I'm attempting to use mod_md for automatic Let's Encrypt certificates. It does not work. mod_md is unable to connect to the Let's Encrypt ACME server due to a TLS certificate error thrown by libcurl. See the following log output.
- Code: Select all
[Wed Mar 31 03:58:17.204934 2021] [md:debug] [pid 3500:tid 688] md_acme.c(769): get directory from https://acme-v02.api.letsencrypt.org/directory
[Wed Mar 31 03:58:17.501775 2021] [md:debug] [pid 3500:tid 688] md_curl.c(385): (20014)Internal error (specific information not available): request failed(60): SSL peer certificate or SSH remote key was not OK
[Wed Mar 31 03:58:17.501775 2021] [md:warn] [pid 3500:tid 688] (20014)Internal error (specific information not available): md[h.tremolo4.tk] while[Contacting ACME server for h.tremolo4.tk at https://acme-v02.api.letsencrypt.org/directory] detail[Unsuccessful in contacting ACME server at <https://acme-v02.api.letsencrypt.org/directory>. If this problem persists, please check your network connectivity from your Apache server to the ACME server. Also, older servers might have trouble verifying the certificates of the ACME server. You can check if you are able to contact it manually via the curl command. Sometimes, the ACME server might be down for maintenance, so failing to contact it is not an immediate problem. Apache will continue retrying this.]
When using the bundled curl.exe directly, like it says in the error message, I can connect to https://acme-v02.api.letsencrypt.org/directory without issue. Wild guess: I noticed that curl does not have a CApath set (see below), even though it still works from the command line.
- Code: Select all
$ ./curl.exe --cacert non_existing_file https://www.google.de
curl: (77) error setting certificate verify locations:
CAfile: non_existing_file
CApath: none
I'm using xampp-windows-x64-8.0.3-0-VS16-installer.exe on Windows 10
My mod_md config settings are as follows:
- Code: Select all
LogLevel md:trace1
MDCertificateAgreement accepted
MDomain mydomain.example.com
I'd appreciate any insights.