httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Steffen <i...@apachelounge.com>
Subject Re: can we haz backports?
Date Fri, 12 Jan 2018 12:38:48 GMT

Yann: it is not working (anymore) when you have only port 443 open.
Yann: I am/was testing in real live, no boulder.
Eric: proposed change:  to begin with warns/errors user


I am talking about SSL configurations without port 80 open. It is not 
an individual issue, there are more around with no port 80 open. So it 
is not only for me !!!


At least you can make a change that warns/errors to user when you 
detect:

server seems not reachable via http: (port 80->80) and reachable via 
https: (port 443->443)

and update the documentation.

No, I do not want to veto, just to point strong  out that there are 
functions which are not supported.

I am a tester, just reporting what happens to improve Apache. I 
understand that you are disappointed and appreciate your work.


Cheers,

Steffen





On Friday 12/01/2018 at 12:57, Stefan Eissing  wrote:
>
>
>>
>> Am 12.01.2018 um 12:32 schrieb Steffen <info@apachelounge.com>:
>>
>> Now mod_md contains features which are not supported anymore !
>>
>> For SSL only config mod_md is not usable anymore, see 
>> https://community.letsencrypt.org/t/2018-01-11-update-regarding-acme-tls-sni-and-shared-hosting-infrastructure/50188
>>
>> Propose to change mod_md regarding above, now I vote -1.
>
> You want to veto the backport? Really? I think the project deserves
> a more detailed rationale for such a decision.
>
>>
>> On windows I advise LE-Win-Simple with its selfhosting option when you 
>> have SSL only.
>
> This is not one or the other. We also support several mpm modules, 
> based
> on individual needs.
>
> If you have a personal grudge against me, the project and its product 
> is
> a poor way to play it out. You let everyone who wants to make good use
> of mod_md, and there are people asking, suffer because it does not do 
> what
> you personally need on your site? What egocentric logic is that?
>
> For the record: mod_md is one of the ACME clients that behaves 
> gracefully under
> the recent TLS-SNI disable and people who have port 80 open, have to 
> do
> nothing for the certificate renewal/signup to continue working.
>
> If you want to improve any Apache functionality, provide code changes
> or, at least, constructive feedback. You are not here to sit on the
> fence and snipe at people's work.
>
> -Stefan
>
>
>>
>> Op 12 jan. 2018 om 12:14 heeft Stefan Eissing 
>> <stefan.eissing@greenbytes.de> het volgende geschreven:
>>
>>>
>>> Team,
>>>
>>> the frequency that people keep on asking me when ACME
>>> support in Apache will be released is going up. For
>>> this to happen, two backports need 1(!) more vote:
>>>
>>> 1. core/mod_ssl: Add new flag int to module struct.
>>>          existing votes: icing, ylavic
>>> 2. mod_md: backport of ACME (Let's Encrypt) support.
>>>          existing votes: icing, jim
>>>
>>> Is anyone planning to review this in the next days? Maybe,
>>> since everyone has limited time, coordinating this might
>>> be helpful?
>>>
>>> Hoping to hear back from you.
>>>
>>> Cheers,
>>>
>>> Stefan
>>>
>>>
>


Mime
  • Unnamed multipart/alternative (inline, Quoted Printable, 0 bytes)
View raw message