v2.3.5-git :: Does not renew #235
Comments
|
Above I said that it is renewing when I restart Apache. But... it is not renewing at restart, see: certifcate-status and md-status nothing changed. I shall wait an other day. |
|
I the folder md/staging/apachelounge.com there is the file job.json with time stamp when MDMessageCmd message : Expiring |
|
I removed the file md/staging/apachelounge.com/job.json And status page says still Finished Successfully. I leave it running an other day to see what happens. And after that day I restart and remove mod_md. When in trunk I give it an other try maybe. |
|
Hmm, strange. I will look into this. |
|
After a day : md_result.c(254): md[apachelounge.com] detail[The certificate for the managed domain has been renewed successfully and can be used from Fri, 29 Jan 2021 09:42:33 GMT on.] And status page says still Finished Successfully. What does this mean, at this point formerly I saw ...has been renewed successfully ? On the status page already from my first post above (when counted down to 0 seconds) it says Finished Successfully. Very confusing. Also I miss the MDNotifyCmd message !! Now I am going to restart, stay tuned. |
|
Did the restart: MDMessageCmd message : Installed and oscp-renewed (with renew not seen MDNotifyCmd message) And status activity says now Renew 2021-02-02 (is ok renew-windows 84d), |
|
Said above miss the MDNotifyCmd message, need it again to restart Apache. Forgot: missing also MDMessageCmd renewed |
|
I have seen on my own server that sometimes, the "success" message was missing after a problem was reported once and then a retry did renew. Seems there is a bug in the notification state. Will look. |
… when a renewal job had already successfully notified about another event. See #235. * new event ```challenge-setup:<type>:<domain>```, triggered when the challenge data for a domain has been created. This is invoked before the ACME server is told to check for it. The type is one of the ACME challenge types. This is invoked for every DNS name in a MDomain. * Using ```configure``` with ```--with-boulder``` or ```--with-pebble``` selects the default URLs for both test servers.
|
I have just released beta v2.3.7 which should address that issue. Feedback appreciated! |
|
It should renew again now ?
Notification was not my point. It is not renewing.
I shall try to test ASAP
|
|
Started again testing with the same config. MDMessageCmd messages: In status activity: Renew 2021-02-09 Now I am waiting for the warn-window: 85d message and then after a day the renew should start (renew-window: 84d) And again in staging the file in md/staging/apachelounge.com/job.json |
|
Ah, good catch. The new "renewing" was issued way too early, before it was checked that this is actually necessary. Just made a fix. You want a release to verify? |
|
Not necessary to check if v2.3.7 is renewing. |
|
Think you overlooked it: Above I pointed two times about the mod_status page Activity column. mod_status page activity column status page: Activity Stays Finished Successfully all the time also after renew. Formerly it was also saying ..... .managed domain has been renewed successfully and can be used from Sun, 07..... |
|
An other regression. MDNotifyCmd script not called (MDMessageCmd fine). |
I have:
After a renew this happen:
In status page:
Renew in ~days
..
..
Renew in ~seconds
..
..
After 0 seconds : Finished Successfully (confusing what has finished, was that formerly On going ?)
And yes, I get after a day on 21 January , the MDMessageCmd message : Expiring
Now on 24 January it still not renewed, it should renew 22 January (warn-windows 85d and renew-window 84d)
And status page says still Finished Successfully.
And in the log every 12 hours:
mod_md_drive.c(196): AH10055: md watchdog run, auto drive 1 mds
mod_md_drive.c(218): AH10107: next run in 12 hours
When I restart, then it is renewing. I keep it running for an other day.
Must I wait longer ?
certificate-status
{
"valid": {
"from": "Sat, 16 Jan 2021 11:30:23 GMT",
"until": "Fri, 16 Apr 2021 11:30:23 GMT"
},
"rsa": {
"valid": {
"from": "Sat, 16 Jan 2021 11:30:23 GMT",
"until": "Fri, 16 Apr 2021 11:30:23 GMT"
},
"serial": "03723208C9D408490B6DD613B1CE6648B8F6",
"sha256-fingerprint": "b1eafe17de8d54f70867b5d65b2b757a5ee6364af04f9e55c7069a361dc6435d"
},
"renewal": {
"cert": {}
}
}
md-status
{
"version": "2.3.5-git",
"managed-domains": [
{
"name": "apachelounge.com",
"domains": [
"apachelounge.com",
"www.apachelounge.com",
..
..
],
"contacts": [
"mailto:[email protected]"
],
"transitive": 1,
"ca": {
"account": "ACME-.letsencrypt.org-0000",
"proto": "ACME",
"url": "https://acme-v02.api.letsencrypt.org/directory",
"agreement": "accepted"
},
"state": 2,
"renew-mode": 2,
"renew-window": "84d",
"warn-window": "85d",
"must-staple": false,
"proto": {
"acme-tls/1": [
"apachelounge.com",
"www.apachelounge.com",
...
...
]
},
"stapling": true,
"cert": {
"rsa": {
"valid": {
"from": "Sat, 16 Jan 2021 11:30:23 GMT",
"until": "Fri, 16 Apr 2021 11:30:23 GMT"
},
"serial": "03723208C9D408490B6DD613B1CE6648B8F6",
"sha256-fingerprint": "b1eafe17de8d54f70867b5d65b2b757a5ee6364af04f9e55c7069a361dc6435d",
"ocsp": {
"status": "good",
"valid": {
"from": "Fri, 22 Jan 2021 12:00:00 GMT",
"until": "Fri, 29 Jan 2021 12:00:00 GMT"
},
"renewal": {
"name": "apachelounge.com",
"finished": true,
"notified": false,
"last-run": "Sun, 24 Jan 2021 04:33:46 GMT",
"errors": 0,
"last": {
"status": 0,
"detail": "certificate status is GOOD, status valid Fri, 22 Jan 2021 12:00:00 GMT - Fri, 29 Jan 2021 12:00:00 GMT",
"activity": "status of certid faa295a79b98a805bdd4d9e06f3b1275abab5c35, reading response"
}
}
}
},
"valid": {
"from": "Sat, 16 Jan 2021 11:30:23 GMT",
"until": "Fri, 16 Apr 2021 11:30:23 GMT"
}
},
"renew-at": "Fri, 22 Jan 2021 11:30:23 GMT",
"watched": true,
"renew": true,
"renewal": {
"name": "apachelounge.com",
"finished": true,
"notified": true,
"last-run": "Thu, 21 Jan 2021 17:00:35 GMT",
"errors": 0,
"last": {
"status": 0
},
"cert": {}
}
}
]
}
The text was updated successfully, but these errors were encountered: