From: "Massimo S." <ecs-isp@2rosenthals.com>
Received: from [192.168.100.201] (HELO mail.2rosenthals.com)
  by 2rosenthals.com (CommuniGate Pro SMTP 5.4.10)
  with ESMTP id 11290942 for ecs-isp@2rosenthals.com; Mon, 02 Dec 2024 17:05:49 -0500
Received: from secmgr-va.randr ([192.168.200.201]:55601 helo=mail2.2rosenthals.com)
	by mail.2rosenthals.com with esmtp (Exim 4.97.1)
	(envelope-from <ml@ecomstation.it>)
	id 1tIEY6-000000005aB-24hA
	for ecs-isp@2rosenthals.com;
	Mon, 02 Dec 2024 17:05:47 -0500
Received: from mail2.quasarbbs.net ([80.86.52.115]:10022)
	by mail2.2rosenthals.com with esmtp (Exim 4.97.1)
	(envelope-from <ml@ecomstation.it>)
	id 1tIEY3-00000000152-1WcS
	for ecs-isp@2rosenthals.com;
	Mon, 02 Dec 2024 17:05:44 -0500
X-SASI-Hits: BODY_SIZE_5000_5999 0.000000, BODY_SIZE_7000_LESS 0.000000,
	CTE_8BIT 0.000000, HTML_00_01 0.050000, HTML_00_10 0.050000,
	IN_REP_TO 0.000000, LEGITIMATE_SIGNS 0.000000,
	MSGID_SAMEAS_FROM_HEX_844412 0.100000, MSG_THREAD 0.000000,
	REFERENCES 0.000000, REPLYTO_SAMEAS_FROM 0.000000, SENDER_NO_AUTH 0.000000,
	SUSP_DH_NEG 0.000000, TO_IN_SUBJECT 0.500000, USER_AGENT 0.000000,
	__ANY_URI 0.000000, __BODY_NO_MAILTO 0.000000, __BODY_VOICEMAIL 0.000000,
	__BOUNCE_CHALLENGE_SUBJ 0.000000, __BOUNCE_NDR_SUBJ_EXEMPT 0.000000,
	__CP_URI_IN_BODY 0.000000, __CT 0.000000, __CTE 0.000000,
	__CT_TEXT_PLAIN 0.000000, __DQ_NEG_DOMAIN 0.000000, __DQ_NEG_HEUR 0.000000,
	__DQ_NEG_IP 0.000000, __FORWARDED_MSG 0.000000,
	__FROM_DOMAIN_NOT_IN_BODY 0.000000, __FROM_NAME_NOT_IN_ADDR 0.000000,
	__FROM_NAME_NOT_IN_BODY 0.000000, __FUR_HEADER 0.000000, __HAS_FROM 0.000000,
	__HAS_MSGID 0.000000, __HAS_REFERENCES 0.000000, __HAS_REPLYTO 0.000000,
	__HEADER_ORDER_FROM 0.000000, __HTTPS_URI 0.000000,
	__INVOICE_MULTILINGUAL 0.000000, __IN_REP_TO 0.000000, __MAIL_CHAIN 0.000000,
	__MIME_BOUND_CHARSET 0.000000, __MIME_TEXT_ONLY 0.000000,
	__MIME_TEXT_P 0.000000, __MIME_TEXT_P1 0.000000, __MIME_VERSION 0.000000,
	__MOZILLA_USER_AGENT 0.000000, __MSGID_HEX_844412 0.000000,
	__MULTIPLE_URI_TEXT 0.000000, __NO_HTML_TAG_RAW 0.000000,
	__PHISH_SPEAR_SUBJ_ALERT 0.000000, __REFERENCES 0.000000,
	__REPLYTO_SAMEAS_FROM_ACC 0.000000, __REPLYTO_SAMEAS_FROM_ADDY 0.000000,
	__REPLYTO_SAMEAS_FROM_DOMAIN 0.000000, __SANE_MSGID 0.000000,
	__SCAN_D_NEG 0.000000, __SCAN_D_NEG2 0.000000, __SCAN_D_NEG_HEUR 0.000000,
	__SCAN_D_NEG_HEUR2 0.000000, __SUBJ_ALPHA_END 0.000000,
	__SUBJ_ALPHA_NEGATE 0.000000, __SUBJ_REPLY 0.000000,
	__TO_IN_SUBJECT 0.000000, __TO_MALFORMED_2 0.000000, __TO_NAME 0.000000,
	__TO_NAME_DIFF_FROM_ACC 0.000000, __TO_REAL_NAMES 0.000000,
	__URI_HAS_HYPHEN_USC 0.000000, __URI_IN_BODY 0.000000,
	__URI_IN_BODY_HTTP_X10 0.000000, __URI_NOT_IMG 0.000000,
	__URI_NO_MAILTO 0.000000, __URI_NS 0.000000, __URI_WITHOUT_PATH 0.000000,
	__URI_WITH_PATH 0.000000, __USER_AGENT 0.000000
X-SASI-Probability: 10%
X-SASI-RCODE: 200
X-SASI-Version: Antispam-Engine: 5.1.4, AntispamData: 2024.12.2.213646
