I'm trying to use mod_md (httpd 2.4 on CentOS 8) and, when trying to
ceate a certificate, it complains it cannot write onto the disk (at
least that's what I understand).
I cannot find any permission problems in /var/log/audit/audit.log,
/var/log/messages, nor "journalctl -xe".
All connections to LetsEncrypt are correct and the certificate is, I
think, generated.
I have the following errors:
[md:error] (20014)Internal error (specific information not available):
AH10056: processing mysite.mycompany.com: Unable to retrive certificate
chain.
[...]
[md:trace1] (1)Operation not permitted: mysite.mycompany.com: saving job
props
ls -alZ /var/run/httpd/md/:
> drwxr-xr-x. 6 root apache system_u:object_r:httpd_var_run_t:s0
120 Jun 21 11:17 staging
Same permissions for all files in it, like staging/mysite.mycompany.com/
md.json
In case it matters, the site is chrooted and /var/run/httpd/md points to
the one in the chroot with exactly the same permissions.
Does anybody see where I could look for more info?
Thanks a lot
Here is the complete relevant part of the error log, in full debug:
[2021-06-21 11:17:50.488908] [md:trace1] [pid 424510:tid
140357450503936] request --> POST
https://acme-v02.api.letsencrypt.org/acme/new-acct
* Trying 172.65.32.248...
* TCP_NODELAY set
* Connected to acme-v02.api.letsencrypt.org (172.65.32.248) port 443 (#0)
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN, server accepted to use http/1.1
* Server certificate:
* subject: CN=acme-v01.api.letsencrypt.org
* start date: Jun 3 22:30:18 2021 GMT
* expire date: Sep 1 22:30:18 2021 GMT
* subjectAltName: host "acme-v02.api.letsencrypt.org" matched cert's
"acme-v02.api.letsencrypt.org"
* issuer: C=US; O=Let's Encrypt; CN=R3
* SSL certificate verify ok.
> POST /acme/new-acct HTTP/1.1
Host: acme-v02.api.letsencrypt.org
User-Agent: Apache/2.4.37 mod_md/2.0.8-git
Accept: */*
Content-Type: application/jose+json
Content-Length: 1574
Expect: 100-continue
< HTTP/1.1 100 Continue
< HTTP/1.1 201 Created
< Server: nginx
< Date: Mon, 21 Jun 2021 09:17:51 GMT
< Content-Type: application/json
< Content-Length: 733
< Connection: keep-alive
< Boulder-Requester: 127753501
< Cache-Control: public, max-age=0, no-cache
< Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
< Link:
<https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf>;rel="terms-of-service"
< Location: https://acme-v02.api.letsencrypt.org/acme/acct/127753501
< Replay-Nonce: 0003IWS9CGYrN6SxjrANpXAuvvX0NUfJt6pPqwOxm-qzPVs
< X-Frame-Options: DENY
< Strict-Transport-Security: max-age=604800
<
* Connection #0 to host acme-v02.api.letsencrypt.org left intact
[2021-06-21 11:17:51.275576] [md:trace1] [pid 424510:tid
140357450503936] request <-- 201
[2021-06-21 11:17:51.275611] [md:trace1] [pid 424510:tid
140357450503936] response: 201
[2021-06-21 11:17:51.275764] [md:trace2] [pid 424510:tid
140357450503936] response: {\n "key": {\n "kty": "RSA",\n "n":
"mn-82COwom_LwiMH_U75P7vNZpFHXEkWwDdnZI500p_9PvPwZscmu1gQQ489F8a1FhrY3iBShBN-m3kb8KRLAZ7WXwBExHLbwr9ZOrVl44ivrey0L6do7L4S3ZYhcGgKXgDmFT66vSN-Hl315AY8eVDhekRAzIYj0qh3KNYPbkn_zJJlWHOO805jUbXC21WE-02kvZ9bAhbx3L8qSmhz1E8ScrUIXpZ128lefH66YlUCAmAkbtBlsg4eMN2h_SR4U4UPRzp--2Echf7GGYMYwkLgcP-KQNZT5bnPHEByB7YvBGdic-sZ9lWYWsZGBPO-ircJqqn5hCrOfPuc0iDotF3WM0H-BkVJ9nhhII2VXnNV6jjmz1xcuIU-zcctic8iTbONmlusRY_dkzXwutm63RclnZ_SLthF51geqbdL-2_4J4wWklu6SXhidNQvg-r0PuqhZTBgan_MZ3zrqcQJfEUpqMy2IOWnNbaKRA2emwA9K3_Je73RYdOvkE9aOKJx",\n
"e": "AQAB"\n },\n "contact": [\n "mailto:dnsmas...@idloom.com"\n
],\n "initialIp": "86.39.202.101",\n "createdAt":
"2021-06-21T09:17:51.197951792Z",\n "status": "valid"\n}
[2021-06-21 11:17:51.275864] [md:debug] [pid 424510:tid 140357450503936]
updated acct https://acme-v02.api.letsencrypt.org/acme/acct/127753501
