*) mod_md: update to version 2.4.31

     - Improved error reporting when waiting for ACME server to verify domains
       or finalizing the order fails, e.g. times out.
     - Increasing the timeouts to wait for ACME server to verify domain names
       and issue the certificate from 30 seconds to 5 minutes.
     - Change a log level from error to debug when Stapling is enabled but a
       certificate carries no OCSP responder URL.



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1923148 13f79535-47bb-0310-9956-ffa450edef68

4 files changed, 23 insertions, 7 deletions

diff --git a/changes-entries/md_v2.4.31.txt b/changes-entries/md_v2.4.31.txt
new file mode 100644
index 0000000000..38d226f7d9
--- /dev/null
+++ b/changes-entries/md_v2.4.31.txt
@@ -0,0 +1,7 @@
+  *) mod_md: update to version 2.4.31
+     - Improved error reporting when waiting for ACME server to verify domains
+       or finalizing the order fails, e.g. times out.
+     - Increasing the timeouts to wait for ACME server to verify domain names
+       and issue the certificate from 30 seconds to 5 minutes.
+     - Change a log level from error to debug when Stapling is enabled but a
+       certificate carries no OCSP responder URL.
diff --git a/modules/md/md_acme_drive.c b/modules/md/md_acme_drive.c
index 0ec409c863..45c39b37ad 100644
--- a/modules/md/md_acme_drive.c
+++ b/modules/md/md_acme_drive.c
@@ -515,8 +515,8 @@ static apr_status_t acme_driver_preload_init(md_proto_driver_t *d, md_result_t *
     d->baton = ad;
     
     ad->driver = d;
-    ad->authz_monitor_timeout = apr_time_from_sec(30);
-    ad->cert_poll_timeout = apr_time_from_sec(30);
+    ad->authz_monitor_timeout = apr_time_from_sec(300);
+    ad->cert_poll_timeout = apr_time_from_sec(300);
     ad->ca_challenges = apr_array_make(d->p, 3, sizeof(const char*));
     
     /* We want to obtain credentials (key+certificate) for every key spec in this MD */
diff --git a/modules/md/md_acmev2_drive.c b/modules/md/md_acmev2_drive.c
index 9dfca96714..1eda1dc15b 100644
--- a/modules/md/md_acmev2_drive.c
+++ b/modules/md/md_acmev2_drive.c
@@ -152,11 +152,17 @@ retry:
     
     rv = md_acme_order_monitor_authzs(ad->order, ad->acme, d->md,
                                       ad->authz_monitor_timeout, result, d->p);
-    if (APR_SUCCESS != rv) goto leave;
+    if (APR_SUCCESS != rv) {
+      md_result_set(result, rv, "Error waiting on domain names to be validated");
+      goto leave;
+    }
 
     rv = md_acme_order_await_ready(ad->order, ad->acme, d->md,
                                    ad->authz_monitor_timeout, result, d->p);
-    if (APR_SUCCESS != rv) goto leave;
+    if (APR_SUCCESS != rv) {
+      md_result_set(result, rv, "Error waiting for order to become ready");
+      goto leave;
+    }
 
     if (MD_ACME_ORDER_ST_READY == ad->order->status) {
         rv = md_acme_drive_setup_cred_chain(d, result);
@@ -166,7 +172,10 @@ retry:
 
     rv = md_acme_order_await_valid(ad->order, ad->acme, d->md, 
                                    ad->authz_monitor_timeout, result, d->p);
-    if (APR_SUCCESS != rv) goto leave;
+    if (APR_SUCCESS != rv) {
+      md_result_set(result, rv, "Error waiting for order to become valid.");
+      goto leave;
+    }
     
     if (!ad->order->certificate) {
         md_result_set(result, APR_EINVAL, "Order valid, but certificate url is missing.");
diff --git a/modules/md/md_version.h b/modules/md/md_version.h
index 2304194b99..2c3b66bc28 100644
--- a/modules/md/md_version.h
+++ b/modules/md/md_version.h
@@ -27,7 +27,7 @@
  * @macro
  * Version number of the md module as c string
  */
-#define MOD_MD_VERSION "2.4.30"
+#define MOD_MD_VERSION "2.4.31"
 
 /**
  * @macro
@@ -35,7 +35,7 @@
  * release. This is a 24 bit number with 8 bits for major number, 8 bits
  * for minor and 8 bits for patch. Version 1.2.3 becomes 0x010203.
  */
-#define MOD_MD_VERSION_NUM 0x02041e
+#define MOD_MD_VERSION_NUM 0x02041f
 
 #define MD_ACME_DEF_URL         "https://acme-v02.api.letsencrypt.org/directory"
 #define MD_TAILSCALE_DEF_URL    "file://localhost/var/run/tailscale/tailscaled.sock"