X-SASI-Hits: BODY_SIZE_5000_5999 0.000000, BODY_SIZE_7000_LESS 0.000000,
	CTE_8BIT 0.000000, HTML_00_01 0.050000, HTML_00_10 0.050000,
	IN_REP_TO 0.000000, LEGITIMATE_SIGNS 0.000000,
	MSGID_SAMEAS_FROM_HEX_844412 0.100000, MSG_THREAD 0.000000,
	REFERENCES 0.000000, REPLYTO_SAMEAS_FROM 0.000000, SUSP_DH_NEG 0.000000,
	TO_IN_SUBJECT 0.500000, USER_AGENT 0.000000, __ANY_URI 0.000000,
	__AUTH_RES_PASS 0.000000, __BODY_NO_MAILTO 0.000000,
	__BODY_VOICEMAIL 0.000000, __BOUNCE_CHALLENGE_SUBJ 0.000000,
	__BOUNCE_NDR_SUBJ_EXEMPT 0.000000, __CP_URI_IN_BODY 0.000000, __CT 0.000000,
	__CTE 0.000000, __CT_TEXT_PLAIN 0.000000, __DQ_NEG_DOMAIN 0.000000,
	__DQ_NEG_HEUR 0.000000, __DQ_NEG_IP 0.000000, __FORWARDED_MSG 0.000000,
	__FROM_DOMAIN_NOT_IN_BODY 0.000000, __FROM_NAME_NOT_IN_ADDR 0.000000,
	__FROM_NAME_NOT_IN_BODY 0.000000, __FUR_HEADER 0.000000, __HAS_FROM 0.000000,
	__HAS_MSGID 0.000000, __HAS_REFERENCES 0.000000, __HAS_REPLYTO 0.000000,
	__HEADER_ORDER_FROM 0.000000, __HTTPS_URI 0.000000,
	__INVOICE_MULTILINGUAL 0.000000, __IN_REP_TO 0.000000, __MAIL_CHAIN 0.000000,
	__MIME_BOUND_CHARSET 0.000000, __MIME_TEXT_ONLY 0.000000,
	__MIME_TEXT_P 0.000000, __MIME_TEXT_P1 0.000000, __MIME_VERSION 0.000000,
	__MOZILLA_USER_AGENT 0.000000, __MSGID_HEX_844412 0.000000,
	__MULTIPLE_URI_TEXT 0.000000, __NO_HTML_TAG_RAW 0.000000,
	__PHISH_SPEAR_SUBJ_ALERT 0.000000, __REFERENCES 0.000000,
	__REPLYTO_SAMEAS_FROM_ACC 0.000000, __REPLYTO_SAMEAS_FROM_ADDY 0.000000,
	__REPLYTO_SAMEAS_FROM_DOMAIN 0.000000, __SANE_MSGID 0.000000,
	__SCAN_D_NEG 0.000000, __SCAN_D_NEG2 0.000000, __SCAN_D_NEG_HEUR 0.000000,
	__SCAN_D_NEG_HEUR2 0.000000, __SUBJ_ALPHA_END 0.000000,
	__SUBJ_ALPHA_NEGATE 0.000000, __SUBJ_REPLY 0.000000,
	__TO_IN_SUBJECT 0.000000, __TO_MALFORMED_2 0.000000, __TO_NAME 0.000000,
	__TO_NAME_DIFF_FROM_ACC 0.000000, __TO_REAL_NAMES 0.000000,
	__URI_HAS_HYPHEN_USC 0.000000, __URI_IN_BODY 0.000000,
	__URI_IN_BODY_HTTP_X10 0.000000, __URI_NOT_IMG 0.000000,
	__URI_NO_MAILTO 0.000000, __URI_NS 0.000000, __URI_WITHOUT_PATH 0.000000,
	__URI_WITH_PATH 0.000000, __USER_AGENT 0.000000
X-SASI-Probability: 10%
X-SASI-RCODE: 200
X-SASI-Version: Antispam-Engine: 5.1.4, AntispamData: 2024.12.2.213646
Received: from [192.168.10.199] (dtp [192.168.10.199]) by srv2 (Weasel v2.9-0001
 ) for <ecs-isp@2rosenthals.com>; Mon, 02 Dec 2024 23:05:54 -0000
Reply-To: ml@ecomstation.it
Subject: Re: [eCS-ISP] (uacme) certificate renew issue
To: eCS ISP Mailing List <ecs-isp@2rosenthals.com>
References: <list-11290759@2rosenthals.com>
Organization: Massimo S.
Message-ID: <c59246da-4cec-3714-4ec5-97fe31723313@ecomstation.it>
Date: Mon, 2 Dec 2024 23:05:41 +0100
User-Agent: Mozilla/5.0 (OS/2; U; Warp 4.5; it-IT; rv:1.7.13) Gecko/20060424
 Thunderbird/1.0.8 Mnenhy/0.7.4.0
MIME-Version: 1.0
In-Reply-To: <list-11290759@2rosenthals.com>
Content-Type: text/plain; charset=iso-8859-15; format=flowed
Content-Language: it-IT
Content-Transfer-Encoding: 8bit

