From: "Steven Levine" Received: from [192.168.100.201] (HELO mail.2rosenthals.com) by 2rosenthals.com (CommuniGate Pro SMTP 5.4.10) with ESMTP id 11323467 for ecs-isp@2rosenthals.com; Sat, 07 Dec 2024 01:33:19 -0500 Received: from [192.168.200.201] (port=46217 helo=mail2.2rosenthals.com) by mail.2rosenthals.com with esmtp (Exim 4.97.1) (envelope-from ) id 1tJoNK-000000003H3-1dhc for ecs-isp@2rosenthals.com; Sat, 07 Dec 2024 01:33:10 -0500 Received: from mta-101b.earthlink-vadesecure.net ([51.81.61.61]:33839 helo=mta-101a.earthlink-vadesecure.net) by mail2.2rosenthals.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.97.1) (envelope-from ) id 1tJoNA-000000004f7-0x7I for ecs-isp@2rosenthals.com; Sat, 07 Dec 2024 01:33:00 -0500 DKIM-Signature: v=1; a=rsa-sha256; bh=YuUA8Ex4sz4OYtZZ0BlKTPW/bA63heGxUxeULE Xhi+s=; c=relaxed/relaxed; d=earthlink.net; h=from:reply-to:subject: date:to:cc:resent-date:resent-from:resent-to:resent-cc:in-reply-to: references:list-id:list-help:list-unsubscribe:list-unsubscribe-post: list-subscribe:list-post:list-owner:list-archive; q=dns/txt; s=dk12062016; t=1733553179; x=1734157979; b=rutwoV0dDp/DqkauG7DDqvbaw1r AQdTdRkOJ15Viy8a//dCssbM0MuuB4pzvrgiQu3y7+InhxoyuKrrWQxzgdiLpGkYEoi5soY pOzPWS6P53T4QETw7CnNxYGuSjMCUFfPo1wxYMP53yJEpYgVPTSWi8ito/mSTQBkBhOV1Vf IqQbKOU4h7E8Tt5BWQ+GGbmQ8BIX+n6/DZ4N1NcHN/4tbYO8IonD7asoH8kHsSt396PLUMF a2tucdkp03ldB4L87IWZz+gfL9joaV6squth3vnUMord78HVWSdl5jGulAgIlySjpWItNsB 98ihUFQjxzG2vafRMbfLJTOQYZjsAEA== Received: from slamain ([172.56.178.196]) by vsel1nmtao01p.internal.vadesecure.com with ngmta id 1cc67e62-180ed16e9720621b; Sat, 07 Dec 2024 06:32:59 +0000 Message-ID: <6753e041.33.mr2ice.fgrirsq@earthlink.net> Date: Fri, 06 Dec 2024 21:42:25 -0800 To: "eCS ISP Mailing List" In-Reply-To: Subject: Re: [eCS-ISP] Getting started with Let's Encrypt X-Mailer: MR/2 Internet Cruiser Edition for OS/2 v3.00.11.24/60 In , on 12/07/24 at 01:16 PM, "Peter Moylan" said: Hi Peter, >Would you mind posting that REXX script again? In fact, I hve the >impression that there have to be two scripts, one for the hook and one to >invoke uact. I've uploaded uacme-scripts-for-peter-2024-12-06-20240818.zip to www.warpcave.com/betas The archive includes uacme-scripts-notes.txt which includes a brief overview to the archive contents and a description of how uacme generated keys and certs work with apache httpd. To get started you need to create the c:\etc\ssl\uacme directory that uacme.exe expects to exist. Then you need to register yourself with Let's Encrypt using uacme -v new to create your production account. This will create c:\etc\ssl\uacme\private\key.pem - your account's private key. At this point, I believe you will not need a staging account. Staging accourts are intended for high volume certificate and tools testing and you should not need any of this. Once you are registered, create a script to issue your certificate. I recommend you edit a copy of issue_wwwmbopinion2.cmd changing the domain list to match the domain set for the certificate you want to create. IIRC, the first domain in the list will determine where uacme writes the cert and key files. The resulting script will be something like uacme -v -h uacme-hook.cmd issue www.pmoylan.org pmoylan.org ... Then tweak uacme-hook.cmd so that it writes the token file to the challenge directory where webserve2 expects to find it. The relevant code is between lines 87 and 116. It should be sufficent for your needs to force docroot to point to the correct docroot directory and disable the mapping logic which is specific to how Dan and I organize the vitual hosts. The mapping logic is useful because the script will handle any new domain/docroot setup that follows the rules. The downside is it's not going to automatically work for other folks setups. When time permits, I plan to modify uacme-hook and uacme-renew to use a single configuration file which will make the scripts easier to use for others. Once you have the key and cert files available, all you should need to do is make them available to webserve2. >I've tried looking for uact documentation, but my eyesight is weakening >to the point where I can't read pages on github. I can commiserate. Good luck with this. Both Joan and I are getting close to needing cataract surgery. It's more than a bit frustrating not to be able to read the the speed I once could. If you have any questions, just ask. Steven -- ---------------------------------------------------------------------- "Steven Levine" Warp/DIY/BlueLion etc. www.scoug.com www.arcanoae.com www.warpcave.com ----------------------------------------------------------------------