Hi!
The problem is, that the script "mod_md_worker.sh" does not seem to get executed at all (I have debug code in the script, and I checked using "strace"). I see no indication in any log, that httpd has trouble executing the file, it seems to ignore it completely. I am using httpd 2.4.37 and mod_md 1.15.7.1.15.7 looks more like a mod_http2 version. Could you check again which mod_md version you have?
Yes, indeed, that was the version for mod_http2. The mod_md package is "1:2.0.8-8.module+el8.3.0+6814+67d1e611" (from RHEL8 appstream).
In a "new enough" version, there will be a file `job.json` in the domain and/or staging folder where you can see details of the renewal attempts for that specific MDomain. Do you see anything there?
Yes, that file is populated. I see (in chronological order, and the two hostnames replaced by "foo" and "bar"):
"detail": "Checking staging area"
"detail": "Resetting staging area"
"detail": "Assessing current status"
"detail": "Contacting ACME server for foo at
https://acme-v02.api.letsencrypt.org/directory";
"detail": "Resetting staging for foo"
"detail": "Driving ACME protocol for renewal of foo"
"detail": "Selecting account to use for foo"
"detail": "Creating new ACME account for foo"
"detail": "Creating new order"
"detail": "Starting challenges for domains"
"detail": "Setting up challenge 'dns-01' for domain foo"
"detail": "Setting up challenge 'dns-01' for domain bar"
"detail": "Monitoring challenge status for foo"
"detail": "Monitoring challenge status for foo: domain
authorization for foo is valid"
"detail": "Monitoring challenge status for foo: domain
authorization for bar failed with state 3"
"detail": "domain authorization for bar failed with state 3"
"detail": "Monitoring challenge status for foo"
"detail": "Checking staging area"
"detail": "Assessing current status"
"detail": "Contacting ACME server for foo at
https://acme-v02.api.letsencrypt.org/directory";
"detail": "Driving ACME protocol for renewal of foo"
"detail": "Selecting account to use for foo"
"detail": "Loaded order from staging"
"detail": "Starting challenges for domains"
"detail": "Starting challenges for domains: unexpected AUTHZ
state 3 for domain bar"
"detail": "unexpected AUTHZ state 3 for domain bar"
"detail": "Starting challenges for domains"
"detail": "Checking staging area"
"detail": "Assessing current status"
"detail": "Contacting ACME server for foo at
https://acme-v02.api.letsencrypt.org/directory";
"detail": "Driving ACME protocol for renewal of foo"
"detail": "Selecting account to use for foo"
"detail": "Loaded order from staging"
"detail": "Starting challenges for domains"
"detail": "Starting challenges for domains: unexpected AUTHZ
state 3 for domain bar"
"detail": "unexpected AUTHZ state 3 for domain bar"
I guess "Setting up challenge 'dns-01' for ..." is the part where the
configured script should be executed.
I checked that user "apache" can access and run this script (using "sudo -u apache ...", this will create the expected debug output from the script), so I think I can rule out any permission problems.
-- Jörn Clausen BITS - Bielefelder IT-Servicezentrum https://www.uni-bielefeld.de/bits --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|