Hi again,

i'm finding another issue (both with uacme 1.0.19 and 1.2.4):

2024/12/02-22:54:09 hook_domain_it started at 2024/12/02-22:54:09
2024/12/02-22:54:09 method is begin
2024/12/02-22:54:09 type is http-01
2024/12/02-22:54:09 ident is www.domain.it
2024/12/02-22:54:09 token is AzWBUMZKzvC-hsE2sxxOLGT072xue6K4G1_uNzTdiVA
2024/12/02-22:54:09 auth is 
AzWBUMZKzvC-hsE2sxxOLGT072xue6K4G1_uNzTdiVA.zyhanFlpd0tloojCJrdfZjZwx4LbkQHuYa75ndsa-Qs 

http-01
2024/12/02-22:54:09 Creating 
X:\apache\htdocs\domain\.well-known\acme-challenge\AzWBUMZKzvC-hsE2sxxOLGT072xue6K4G1_uNzTdiVA 

2024/12/02-22:54:20
2024/12/02-22:54:20 hook_domain_it started at 2024/12/02-22:54:20
2024/12/02-22:54:20 method is failed
2024/12/02-22:54:20 type is http-01
2024/12/02-22:54:20 ident is www.domain.it
2024/12/02-22:54:20 token is AzWBUMZKzvC-hsE2sxxOLGT072xue6K4G1_uNzTdiVA
2024/12/02-22:54:20 auth is 
AzWBUMZKzvC-hsE2sxxOLGT072xue6K4G1_uNzTdiVA.zyhanFlpd0tloojCJrdfZjZwx4LbkQHuYa75ndsa-Qs 

2024/12/02-22:54:20 DoFailed deleting 
X:\apache\htdocs\domain\.well-known\acme-challenge\AzWBUMZKzvC-hsE2sxxOLGT072xue6K4G1_uNzTdiVA

in this case i see a very strange thing:
first method is begin and type http-01 ok
after i see method is failed and type is http-01

what does it mean method is failed?

(paths are OK, i've checked, i've edited the output here in the email and changed paths and domain name)

this is the error output:

uacme_124: polling challenge status at 
https://acme-v02.api.letsencrypt.org/acme/chall/68817448/438971891387/nEt-XQ 

uacme_124: polling challenge status at 
https://acme-v02.api.letsencrypt.org/acme/chall/68817448/438971891387/nEt-XQ 

uacme_124: challenge https://acme-v02.api.letsencrypt.org/acme/chall/68817448/438971891387/nEt-XQ failed with 
status invalid                                    uacme_124: the server reported the following error: 

