*) mod_md: when MDMessageCmd for a 'challenge-setup:<type>:<dnsname>'
fails (!= 0 exit), the renewal process is aborted and an error is
reported for the MDomain. This provides scripts that distribute
information in a cluster to abort early with bothering an ACME
server to validate a dns name that will not work. The common
retry logic will make another attempt in the future, as with
other failures.
Fixed a bug when adding private key specs to an already working
MDomain, see <https://github.com/icing/mod_md/issues/260>.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@
1893400 13f79535-47bb-0310-9956-
ffa450edef68
--- /dev/null
+ *) mod_md: when MDMessageCmd for a 'challenge-setup:<type>:<dnsname>'
+ fails (!= 0 exit), the renewal process is aborted and an error is
+ reported for the MDomain. This provides scripts that distribute
+ information in a cluster to abort early with bothering an ACME
+ server to validate a dns name that will not work. The common
+ retry logic will make another attempt in the future, as with
+ other failures.
+ Fixed a bug when adding private key specs to an already working
+ MDomain, see <https://github.com/icing/mod_md/issues/260>.
+ [Stefan Eissing]
/* Raise event that challenge data has been set up before we tell the
ACME server. Clusters might want to distribute it. */
event = apr_psprintf(p, "challenge-setup:%s:%s", MD_AUTHZ_TYPE_HTTP01, authz->domain);
- md_result_holler(result, event, p);
+ rv = md_result_raise(result, event, p);
+ if (APR_SUCCESS != rv) {
+ md_log_perror(MD_LOG_MARK, MD_LOG_DEBUG, rv, p,
+ "%s: event '%s' failed. aborting challenge setup",
+ authz->domain, event);
+ goto out;
+ }
/* challenge is setup or was changed from previous data, tell ACME server
* so it may (re)try verification */
authz_req_ctx_init(&ctx, acme, NULL, authz, p);
* @macro
* Version number of the md module as c string
*/
-#define MOD_MD_VERSION "2.4.6"
+#define MOD_MD_VERSION "2.4.7"
/**
* @macro
* release. This is a 24 bit number with 8 bits for major number, 8 bits
* for minor and 8 bits for patch. Version 1.2.3 becomes 0x010203.
*/
-#define MOD_MD_VERSION_NUM 0x020406
+#define MOD_MD_VERSION_NUM 0x020407
#define MD_ACME_DEF_URL "https://acme-v02.api.letsencrypt.org/directory"
APR_ARRAY_PUSH(key_files, const char*) = keyfile;
APR_ARRAY_PUSH(chain_files, const char*) = chainfile;
}
+ else if (APR_STATUS_IS_ENOENT(rv)) {
+ /* certificate for this pkey is not available, others might
+ * if pkeys have been added for a runnign mdomain.
+ * see issue #260 */
+ rv = APR_SUCCESS;
+ }
else if (!APR_STATUS_IS_ENOENT(rv)) {
ap_log_error(APLOG_MARK, APLOG_ERR, rv, s, APLOGNO(10110)
"retrieving credentials for MD %s (%s)",
*pkey_files = key_files;
*pcert_files = chain_files;
}
+ else if (APR_SUCCESS == rv) {
+ rv = APR_ENOENT;
+ }
return rv;
}
}
if (!job->notified_renewed) {
+ md_job_save(job, result, ptemp);
md_job_notify(job, "renewed", result);
}
}
projects / thirdparty / apache / httpd.git / commitdiff
