Bug 62572 - Moving name based VirtualHost with Let's Encrypt to ServerAlias prevents apache from starting
Summary: Moving name based VirtualHost with Let's Encrypt to ServerAlias prevents apac...
Status: RESOLVED FIXED
Alias: None
Product: Apache httpd-2
Classification: Unclassified
Component: mod_md (show other bugs)
Version: 2.4.34
Hardware: PC Linux
: P2 normal (vote)
Target Milestone: ---
Assignee: Apache HTTPD Bugs Mailing List
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2018-07-26 09:54 UTC by Serge Hauser
Modified: 2018-08-03 10:39 UTC (History)
1 user (show)



Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Serge Hauser 2018-07-26 09:54:46 UTC
When i have two separate name based virtual hosts using Let's Encrypt and i start apache httpd everything is fine:

--- START conf.snippet ---
Listen          <MYIP>:443

MDomain         server1.mydomain.com
MDomain         server2.mydomain.com

<VirtualHost <MYIP>:443>
ServerName             server1.mydomain.com
ServerAdmin            admin@mydomain.com
.
</VirtualHost>
<VirtualHost <MYIP>:443>
ServerName             server2.mydomain.com
ServerAdmin            admin@mydomain.com
...
</VirtualHost>
--- END conf.snippet ---

Then i change the config and configure server2.mydomain.com as an alias of server1.mydomain.com and httpd refuses to start:

--- START conf.snippet ---
Listen          <MYIP>:443

MDomain         server1.mydomain.com

<VirtualHost <MYIP>:443>
ServerName             server1.mydomain.com
ServerAdmin            admin@mydomain.com
ServerAlias            server2.mydomain.com
...
</VirtualHost>
--- END conf.snippet ---


Log Messages:
26/07 11:37:20.971 err (22)Invalid argument: AH10073: synching 1 mds to registry 26/07 11:37:20.971 err (22)Invalid argument: md server1.mydomain.com shares domain 'server2.mydomain.com' with md server2.mydomain.com
26/07 11:37:20.971 warning domain server2.mydomain.com, configured in md server1.mydomain.com, is part of the stored md server2.mydomain.com. That md however is no longer mentioned in the config. If you longer want it, remove the md from the store.


Workaround:
 - Delete ${MDStoreDir}/domains/server2.mydomain.com before restart.
Comment 1 Stefan Eissing 2018-07-26 10:18:40 UTC
This seems to be a case where the auto-sync of configuration against md store could just remove the no longer referenced 'server2.mydomain.com' instead of complaining about a possible misconfiguration.

Just to confirm: a restart after deleting the old server2 md directory did the right thing and no more errors were encountered?
Comment 2 Serge Hauser 2018-07-26 10:55:29 UTC
Yes, thats correct. Is it ok for now to fiddle with the md store and delete that directory manually ?
Comment 3 Stefan Eissing 2018-07-26 11:01:29 UTC
Yes, definitely. Fiddle away!

(One reason there are "just" files is that they allow manipulations so easily. Unless you hit Let's Encrypt rate limits, you can always throw away the store and make a fresh start. But the rate limits are real and, once hit, you will not get certs from LE for a while!)
Comment 4 Stefan Eissing 2018-08-03 10:39:25 UTC
Checked in a fix for this in r1837357 on trunk. Also released as mod_md v1.1.16 on github.