From: "Massimo S." <ecs-isp@2rosenthals.com>
Received: from [192.168.100.201] (HELO mail.2rosenthals.com)
  by 2rosenthals.com (CommuniGate Pro SMTP 5.4.10)
  with ESMTP id 11320738 for ecs-isp@2rosenthals.com; Wed, 04 Dec 2024 12:35:50 -0500
Received: from secmgr-va.2rosenthals.com ([50.73.8.217]:45655 helo=mail2.2rosenthals.com)
	by mail.2rosenthals.com with esmtps  (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.97.1)
	(envelope-from <ml@ecomstation.it>)
	id 1tItHo-0000000071R-1oDn
	for ecs-isp@2rosenthals.com;
	Wed, 04 Dec 2024 12:35:41 -0500
Received: from mail2.quasarbbs.net ([80.86.52.115]:10097)
	by mail2.2rosenthals.com with esmtp (Exim 4.97.1)
	(envelope-from <ml@ecomstation.it>)
	id 1tItHh-000000008FD-0Zhm
	for ecs-isp@2rosenthals.com;
	Wed, 04 Dec 2024 12:35:34 -0500
X-SASI-Hits: BODYTEXTP_SIZE_3000_LESS 0.000000, BODY_SIZE_1900_1999 0.000000,
	BODY_SIZE_2000_LESS 0.000000, BODY_SIZE_5000_LESS 0.000000,
	BODY_SIZE_7000_LESS 0.000000, CTE_8BIT 0.000000, HTML_00_01 0.050000,
	HTML_00_10 0.050000, IN_REP_TO 0.000000, LEGITIMATE_SIGNS 0.000000,
	MSGID_SAMEAS_FROM_HEX_844412 0.100000, MSG_THREAD 0.000000,
	REFERENCES 0.000000, REPLYTO_SAMEAS_FROM 0.000000, SENDER_NO_AUTH 0.000000,
	SUSP_DH_NEG 0.000000, TO_IN_SUBJECT 0.500000, USER_AGENT 0.000000,
	__ANY_URI 0.000000, __BODY_NO_MAILTO 0.000000,
	__BOUNCE_CHALLENGE_SUBJ 0.000000, __BOUNCE_NDR_SUBJ_EXEMPT 0.000000,
	__CP_URI_IN_BODY 0.000000, __CT 0.000000, __CTE 0.000000,
	__CT_TEXT_PLAIN 0.000000, __DQ_NEG_DOMAIN 0.000000, __DQ_NEG_HEUR 0.000000,
	__DQ_NEG_IP 0.000000, __FORWARDED_MSG 0.000000,
	__FROM_DOMAIN_NOT_IN_BODY 0.000000, __FROM_NAME_NOT_IN_ADDR 0.000000,
	__FROM_NAME_NOT_IN_BODY 0.000000, __FUR_HEADER 0.000000, __HAS_FROM 0.000000,
	__HAS_MSGID 0.000000, __HAS_REFERENCES 0.000000, __HAS_REPLYTO 0.000000,
	__HEADER_ORDER_FROM 0.000000, __HTTPS_URI 0.000000,
	__INVOICE_MULTILINGUAL 0.000000, __IN_REP_TO 0.000000, __MAIL_CHAIN 0.000000,
	__MIME_BOUND_CHARSET 0.000000, __MIME_TEXT_ONLY 0.000000,
	__MIME_TEXT_P 0.000000, __MIME_TEXT_P1 0.000000, __MIME_VERSION 0.000000,
	__MOZILLA_USER_AGENT 0.000000, __MSGID_HEX_844412 0.000000,
	__MULTIPLE_URI_TEXT 0.000000, __NO_HTML_TAG_RAW 0.000000,
	__PHISH_SPEAR_SUBJ_ALERT 0.000000, __REFERENCES 0.000000,
	__REPLYTO_SAMEAS_FROM_ACC 0.000000, __REPLYTO_SAMEAS_FROM_ADDY 0.000000,
	__REPLYTO_SAMEAS_FROM_DOMAIN 0.000000, __SANE_MSGID 0.000000,
	__SCAN_D_NEG 0.000000, __SCAN_D_NEG2 0.000000, __SCAN_D_NEG_HEUR 0.000000,
	__SCAN_D_NEG_HEUR2 0.000000, __SUBJ_ALPHA_END 0.000000,
	__SUBJ_ALPHA_NEGATE 0.000000, __SUBJ_REPLY 0.000000,
	__TO_IN_SUBJECT 0.000000, __TO_MALFORMED_2 0.000000, __TO_NAME 0.000000,
	__TO_NAME_DIFF_FROM_ACC 0.000000, __TO_REAL_NAMES 0.000000,
	__URI_ENDS_IN_SLASH 0.000000, __URI_HAS_HYPHEN_USC 0.000000,
	__URI_IN_BODY 0.000000, __URI_MAILTO 0.000000, __URI_NOT_IMG 0.000000,
	__URI_NS 0.000000, __URI_WITHOUT_PATH 0.000000, __URI_WITH_PATH 0.000000,
	__USER_AGENT 0.000000, __WEBINAR_PHRASE 0.000000
X-SASI-Probability: 10%
X-SASI-RCODE: 200
X-SASI-Version: Antispam-Engine: 5.1.4, AntispamData: 2024.12.4.165746
