mod_md

classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

mod_md

Stefan Eissing
Hey,

the alpha version for Let's Encrypt (ACME) support for httpd can be found here: https://github.com/icing/mod_md

I'd like to get early feedback and stabilize a tad more before bringing this into Apache trunk. It also contains a small patch for mod_ssl which people should get comfortable about. Or not. Maybe there is a better approach.

Anyways, looking forward to feedback.

Have a nice weekend,

Stefan
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: mod_md

Tom Browder

On Sat, Jul 22, 2017 at 07:00 Stefan Eissing <[hidden email]> wrote:
Hey,

the alpha version for Let's Encrypt (ACME) support for httpd can be found here: https://github.com/icing/mod_md

I'd like to get early feedback and stabilize a tad more before bringing this into Apache trunk. It also contains a small patch for mod_ssl which people should get comfortable about. Or not. Maybe there is a better approach.

Anyways, looking forward to feedback.

Stefan, I look forward to using this mod.  I hope it can be incorporated into a release soon.

Have you thought about incorporating the cert update method through a cooperating DNS server (can't think of the tecnical name)?

Thanks for this exciting announcement and the work you are doing.

With warmest regards,

-Tom

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: mod_md

Stefan Eissing

> Am 23.07.2017 um 18:02 schrieb Tom Browder <[hidden email]>:
>
>
> On Sat, Jul 22, 2017 at 07:00 Stefan Eissing <[hidden email]> wrote:
> Hey,
>
> the alpha version for Let's Encrypt (ACME) support for httpd can be found here: https://github.com/icing/mod_md
>
> I'd like to get early feedback and stabilize a tad more before bringing this into Apache trunk. It also contains a small patch for mod_ssl which people should get comfortable about. Or not. Maybe there is a better approach.
>
> Anyways, looking forward to feedback.
>
> Stefan, I look forward to using this mod.  I hope it can be incorporated into a release soon.

Thanks!

> Have you thought about incorporating the cert update method through a cooperating DNS server (can't think of the tecnical name)?

DNS challenges will not be part of the initial release. AFIK, they become really relevant for wildcard certificates that Let's Encrypt has announced for early 2018. But that will also only be offered via the ACMEv2 protocol (the one standardized in the IETF). So, this is all scope for a future version, not the first production ready mod_md this summer.

Btw. Let's Encrypt has agreed that it needs to support the current ACME protocol for some time into the future, as I talked with them about timelines of Apache releases and *NIX distributions, esp. LTS versions.

Cheers,

Stefan

> Thanks for this exciting announcement and the work you are doing.
>
> With warmest regards,
>
> -Tom
>

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: mod_md

Tom Browder
On Mon, Jul 24, 2017 at 04:15 Stefan Eissing <[hidden email]> wrote:
> On Sat, Jul 22, 2017 at 07:00 Stefan Eissing <[hidden email]> wrote:
> Hey,
>
> the alpha version for Let's Encrypt (ACME) support for httpd can be found here: https://github.com/icing/mod_md
>
> I'd like to get early feedback and stabilize a tad more before bringing this into Apache trunk. It also contains a small patch for mod_ssl which people should get comfortable about. Or not. Maybe there is a better approach.

Stefan, I think you ought to advertise your mod_md on the Let's Encrypt list of acme clients right now, even though it hasn't been released in a stable version yet.

Best,

-Tom
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: mod_md

Steffen
In reply to this post by Stefan Eissing
Good news mod_md on Windows.

After quite some struggling with Stefan, he managed to get lots of my reported Windows issues solved. 

Copy from post at Git:


One source tree is much better, and a2md in modules is no problem for me (more or less it belongs in support). You renamed also some files.


Building 0.6.0 all fine.


Now it configures a certificate, although it is not a valid certificate, I can browse https with it, you can try https://www.vosadministraties.nl/ The certificate says: Issued by: Fake LE Intermediate X1.


Runs on the https://www.apachelounge.com/ production server which has more (vhost)domains with valid certificates.


Config:
LoadModule watchdog_module modules/mod_watchdog.so
LoadModule md_module modules/mod_md.so
ManagedDomain vosadministraties.nl www.vosadministraties.nl

And the vhosts:
< VirtualHost *:443>
ServerName ........
ServerAlias ........
.....
SSLEngine on
SSLCertificateFile conf/apachelounge.com-chain.pem
SSLCertificateKeyFile conf/apachelounge.com-key.pem
< /VirtualHost>
...
...
< VirtualHost *:443>
ServerName www.vosadministraties.nl
ServerAlias vosadministraties.nl
.....
SSLEngine on
< /VirtualHost>


Log:
[md:info] [pid 11524:tid 448] AH: vosadministraties.nl: staged set activated
[md:info] [pid 11524:tid 448] AH: mod_md (v0.6.0-git), initializing...
[ssl:info] [pid 11524:tid 448] AH01914: Configuring server www.vosadministraties.nl:443 for SSL protocol
[ssl:info] [pid 11524:tid 448] AH02568: Certificate and private key www.vosadministraties.nl:443:0 configured from D:/servers/apacheS/md/domains/vosadministraties.nl/cert.pem and D:/servers/apacheS/md/domains/vosadministraties.nl/pkey.pem


 
On Saturday 22/07/2017 at 14:00, Stefan Eissing wrote:
Hey,

the alpha version for Let's Encrypt (ACME) support for httpd can be found here: https://github.com/icing/mod_md

I'd like to get early feedback and stabilize a tad more before bringing this into Apache trunk. It also contains a small patch for mod_ssl which people should get comfortable about. Or not. Maybe there is a better approach.

