Merge /httpd/httpd/trunk:r1923148

icing · icing · commit 3759641d1d28 · 2025-01-15T12:59:16.000Z
*) mod_md: update to version 2.4.31 - Improved error reporting when waiting for ACME server to verify domains or finalizing the order fails, e.g. times out. - Increasing the timeouts to wait for ACME server to verify domain names and issue the certificate from 30 seconds to 5 minutes. - Change a log level from error to debug when Stapling is enabled but a certificate carries no OCSP responder URL. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1923150 13f79535-47bb-0310-9956-ffa450edef68
diff --git a/changes-entries/md_v2.4.31.txt b/changes-entries/md_v2.4.31.txt
@@ -0,0 +1,7 @@
+  *) mod_md: update to version 2.4.31
+     - Improved error reporting when waiting for ACME server to verify domains
+       or finalizing the order fails, e.g. times out.
+     - Increasing the timeouts to wait for ACME server to verify domain names
+       and issue the certificate from 30 seconds to 5 minutes.
+     - Change a log level from error to debug when Stapling is enabled but a
+       certificate carries no OCSP responder URL.
diff --git a/modules/md/md_acme_drive.c b/modules/md/md_acme_drive.c
@@ -515,8 +515,8 @@ static apr_status_t acme_driver_preload_init(md_proto_driver_t *d, md_result_t *
     d->baton = ad;
     
     ad->driver = d;
-    ad->authz_monitor_timeout = apr_time_from_sec(30);
-    ad->cert_poll_timeout = apr_time_from_sec(30);
+    ad->authz_monitor_timeout = apr_time_from_sec(300);
+    ad->cert_poll_timeout = apr_time_from_sec(300);
     ad->ca_challenges = apr_array_make(d->p, 3, sizeof(const char*));
     
     /* We want to obtain credentials (key+certificate) for every key spec in this MD */
diff --git a/modules/md/md_acmev2_drive.c b/modules/md/md_acmev2_drive.c
@@ -152,11 +152,17 @@ apr_status_t md_acmev2_drive_renew(md_acme_driver_t *ad, md_proto_driver_t *d, m
     
     rv = md_acme_order_monitor_authzs(ad->order, ad->acme, d->md,
                                       ad->authz_monitor_timeout, result, d->p);
-    if (APR_SUCCESS != rv) goto leave;
+    if (APR_SUCCESS != rv) {
+      md_result_set(result, rv, "Error waiting on domain names to be validated");
+      goto leave;
+    }
 
     rv = md_acme_order_await_ready(ad->order, ad->acme, d->md,
                                    ad->authz_monitor_timeout, result, d->p);
-    if (APR_SUCCESS != rv) goto leave;
+    if (APR_SUCCESS != rv) {
+      md_result_set(result, rv, "Error waiting for order to become ready");
+      goto leave;
+    }
 
     if (MD_ACME_ORDER_ST_READY == ad->order->status) {
         rv = md_acme_drive_setup_cred_chain(d, result);
@@ -166,7 +172,10 @@ apr_status_t md_acmev2_drive_renew(md_acme_driver_t *ad, md_proto_driver_t *d, m
 
     rv = md_acme_order_await_valid(ad->order, ad->acme, d->md, 
                                    ad->authz_monitor_timeout, result, d->p);
-    if (APR_SUCCESS != rv) goto leave;
+    if (APR_SUCCESS != rv) {
+      md_result_set(result, rv, "Error waiting for order to become valid.");
+      goto leave;
+    }
     
     if (!ad->order->certificate) {
         md_result_set(result, APR_EINVAL, "Order valid, but certificate url is missing.");
diff --git a/modules/md/md_version.h b/modules/md/md_version.h
@@ -27,15 +27,15 @@
  * @macro
  * Version number of the md module as c string
  */
-#define MOD_MD_VERSION "2.4.30"
+#define MOD_MD_VERSION "2.4.31"
 
 /**
  * @macro
  * Numerical representation of the version number of the md module
  * release. This is a 24 bit number with 8 bits for major number, 8 bits
  * for minor and 8 bits for patch. Version 1.2.3 becomes 0x010203.
  */
-#define MOD_MD_VERSION_NUM 0x02041e
+#define MOD_MD_VERSION_NUM 0x02041f
 
 #define MD_ACME_DEF_URL         "https://acme-v02.api.letsencrypt.org/directory"
 #define MD_TAILSCALE_DEF_URL    "file://localhost/var/run/tailscale/tailscaled.sock"