X-SASI-Hits: BODYTEXTP_SIZE_3000_LESS 0.000000, BODY_SIZE_1900_1999 0.000000,
	BODY_SIZE_2000_LESS 0.000000, BODY_SIZE_5000_LESS 0.000000,
	BODY_SIZE_7000_LESS 0.000000, CTE_8BIT 0.000000, HTML_00_01 0.050000,
	HTML_00_10 0.050000, IN_REP_TO 0.000000, LEGITIMATE_SIGNS 0.000000,
	MSGID_SAMEAS_FROM_HEX_844412 0.100000, MSG_THREAD 0.000000,
	REFERENCES 0.000000, REPLYTO_SAMEAS_FROM 0.000000, SUSP_DH_NEG 0.000000,
	TO_IN_SUBJECT 0.500000, USER_AGENT 0.000000, __ANY_URI 0.000000,
	__AUTH_RES_PASS 0.000000, __BODY_NO_MAILTO 0.000000,
	__BOUNCE_CHALLENGE_SUBJ 0.000000, __BOUNCE_NDR_SUBJ_EXEMPT 0.000000,
	__CP_URI_IN_BODY 0.000000, __CT 0.000000, __CTE 0.000000,
	__CT_TEXT_PLAIN 0.000000, __DQ_NEG_DOMAIN 0.000000, __DQ_NEG_HEUR 0.000000,
	__DQ_NEG_IP 0.000000, __FORWARDED_MSG 0.000000,
	__FROM_DOMAIN_NOT_IN_BODY 0.000000, __FROM_NAME_NOT_IN_ADDR 0.000000,
	__FROM_NAME_NOT_IN_BODY 0.000000, __FUR_HEADER 0.000000, __HAS_FROM 0.000000,
	__HAS_MSGID 0.000000, __HAS_REFERENCES 0.000000, __HAS_REPLYTO 0.000000,
	__HEADER_ORDER_FROM 0.000000, __HTTPS_URI 0.000000,
	__INVOICE_MULTILINGUAL 0.000000, __IN_REP_TO 0.000000, __MAIL_CHAIN 0.000000,
	__MIME_BOUND_CHARSET 0.000000, __MIME_TEXT_ONLY 0.000000,
	__MIME_TEXT_P 0.000000, __MIME_TEXT_P1 0.000000, __MIME_VERSION 0.000000,
	__MOZILLA_USER_AGENT 0.000000, __MSGID_HEX_844412 0.000000,
	__MULTIPLE_URI_TEXT 0.000000, __NO_HTML_TAG_RAW 0.000000,
	__PHISH_SPEAR_SUBJ_ALERT 0.000000, __REFERENCES 0.000000,
	__REPLYTO_SAMEAS_FROM_ACC 0.000000, __REPLYTO_SAMEAS_FROM_ADDY 0.000000,
	__REPLYTO_SAMEAS_FROM_DOMAIN 0.000000, __SANE_MSGID 0.000000,
	__SCAN_D_NEG 0.000000, __SCAN_D_NEG2 0.000000, __SCAN_D_NEG_HEUR 0.000000,
	__SCAN_D_NEG_HEUR2 0.000000, __SUBJ_ALPHA_END 0.000000,
	__SUBJ_ALPHA_NEGATE 0.000000, __SUBJ_REPLY 0.000000,
	__TO_IN_SUBJECT 0.000000, __TO_MALFORMED_2 0.000000, __TO_NAME 0.000000,
	__TO_NAME_DIFF_FROM_ACC 0.000000, __TO_REAL_NAMES 0.000000,
	__URI_ENDS_IN_SLASH 0.000000, __URI_HAS_HYPHEN_USC 0.000000,
	__URI_IN_BODY 0.000000, __URI_MAILTO 0.000000, __URI_NOT_IMG 0.000000,
	__URI_NS 0.000000, __URI_WITHOUT_PATH 0.000000, __URI_WITH_PATH 0.000000,
	__USER_AGENT 0.000000, __WEBINAR_PHRASE 0.000000
X-SASI-Probability: 10%
X-SASI-RCODE: 200
X-SASI-Version: Antispam-Engine: 5.1.4, AntispamData: 2024.12.4.165746
Received: from [192.168.10.199] (dtp [192.168.10.199]) by srv2 (Weasel v2.9-0001
 ) for <ecs-isp@2rosenthals.com>; Wed, 04 Dec 2024 18:35:36 -0000
Reply-To: ml@ecomstation.it
Subject: Re: [eCS-ISP] (uacme) certificate renew issue - solved
To: eCS ISP Mailing List <ecs-isp@2rosenthals.com>
References: <list-11291264@2rosenthals.com> <list-11320718@2rosenthals.com>
Organization: Massimo S.
Message-ID: <29d1e59a-8825-4125-9b4c-61300b98aec4@ecomstation.it>
Date: Wed, 4 Dec 2024 18:35:31 +0100
User-Agent: Mozilla/5.0 (OS/2; U; Warp 4.5; it-IT; rv:1.7.13) Gecko/20060424
 Thunderbird/1.0.8 Mnenhy/0.7.4.0
MIME-Version: 1.0
In-Reply-To: <list-11320718@2rosenthals.com>
Content-Type: text/plain; charset=iso-8859-15; format=flowed
Content-Language: it-IT
Content-Transfer-Encoding: 8bit



