like
order teardown setup dns-01:...
where not followed by an actual call to the script.
Thanks so far for the help!
Joern
--
Jörn Clausen
BITS - Bielefelder IT-Servicezentrum
https://www.uni-bielefeld.de/bits
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
