Hello!
I would advise the following: - configure 'LogLevel md:trace2' to see all the details the module does until you have analyzed it - remove the "staging/foo+bar" folder with the failed attempt - reload your server mod_md will pick up that foo+bar needs renewal and you will see in the log when your script is called and what it returned.
Whoa, that helped a lot :) Okay, let's take this one step at a time:- Indeed, the shell script is called and actually does the right thing. I wasn't aware that httpd has it's private /tmp and /var/tmp, so I couldn't find the expected files.
- And indeed, on very rare occasions, the process finished and I received a valid certificate. At the moment, I have problems that Let's Encrypt does not register the update of the DNS record. As soon as I stop one request and start a new one, Let's Encrypt sees the DNS entries of the previous try. This might be a problem with TTLs on our side, I'll have to investigate more.
- In the rare case, where registering the certificate succeeded, I could see in the logs something about "teardown", but I couldn't find any hint that the script was actually called to remove the TXT entry. I.e. I find entries like
dns-01 setup command: /data/acme/mod_md_worker.sh setup ... but entries like order teardown setup dns-01:... where not followed by an actual call to the script. Thanks so far for the help! Joern -- Jörn Clausen BITS - Bielefelder IT-Servicezentrum https://www.uni-bielefeld.de/bits --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|