Il 04/12/2024 18:21, Massimo S. ha scritto:
> 
> 
> Il 03/12/2024 06:00, Steven Levine ha scritto:
>> In <list-11290943@2rosenthals.com>, on 12/02/24
>>     at 11:05 PM, "Massimo S." <ecs-isp@2rosenthals.com> said:
>>
>> Hi,
>>
>>
>>> in this case i see a very strange thing:
>>> first method is begin and type http-01 ok
>>> after i see method is failed and type is http-01
>>
>>> what does it mean method is failed?
>>
>> I recommend you review the uacme docs again and look closely the the hook
>> script parameters.  The three methods are begin, done and failed.  I don't
>> really like term method.  The method is really an action request.
>>
>> begin requests the hook to create write the token file.
>>
>> fail tells the hook that the cert update failed and that the hook script
>> should do whatever clean up makes sense.
>>
>> done tells the hook that the crt update was successful and that the hook
>> script should do whatever clean up makes sense.
>>
>> Steven
> 
> hi,
> 
> yes, interesting, but why only this domain is failing?
> i didn't change anything, 2 months ago the certificate got renewed without problems
> i don't understand
> 
> {
> "type": "urn:ietf:params:acme:error:unauthorized",
> "detail": "1.2.3.4: Invalid response from 
> http://www.mydomain.it/.well-known/acme-challenge/pLTPh5BwkH6reeUtEnlynzNgrL8gYSctv1d3-D3eyiM: 404",
> "status": 403
> }
> 
> of course it's not an issue on port 80 or some FW rule closing something
> i've also tried without firewall
> 
> i've also restarted the web server to avoid performance issues
> i've check the paths tenths of times
> i've cheked the DNS, the bind zone
> i don't find anything wrong
> 
> i'm very concerned
> 
> massimo

i've also discovered this useful website:

https://letsdebug.net/

and i also found the issue

i've erased by mistake the http virtual host part in apache httpd.conf.....    :-(
of course now the cert got renewed correctly


massimo