search

icing / mod_md

Let's Encrypt (ACME) in Apache httpd
https://icing.github.io/mod_md/
Apache License 2.0
334 stars 28 forks source link

Staged certificate not completing with "error loading staged set" (certificate staged. Ongoing...) [Apache/2.4.58] #334

Closed whereisaaron closed 21 hours ago

whereisaaron commented 4 months ago

I've had the same errors #323 and #223 occurs and the staged domain was stuck in staged with the same error, after previous renewing successfully server times. Using Apache/2.4.58. There log error was:

[md:error] [pid 10:tid 140553250768768] (20014)Internal error (specific information not available): AH10069: mydomain.com: error loading staged set

The server status page said "certificate staged. Ongoing..." image

A full restart didn't complete the staging and same error occurred again, "error loading staged set".

Disk space, archive folder, and domains folder looked fine. The md/tmp folder contained a range of folder for different domains, each with just a 'job.json' file. However the folder and job.json for the problem domain only listed events from the previous renewal.

The folder permissions were: image

The folder in the staging director contained the new certificate and the job.json said "The certificate for the managed domain has been renewed successfully and can be used (valid since Mon, 08 Apr 2024 23:52:55 GMT). A graceful server restart now is recommended.". But server restarts didn't do anything.

Removing the domain name directory from staged switched the status to "Pending". I'll wait and see if the renewal happens this time.

The latest in job.json for the staged certificate is:

{
  "name": "mydomain.com",
  "finished": true,
  "notified": true,
  "notified-renewed": true,
  "last-run": "Mon, 08 Apr 2024 23:52:42 GMT",
  "valid-from": "Mon, 08 Apr 2024 23:52:55 GMT",
  "errors": 0,
  "last": {
    "status": 0,
    "valid-from": "Mon, 08 Apr 2024 23:52:55 GMT"
  },
  "log": {
    "entries": [
      {
        "when": "Mon, 08 Apr 2024 23:52:56 GMT",
        "type": "message-renewed"
      },
      {
        "when": "Mon, 08 Apr 2024 23:52:56 GMT",
        "type": "finished"
      },
      {
        "when": "Mon, 08 Apr 2024 23:52:55 GMT",
        "type": "progress",
        "detail": "The certificate for the managed domain has been renewed successfully and can be used (valid since Mon, 08 Apr 2024 23:52:55 GMT). A graceful server restart now is recommended."
      },
      {
        "when": "Mon, 08 Apr 2024 23:52:55 GMT",
        "type": "progress",
        "detail": "Retrieving rsa certificate chain for mydomain.com"
      },
...
icing commented 4 months ago

You can set LogLevel md:debug to see more details on what goes wrong when loading the new cert.

icing commented 21 hours ago

Closed as being stale.