Anyways, looking forward to feedback.

Have a nice weekend,

Stefan

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: mod_md

Stefan Eissing
Glad to hear! 

mod_md currently uses the test service from letsencrypt by default. That is why the root cert is not valid. 

-Stefan

Am 08.08.2017 um 17:31 schrieb Steffen <[hidden email]>:

Good news mod_md on Windows.

After quite some struggling with Stefan, he managed to get lots of my reported Windows issues solved. 

Copy from post at Git:


One source tree is much better, and a2md in modules is no problem for me (more or less it belongs in support). You renamed also some files.


Building 0.6.0 all fine.


Now it configures a certificate, although it is not a valid certificate, I can browse https with it, you can try https://www.vosadministraties.nl/ The certificate says: Issued by: Fake LE Intermediate X1.


Runs on the https://www.apachelounge.com/ production server which has more (vhost)domains with valid certificates.


Config:
LoadModule watchdog_module modules/mod_watchdog.so
LoadModule md_module modules/mod_md.so
ManagedDomain vosadministraties.nl www.vosadministraties.nl

And the vhosts:
< VirtualHost *:443>
ServerName ........
ServerAlias ........
.....
SSLEngine on
SSLCertificateFile conf/apachelounge.com-chain.pem
SSLCertificateKeyFile conf/apachelounge.com-key.pem
< /VirtualHost>
...
...
< VirtualHost *:443>
ServerName www.vosadministraties.nl
ServerAlias vosadministraties.nl
.....
SSLEngine on
< /VirtualHost>


Log:
[md:info] [pid 11524:tid 448] AH: vosadministraties.nl: staged set activated
[md:info] [pid 11524:tid 448] AH: mod_md (v0.6.0-git), initializing...
[ssl:info] [pid 11524:tid 448] AH01914: Configuring server www.vosadministraties.nl:443 for SSL protocol
[ssl:info] [pid 11524:tid 448] AH02568: Certificate and private key www.vosadministraties.nl:443:0 configured from D:/servers/apacheS/md/domains/vosadministraties.nl/cert.pem and D:/servers/apacheS/md/domains/vosadministraties.nl/pkey.pem


 
On Saturday 22/07/2017 at 14:00, Stefan Eissing wrote:
Hey,

the alpha version for Let's Encrypt (ACME) support for httpd can be found here: https://github.com/icing/mod_md

I'd like to get early feedback and stabilize a tad more before bringing this into Apache trunk. It also contains a small patch for mod_ssl which people should get comfortable about. Or not. Maybe there is a better approach.

Anyways, looking forward to feedback.

Have a nice weekend,

Stefan

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: mod_md

Steffen
In reply to this post by Stefan Eissing
Valid and Green now !

Added to conf:

 MDCertificateAuthority https://acme-v01.api.letsencrypt.org/directory

 
On Tuesday 08/08/2017 at 18:14, Stefan Eissing wrote:
Glad to hear! 

mod_md currently uses the test service from letsencrypt by default. That is why the root cert is not valid. 

-Stefan

Am 08.08.2017 um 17:31 schrieb Steffen <[hidden email]>:

Good news mod_md on Windows.

After quite some struggling with Stefan, he managed to get lots of my reported Windows issues solved. 

Copy from post at Git:


One source tree is much better, and a2md in modules is no problem for me (more or less it belongs in support). You renamed also some files.


Building 0.6.0 all fine.


Now it configures a certificate, although it is not a valid certificate, I can browse https with it, you can try https://www.vosadministraties.nl/ The certificate says: Issued by: Fake LE Intermediate X1.


Runs on the https://www.apachelounge.com/ production server which has more (vhost)domains with valid certificates.


Config:
LoadModule watchdog_module modules/mod_watchdog.so
LoadModule md_module modules/mod_md.so
ManagedDomain vosadministraties.nl www.vosadministraties.nl

And the vhosts:
< VirtualHost *:443>
ServerName ........
ServerAlias ........
.....
SSLEngine on
SSLCertificateFile conf/apachelounge.com-chain.pem
SSLCertificateKeyFile conf/apachelounge.com-key.pem
< /VirtualHost>
...
...
< VirtualHost *:443>
ServerName www.vosadministraties.nl
ServerAlias vosadministraties.nl
.....
SSLEngine on
< /VirtualHost>


Log:
[md:info] [pid 11524:tid 448] AH: vosadministraties.nl: staged set activated
[md:info] [pid 11524:tid 448] AH: mod_md (v0.6.0-git), initializing...
[ssl:info] [pid 11524:tid 448] AH01914: Configuring server www.vosadministraties.nl:443 for SSL protocol
[ssl:info] [pid 11524:tid 448] AH02568: Certificate and private key www.vosadministraties.nl:443:0 configured from D:/servers/apacheS/md/domains/vosadministraties.nl/cert.pem and D:/servers/apacheS/md/domains/vosadministraties.nl/pkey.pem


 
On Saturday 22/07/2017 at 14:00, Stefan Eissing wrote:
Hey,

the alpha version for Let's Encrypt (ACME) support for httpd can be found here: https://github.com/icing/mod_md

I'd like to get early feedback and stabilize a tad more before bringing this into Apache trunk. It also contains a small patch for mod_ssl which people should get comfortable about. Or not. Maybe there is a better approach.

Anyways, looking forward to feedback.

Have a nice weekend,

Stefan


Loading...