From: "Steven Levine" Received: from [192.168.100.201] (HELO mail.2rosenthals.com) by 2rosenthals.com (CommuniGate Pro SMTP 5.4.10) with ESMTP id 11321258 for ecs-isp@2rosenthals.com; Wed, 04 Dec 2024 20:41:30 -0500 Received: from secmgr-va.2rosenthals.com ([50.73.8.217]:49808 helo=mail2.2rosenthals.com) by mail.2rosenthals.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.97.1) (envelope-from ) id 1tJ0ro-000000000mJ-1QAU for ecs-isp@2rosenthals.com; Wed, 04 Dec 2024 20:41:20 -0500 Received: from mta-102b.earthlink-vadesecure.net ([51.81.61.67]:36343 helo=mta-102a.earthlink-vadesecure.net) by mail2.2rosenthals.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.97.1) (envelope-from ) id 1tJ0rf-000000006KC-1RhN for ecs-isp@2rosenthals.com; Wed, 04 Dec 2024 20:41:11 -0500 DKIM-Signature: v=1; a=rsa-sha256; bh=Do4yk77sjIrKlaOsdwIkGyY8MQZ7/P4m0/Y43f 0ttSk=; c=relaxed/relaxed; d=earthlink.net; h=from:reply-to:subject: date:to:cc:resent-date:resent-from:resent-to:resent-cc:in-reply-to: references:list-id:list-help:list-unsubscribe:list-unsubscribe-post: list-subscribe:list-post:list-owner:list-archive; q=dns/txt; s=dk12062016; t=1733362871; x=1733967671; b=aafZX8rIZ49wGA96KxJArlO9E98 75q9p7ROXl9hP4lKu3iBBDNIQWpfMLb+dZX7/RFG1O3dSstD3MfIt8iioSNguV/bI5+2uMY SOcJHuQxxhdqvotNIn8X/uPFwu1o5Bnvnk8Jt5/UmAzZ5LZLVpSzcJ+1hKu8JeJyySZ06z4 lfIfu8iel4QV13RdmJCRVzHaafR2PfUsbdb/NRlr3XpnBSMF8edXbDeK2yZ3g9WgxEgrhoF Z4VmqtEF90Mbvc4ZfrOSCQ7X6ufxiid+BVkE8tQpEvvhaqcTpamsBqnmAWuTTlCr7+eJ4DC lDR7zOG1wu4WLwHTZVnv/aPJDiaUVTQ== Received: from slamain ([172.56.178.196]) by vsel1nmtao02p.internal.vadesecure.com with ngmta id 6f5ab530-180e2458e78f7724; Thu, 05 Dec 2024 01:41:11 +0000 Message-ID: <675102f2.14.mr2ice.fgrirsq@earthlink.net> Date: Wed, 04 Dec 2024 17:33:38 -0800 To: "eCS ISP Mailing List" In-Reply-To: Subject: Re: [eCS-ISP] (uacme) certificate renew issue X-Mailer: MR/2 Internet Cruiser Edition for OS/2 v3.00.11.24/60 In , on 12/04/24 at 06:21 PM, "Massimo S." said: Hi, >i didn't change anything, So you claim. I see you figured out what you changed. :-) >{ >"type": "urn:ietf:params:acme:error:unauthorized", >"detail": "1.2.3.4: Invalid response from >http://www.mydomain.it/.well-known/acme-challenge/pLTPh5BwkH6reeUtEnlynzNgrL8gYSctv1d3-D3eyiM: >404", "status": 403 >} For the layman, uacme is telling us that it could not access to token. When a 404 failure happens, the first thing to do is try the URL outside of uacme with wget or curl wget http://www.mydomain.it/.well-known/acme-challenge/pLTPh5BwkH6reeUtEnlynzNgrL8gYSctv1d3-D3eyiM would have shown that the file really was not accessible. If the token file is gone by the time you are ready to test, create a file named foo in the acme-challenge directory and try wget http://www.mydomain.it/.well-known/acme-challenge/foo >of course it's not an issue on port 80 or some FW rule closing something >i've also tried without firewall This not the most effective way to test. Since uacme cannot retrieve the file you need test whether or not you can retrieve the file outside of uacme. >i've also restarted the web server to avoid performance issues i've check >the paths tenths of times If you had tested with wget and looked at the apache error logs you might have figured out what you did. Steven -- ---------------------------------------------------------------------- "Steven Levine" Warp/DIY/BlueLion etc. www.scoug.com www.arcanoae.com www.warpcave.com ----------------------------------------------------------------------