Poštni seznam arhiviranih sporo?il

Od: "Steven Levine" <ecs-isp@2rosenthals.com> Glava
Izvorno E-sporo?ilo
Zadeva: Re: [eCS-ISP] Getting started with Let's Encrypt
Datum: Fri, 06 Dec 2024 21:42:25 -0800
Za: "eCS ISP Mailing List" <ecs-isp@2rosenthals.com>

In <list-11323400@2rosenthals.com>, on 12/07/24
   at 01:16 PM, "Peter Moylan" <ecs-isp@2rosenthals.com> said:

Hi Peter,

>Would you mind posting that REXX script again? In fact, I hve the
>impression that there have to be two scripts, one for the hook and one to
>invoke uact.

I've uploaded

  uacme-scripts-for-peter-2024-12-06-20240818.zip

to

  www.warpcave.com/betas

The archive includes uacme-scripts-notes.txt which includes a brief
overview to the archive contents and a description of how uacme generated
keys and certs work with apache httpd.

To get started you need to create the c:\etc\ssl\uacme directory that
uacme.exe expects to exist.

Then you need to register yourself with Let's Encrypt using

  uacme -v new

to create your production account.  This will create
c:\etc\ssl\uacme\private\key.pem - your account's private key.

At this point, I believe you will not need a staging account.  Staging
accourts are intended for high volume certificate and tools testing and
you should not need any of this.

Once you are registered, create a script to issue your certificate.  I
recommend you edit a copy of

  issue_wwwmbopinion2.cmd

changing the domain list to match the domain set for the certificate you
want to create.  IIRC, the first domain in the list will determine where
uacme writes the cert and key files.  The resulting script will be
something like

uacme -v -h uacme-hook.cmd issue www.pmoylan.org pmoylan.org ...

Then tweak uacme-hook.cmd so that it writes the token file to the
challenge directory where webserve2 expects to find it.  The relevant code
is between lines 87 and 116.  It should be sufficent for your needs to
force docroot to point to the correct docroot directory and disable the
mapping logic which is specific to how Dan and I organize the vitual
hosts.  The mapping logic is useful because the script will handle any new
domain/docroot setup that follows the rules.  The downside is it's not
going to automatically work for other folks setups.  When time permits, I
plan to modify uacme-hook and uacme-renew to use a single configuration
file which will make the scripts easier to use for others.

Once you have the key and cert files available, all you should need to do
is make them available to webserve2.

>I've tried looking for uact documentation, but my eyesight is weakening
>to the point where I can't read pages on github.

I can commiserate.  Good luck with this.  Both Joan and I are getting
close to needing cataract surgery.  It's more than a bit frustrating not
to be able to read the the speed I once could.

If you have any questions, just ask.

Steven

--
----------------------------------------------------------------------
"Steven Levine" <steve53@earthlink.net>  Warp/DIY/BlueLion etc.
www.scoug.com www.arcanoae.com www.warpcave.com
----------------------------------------------------------------------


Naro?iti: Poro?ilo (Feed), Izvle?ek (Digest), Indeks.
Odjava
E-pošta za mojstra za sezname