To get more needed feedback, it is good to go with experimental mod_md, not with a2md.
Be aware that we have then experimental code in mod_ssl ! Hereby I want to request to notify on error, see below. Missing message(s) in the log can end with a non working ssl site. The command line utility a2md I have not seen tested by users, a -1 for a2md special because it needs a change for windows to get it working, see below. 2and3 not seen used so far, no opinion. The .dsp’s etc. are ok in trunk. Utility a2md.exe needs for windows the include of OpenSSL applink.c, like in abs.exe. Notes: It is not really a module, more a configuration/install utility. And introducing curl and jansson dependencies. Running mod_md from the beginning and made available at ApacheLounge. It was a struggle to get it working for me and others, docu needs more eyes for reviews. It works ok, but I do not see that advantage over other utilities out there. Mod_md is standard oh so silence what it is doing behind the scenes. And with (config)errors it is quite a puzzle what is wrong, loglevel debug/trace2 is mostly needed to figure out. When you miss a message for example with renew in the log, then a change you end with a not working ssl site. I like to make request to make it possible that on an error we can get a notify (like MDNotifyCmd) for example by email. On my request already info/ warnings were added. We need more users to evaluate. In January LetsEncrypt is starting with wildcard certs. Maybe worth to wait. I know users waiting for that and experience learns that changes at LE can trouble mod_md. > Op 15 nov. 2017 om 10:59 heeft Stefan Eissing <stefan.eiss...@greenbytes.de> > het volgende geschreven: > > Now that Gregg has landed Windows build support in trunk (yay!), I would > really like us to include the Let's Encrypt Support in the next 2.4 release > as an experimental mod_md plus the required and recommended changes to > mod_ssl. > > Atm there is one blocker that prevents me from proposing mod_ssl backports: > the pending backport of "Handle SSLProxy* directives in <Proxy> sections" by > Yann. That one has just many changes in the module and making independant > patches with/without that one is too much work. With one vote missing, if > anyone could find the cycles to vote on that, that'd be great. > > Once that is out of the way, I will propose the following changes for > backport: > > 1. mod_md plus the *required* mod_ssl changes for interworking > 2. SSLPolicy/SSLProxyPolicy feature > 3. SSLEngine addr:port feature > > 2+3 are not required. For 2 I have gotten a lot of responses by people who'd > like to have that for their servers. 3 I do not feel strong about. > > Maybe we can give our early adopters a nice Xmas present. > > Cheers, > > Stefan > >
