*) mod_md: when MDMessageCmd for a 'challenge-setup:<type>:<dnsname>'

     fails (!= 0 exit), the renewal process is aborted and an error is
     reported for the MDomain. This provides scripts that distribute
     information in a cluster to abort early with bothering an ACME
     server to validate a dns name that will not work. The common
     retry logic will make another attempt in the future, as with
     other failures.
     Fixed a bug when adding private key specs to an already working
     MDomain, see <https://github.com/icing/mod_md/issues/260>.



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1893399 13f79535-47bb-0310-9956-ffa450edef68

1 files changed, 7 insertions, 1 deletions

diff --git a/modules/md/md_acme_authz.c b/modules/md/md_acme_authz.c
index 0988d45969..d5632fa6b6 100644
--- a/modules/md/md_acme_authz.c
+++ b/modules/md/md_acme_authz.c
@@ -275,7 +275,13 @@ static apr_status_t cha_http_01_setup(md_acme_authz_cha_t *cha, md_acme_authz_t
         /* Raise event that challenge data has been set up before we tell the
            ACME server. Clusters might want to distribute it. */
         event = apr_psprintf(p, "challenge-setup:%s:%s", MD_AUTHZ_TYPE_HTTP01, authz->domain);
-        md_result_holler(result, event, p);
+        rv = md_result_raise(result, event, p);
+        if (APR_SUCCESS != rv) {
+            md_log_perror(MD_LOG_MARK, MD_LOG_DEBUG, rv, p,
+                          "%s: event '%s' failed. aborting challenge setup",
+                          authz->domain, event);
+            goto out;
+        }
         /* challenge is setup or was changed from previous data, tell ACME server
          * so it may (re)try verification */        
         authz_req_ctx_init(&ctx, acme, NULL, authz, p);