| | 
| De: | "Steven Levine" <ecs-isp@2rosenthals.com> | Encabezados Completos Mensaje no decodificado
 |  
| Asunto: | Re: [eCS-ISP] Getting started with Let's Encrypt |  
| Fecha: | Fri, 06 Dec 2024 21:42:25 -0800 |  
| Para: | "eCS ISP Mailing List" <ecs-isp@2rosenthals.com> |  | 
|---|
 In <list-11323400@2rosenthals.com>, on 12/07/24
 at 01:16 PM, "Peter Moylan" <ecs-isp@2rosenthals.com> said:
 
 Hi Peter,
 
 >Would you mind posting that REXX script again? In fact, I hve the
 >impression that there have to be two scripts, one for the hook and one to
 >invoke uact.
 
 I've uploaded
 
 uacme-scripts-for-peter-2024-12-06-20240818.zip
 
 to
 
 www.warpcave.com/betas
 
 The archive includes uacme-scripts-notes.txt which includes a brief
 overview to the archive contents and a description of how uacme generated
 keys and certs work with apache httpd.
 
 To get started you need to create the c:\etc\ssl\uacme directory that
 uacme.exe expects to exist.
 
 Then you need to register yourself with Let's Encrypt using
 
 uacme -v new
 
 to create your production account.  This will create
 c:\etc\ssl\uacme\private\key.pem - your account's private key.
 
 At this point, I believe you will not need a staging account.  Staging
 accourts are intended for high volume certificate and tools testing and
 you should not need any of this.
 
 Once you are registered, create a script to issue your certificate.  I
 recommend you edit a copy of
 
 issue_wwwmbopinion2.cmd
 
 changing the domain list to match the domain set for the certificate you
 want to create.  IIRC, the first domain in the list will determine where
 uacme writes the cert and key files.  The resulting script will be
 something like
 
 uacme -v -h uacme-hook.cmd issue www.pmoylan.org pmoylan.org ...
 
 Then tweak uacme-hook.cmd so that it writes the token file to the
 challenge directory where webserve2 expects to find it.  The relevant code
 is between lines 87 and 116.  It should be sufficent for your needs to
 force docroot to point to the correct docroot directory and disable the
 mapping logic which is specific to how Dan and I organize the vitual
 hosts.  The mapping logic is useful because the script will handle any new
 domain/docroot setup that follows the rules.  The downside is it's not
 going to automatically work for other folks setups.  When time permits, I
 plan to modify uacme-hook and uacme-renew to use a single configuration
 file which will make the scripts easier to use for others.
 
 Once you have the key and cert files available, all you should need to do
 is make them available to webserve2.
 
 >I've tried looking for uact documentation, but my eyesight is weakening
 >to the point where I can't read pages on github.
 
 I can commiserate.  Good luck with this.  Both Joan and I are getting
 close to needing cataract surgery.  It's more than a bit frustrating not
 to be able to read the the speed I once could.
 
 If you have any questions, just ask.
 
 Steven
 
 --
 ----------------------------------------------------------------------
 "Steven Levine" <steve53@earthlink.net>  Warp/DIY/BlueLion etc.
 www.scoug.com www.arcanoae.com www.warpcave.com
 ----------------------------------------------------------------------
 
 
 |