mod_md icon indicating copy to clipboard operation
mod_md copied to clipboard

Published 20 hours ago verified publisher icon icing

[md:error] [pid 290:tid 292] (20014)Internal error (specific information not available): AH10056: processing ... : unexpected http status: 413

Open remco-pc opened this issue 10 months ago • 7 comments
trafficstars

i have an apache2 config file with around 6000 subdomains defined (English words test and its not working, while a few subdomains are working automated perfectly with the same config file.

remco-pc avatar Jan 14 '25 21:01 remco-pc

That means during talking to the ACME server, it responded with HTTP code 413, indicating "Payload Too Large". Which is strange.

What ACME servers do you use for the domain that errors on this?

icing avatar Jan 15 '25 10:01 icing

@icing as much defaults as possible, are there different ones ? this is letsencrypt do you need the apache2 config file ?

remco-pc avatar Jan 15 '25 20:01 remco-pc

@icing

ServerAdmin {{$options.server.admin|default:''}}

MDomain {{$options.server.name|default:''}} auto
MDCertificateAgreement accepted
MDRequireHttps {{$options.md.https|default:'permanent'}}

SSLCipherSuite {{$options.server.cipher.suite|default:'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384'}}

SSLHonorCipherOrder {{$options.server.cipher.order|default:'off'}}

SSLSessionTickets off
Protocols {{$options.server.protocol|default:'h2 http/1.1 acme-tls/1'}}

<VirtualHost *:{{$options.server.port|default:443}}>
	ServerName {{$options.server.name|default:''}}

	ServerAlias www.{{$options.server.name|default:''}}

{{if(!is.empty($options.server.alias))}}
{{for.each($options.server.alias as $alias)}}
    ServerAlias {{$alias}}
{{/for.each}}
{{/if}}

	DocumentRoot {{$options.server.root|default:''}}

	AllowEncodedSlashes On
	SSLEngine on
	MDStapling {{$options.md.stapling|default:'on'}}

	<Directory "{{$options.server.root|default:''}}">
		Require {{$options.directory.require|default:'all granted'}}

        AllowOverride {{$options.directory.allow_override|default:'All'}}

        Options {{$options.directory.options|default:'FollowSymlinks'}}

	</Directory>
	ErrorLog {{config('project.dir.log')}}apache_error.log
	CustomLog {{config('project.dir.log')}}apache_access.log combined
</VirtualHost>

(A+ ssl certificate template)

remco-pc avatar Jan 15 '25 20:01 remco-pc

@icing the other method, to allow wildcards but can handle millions, power off power on configurable ?

remco-pc avatar Jan 15 '25 20:01 remco-pc

I'm also running into this with like 3 subdomains, other on the same domain (and host) work just fine. Provider is acme.sectigo.com (InCommon)

[Thu Jan 30 16:19:29.911056 2025] [md:error] [pid 138850] (20014)Internal error (specific information not available): host: asked to retrieve chain, but no certificate url part of order
[Thu Jan 30 16:19:29.913068 2025] [md:error] [pid 138850] (20014)Internal error (specific information not available): AH10056: processing host: Unable to retrieve rsa certificate chain

misilot avatar Jan 30 '25 22:01 misilot

Hey @icing any news of supporting large amounts of defined subdomains (automated) i see a usecase for a router.

Subdomain is a word and with vectors we can "generalize" this, with cosine_similarity for example and then create funnels of subdomains creating such a router with ollama wich leads to:

https://hello.example.com and https://hi.example.com will lead to the hello.example.com page based on similarity
``

remco-pc avatar May 23 '25 14:05 remco-pc

No work planned and not motivation to start that by myself in sight.

icing avatar May 23 '25 14:05 icing