[2021-06-21 11:17:51.277869] [md:debug] [pid 424510:tid 140357450503936]
req sent
[2021-06-21 11:17:51.277898] [md:info] [pid 424510:tid 140357450503936]
registered new account
https://acme-v02.api.letsencrypt.org/acme/acct/127753501
[2021-06-21 11:17:51.277975] [md:trace3] [pid 424510:tid
140357450503936] mk_group_dir /var/run/httpd/md/staging perm set
[2021-06-21 11:17:51.277985] [md:trace3] [pid 424510:tid
140357450503936] mk_group_dir 4 (null)
[2021-06-21 11:17:51.278004] [md:debug] [pid 424510:tid 140357450503936]
md[mysite.mycompany.com] while[Creating new ACME account for
mysite.mycompany.com]
[2021-06-21 11:17:51.278027] [md:info] [pid 424510:tid 140357450503936]
mysite.mycompany.com: retrieving certificate chain
[2021-06-21 11:17:51.278036] [md:error] [pid 424510:tid 140357450503936]
(20014)Internal error (specific information not available):
mysite.mycompany.com: asked to retrieve chain, but no order in context
[2021-06-21 11:17:51.278057] [md:debug] [pid 424510:tid 140357450503936]
(20014)Internal error (specific information not available):
md[mysite.mycompany.com] while[Retrieving certificate chain for
mysite.mycompany.com] detail[Unable to retrive certificate chain.]
[2021-06-21 11:17:51.278067] [md:debug] [pid 424510:tid 140357450503936]
(20014)Internal error (specific information not available):
mysite.mycompany.com: staging done
[2021-06-21 11:17:51.278081] [md:error] [pid 424510:tid 140357450503936]
(20014)Internal error (specific information not available): AH10056:
processing mysite.mycompany.com: Unable to retrive certificate chain.
[2021-06-21 11:17:51.278094] [md:trace1] [pid 424510:tid
140357450503936] md(mysite.mycompany.com): check expiration
[2021-06-21 11:17:51.278120] [md:info] [pid 424510:tid 140357450503936]
AH10057: mysite.mycompany.com: encountered error for the 1. time, next
run in 04 seconds
[2021-06-21 11:17:51.278158] [md:trace3] [pid 424510:tid
140357450503936] mk_group_dir /var/run/httpd/md/staging perm set
[2021-06-21 11:17:51.278167] [md:trace3] [pid 424510:tid
140357450503936] mk_group_dir 4 (null)
[2021-06-21 11:17:51.278174] [md:trace1] [pid 424510:tid
140357450503936] (1)Operation not permitted: mysite.mycompany.com:
saving job props
[2021-06-21 11:17:51.278188] [md:debug] [pid 424510:tid 140357450503936]
AH10107: next run in 04 seconds
[2021-06-21 11:17:56.289509] [md:debug] [pid 424510:tid 140357450503936]
AH10055: md watchdog run, auto drive 1 mds
[2021-06-21 11:17:56.289624] [md:trace3] [pid 424510:tid
140357450503936] (2)No such file or directory: loading type 1 from
/var/run/httpd/md/staging/mysite.mycompany.com/job.json
[2021-06-21 11:17:56.289665] [md:debug] [pid 424510:tid 140357450503936]
AH10052: md(mysite.mycompany.com): state=1, driving
[2021-06-21 11:17:56.289709] [md:trace1] [pid 424510:tid
140357450503936] mysite.mycompany.com: init driver
[2021-06-21 11:17:56.289719] [md:debug] [pid 424510:tid 140357450503936]
mysite.mycompany.com: init done
[2021-06-21 11:17:56.289727] [md:debug] [pid 424510:tid 140357450503936]
mysite.mycompany.com: run staging
[2021-06-21 11:17:56.289737] [md:debug] [pid 424510:tid 140357450503936]
mysite.mycompany.com: staging started, state=1, can_http=0, can_https=1,
challenges='tls-alpn-01'
[2021-06-21 11:17:56.289926] [md:trace3] [pid 424510:tid
140357450503936] loading type 1 from
/var/run/httpd/md/staging/mysite.mycompany.com/md.json
[2021-06-21 11:17:56.290003] [md:debug] [pid 424510:tid 140357450503936]
get directory from https://acme-v02.api.letsencrypt.org/directory
[2021-06-21 11:17:56.290937] [md:trace1] [pid 424510:tid
140357450503936] request --> GET
https://acme-v02.api.letsencrypt.org/directory
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org