{                                                                                   "type": 
"urn:ietf:params:acme:error:unauthorized",
"detail": "1.2.3.4: Invalid response from 
http://www.domain.it/.well-known/acme-challenge/9yu9kfMC1Bn6KX1aCtyK9ih9aofPYAVtVCJCp0FXJ9U: 404",
"status": 403
}                                                                               uacme_124: running 
hook_domain_it.cmd failed http-01 www.domain.it 9yu9kfMC1Bn6KX1aCtyK9ih9aofPYAVtVCJCp0FXJ9U 
9yu9kfMC1Bn6KX1aCtyK9ih9aofPYAVtVCJCp0FXJ9U.zyhanFlpd0tloojCJrdfZjZwx4LbkQHuYa75ndsa-Qs 

uacme_124: failed to authorize order at https://acme-v02.api.letsencrypt.org/acme/order/68817448/329182799707


massimo




Il 02/12/2024 20:59, Massimo S. ha scritto:
> Hi Steven,
> 
> should be possible to add the detection of this situation (here below) in the hook rexx script?
> 
> I guess this is some sort of random outage or overload of LE services
> 
> thanks
> 
> massimo
> 
> 
> uacme: version 1.2.4 starting on Mon, 02 Dec 2024 20:43:22
> uacme: loading key from X:\mptn\etc\ssl\uacme/private/key.pem
> uacme: loading key from X:\mptn\etc\ssl\uacme/private/www.mydomain.it/key.pem
> uacme: X:\mptn\etc\ssl\uacme/private/www.mydomain.it/key.pem not found
> uacme: generating new 2048-bit RSA key
> uacme: key saved to X:\mptn\etc\ssl\uacme/private/www.mydomain.it/key.pem
> uacme: checking existence and expiration of X:\mptn\etc\ssl\uacme/www.mydomain.it/cert.pem
> uacme: X:\mptn\etc\ssl\uacme/www.mydomain.it/cert.pem does not exist
> uacme: fetching directory at https://acme-v02.api.letsencrypt.org/directory
> uacme: retrieving account at https://acme-v02.api.letsencrypt.org/acme/new-acct
> uacme: account location: https://acme-v02.api.letsencrypt.org/acme/acct/68817448
> uacme: creating new order for www.mydomain.it at https://acme-v02.api.letsencrypt.org/acme/new-order
> uacme: order URL: https://acme-v02.api.letsencrypt.org/acme/order/68817448/329152921187
> uacme: retrieving authorization at https://acme-v02.api.letsencrypt.org/acme/authz/68817448/438928803027
> uacme: running hook_mydomain_it.cmd begin dns-01 www.mydomain.it 1qGhfbfScoVq2-48EEuEpG-FF3J_QxMVYflCNO3DTIY 
> X0naA52DHlnb53O0N2PJiKUhKvPucE4MaU_X0v2B_as
> uacme: challenge dns-01 declined
> uacme: running hook_mydomain_it.cmd begin http-01 www.mydomain.it 1qGhfbfScoVq2-48EEuEpG-FF3J_QxMVYflCNO3DTIY 
> 1qGhfbfScoVq2-48EEuEpG-FF3J_QxMVYflCNO3DTIY.zyhanFlpd0tloojCJrdfZjZwx4LbkQHuYa75ndsa-Qs
> uacme: starting challenge at https://acme-v02.api.letsencrypt.org/acme/chall/68817448/438928803027/aa-2Iw
> uacme: polling challenge status at https://acme-v02.api.letsencrypt.org/acme/chall/68817448/438928803027/aa-2Iw
> uacme: polling challenge status at https://acme-v02.api.letsencrypt.org/acme/chall/68817448/438928803027/aa-2Iw
> uacme: polling challenge status at https://acme-v02.api.letsencrypt.org/acme/chall/68817448/438928803027/aa-2Iw
> uacme: polling challenge status at https://acme-v02.api.letsencrypt.org/acme/chall/68817448/438928803027/aa-2Iw
> uacme: running hook_mydomain_it.cmd done http-01 www.mydomain.it 1qGhfbfScoVq2-48EEuEpG-FF3J_QxMVYflCNO3DTIY 
> 1qGhfbfScoVq2-48EEuEpG-FF3J_QxMVYflCNO3DTIY.zyhanFlpd0tloojCJrdfZjZwx4LbkQHuYa75ndsa-Qs
> uacme: polling order status at https://acme-v02.api.letsencrypt.org/acme/order/68817448/329152921187
> uacme: curl_post: POST https://acme-v02.api.letsencrypt.org/acme/order/68817448/329152921187 failed: SSL 
> connect error
> uacme: curl_post: waiting 5 seconds before retrying
> uacme: failed to poll order status at https://acme-v02.api.letsencrypt.org/acme/order/68817448/329152921187
> uacme: the server reported the following error:
> {
>      "type": "urn:ietf:params:acme:error:malformed",
>      "detail": "Invalid Content-Type header on POST. Content-Type must be \"application/jose+json\"",
>      "status": 415
> }
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
>