From: "Peter Moylan" Received: from [192.168.100.201] (HELO mail.2rosenthals.com) by 2rosenthals.com (CommuniGate Pro SMTP 5.4.10) with ESMTP id 11330734 for ecs-isp@2rosenthals.com; Sat, 07 Dec 2024 22:11:31 -0500 Received: from secmgr-va.2rosenthals.com ([50.73.8.217]:38184 helo=mail2.2rosenthals.com) by mail.2rosenthals.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.97.1) (envelope-from ) id 1tK7hY-000000000HL-1wwD for ecs-isp@2rosenthals.com; Sat, 07 Dec 2024 22:11:22 -0500 Received: from pmoylan.org ([144.6.37.71]:58341 helo=mail.pmoylan.org) by mail2.2rosenthals.com with esmtp (Exim 4.97.1) (envelope-from ) id 1tK7hR-000000002qR-1WPk for ecs-isp@2rosenthals.com; Sat, 07 Dec 2024 22:11:15 -0500 X-SASI-Hits: BODY_ENDS_IN_URL 0.000000, BODY_SIZE_3000_3999 0.000000, BODY_SIZE_5000_LESS 0.000000, BODY_SIZE_7000_LESS 0.000000, CTE_7BIT 0.000000, DKIM_ALIGNS 0.000000, DKIM_SIGNATURE 0.000000, HTML_00_01 0.050000, HTML_00_10 0.050000, IN_REP_TO 0.000000, KNOWN_MSGID 0.000000, LEGITIMATE_SIGNS 0.000000, MSG_THREAD 0.000000, NO_URI_HTTPS 0.000000, REFERENCES 0.000000, SENDER_NO_AUTH 0.000000, SUSP_DH_NEG 0.000000, TO_IN_SUBJECT 0.500000, USER_AGENT 0.000000, __ANY_URI 0.000000, __BODY_NO_MAILTO 0.000000, __BOUNCE_CHALLENGE_SUBJ 0.000000, __BOUNCE_NDR_SUBJ_EXEMPT 0.000000, __CP_URI_IN_BODY 0.000000, __CT 0.000000, __CTE 0.000000, __CT_TEXT_PLAIN 0.000000, __DKIM_ALIGNS_1 0.000000, __DKIM_ALIGNS_2 0.000000, __DQ_NEG_DOMAIN 0.000000, __DQ_NEG_HEUR 0.000000, __DQ_NEG_IP 0.000000, __FORWARDED_MSG 0.000000, __FUR_HEADER 0.000000, __HAS_FROM 0.000000, __HAS_MSGID 0.000000, __HAS_REFERENCES 0.000000, __HEADER_ORDER_FROM 0.000000, __INVOICE_MULTILINGUAL 0.000000, __IN_REP_TO 0.000000, __MAIL_CHAIN 0.000000, __MIME_BOUND_CHARSET 0.000000, __MIME_TEXT_ONLY 0.000000, __MIME_TEXT_P 0.000000, __MIME_TEXT_P1 0.000000, __MIME_VERSION 0.000000, __MOZILLA_MSGID 0.000000, __MOZILLA_USER_AGENT 0.000000, __MULTIPLE_URI_TEXT 0.000000, __NO_HTML_TAG_RAW 0.000000, __PHISH_SPEAR_STORAGE_LIMIT2 0.000000, __RCVD_FROM_DOMAIN 0.000000, __REFERENCES 0.000000, __SANE_MSGID 0.000000, __SCAN_D_NEG 0.000000, __SCAN_D_NEG2 0.000000, __SCAN_D_NEG_HEUR 0.000000, __SCAN_D_NEG_HEUR2 0.000000, __SUBJ_ALPHA_END 0.000000, __SUBJ_ALPHA_NEGATE 0.000000, __SUBJ_REPLY 0.000000, __TO_IN_SUBJECT 0.000000, __TO_MALFORMED_2 0.000000, __TO_NAME 0.000000, __TO_NAME_DIFF_FROM_ACC 0.000000, __TO_REAL_NAMES 0.000000, __URI_IN_BODY 0.000000, __URI_MAILTO 0.000000, __URI_NOT_IMG 0.000000, __URI_NS 0.000000, __URI_WITHOUT_PATH 0.000000, __URI_WITH_PATH 0.000000, __USER_AGENT 0.000000 X-SASI-Probability: 9% X-SASI-RCODE: 200 X-SASI-Version: Antispam-Engine: 5.1.4, AntispamData: 2024.12.8.23646 X-SASI-Hits: BODY_ENDS_IN_URL 0.000000, BODY_SIZE_3000_3999 0.000000, BODY_SIZE_5000_LESS 0.000000, BODY_SIZE_7000_LESS 0.000000, CTE_7BIT 0.000000, DKIM_ALIGNS 0.000000, DKIM_SIGNATURE 0.000000, HTML_00_01 0.050000, HTML_00_10 0.050000, IN_REP_TO 0.000000, KNOWN_MSGID 0.000000, LEGITIMATE_SIGNS 0.000000, MSG_THREAD 0.000000, NO_URI_HTTPS 0.000000, REFERENCES 0.000000, SENDER_NO_AUTH 0.000000, SUSP_DH_NEG 0.000000, TO_IN_SUBJECT 0.500000, USER_AGENT 0.000000, __ANY_URI 0.000000, __BODY_NO_MAILTO 0.000000, __BOUNCE_CHALLENGE_SUBJ 0.000000, __BOUNCE_NDR_SUBJ_EXEMPT 0.000000, __CP_URI_IN_BODY 0.000000, __CT 0.000000, __CTE 0.000000, __CT_TEXT_PLAIN 0.000000, __DKIM_ALIGNS_1 0.000000, __DKIM_ALIGNS_2 0.000000, __DQ_NEG_DOMAIN 0.000000, __DQ_NEG_HEUR 0.000000, __DQ_NEG_IP 0.000000, __FORWARDED_MSG 0.000000, __FUR_HEADER 0.000000, __HAS_FROM 0.000000, __HAS_MSGID 0.000000, __HAS_REFERENCES 0.000000, __HEADER_ORDER_FROM 0.000000, __INVOICE_MULTILINGUAL 0.000000, __IN_REP_TO 0.000000, __MAIL_CHAIN 0.000000, __MIME_BOUND_CHARSET 0.000000, __MIME_TEXT_ONLY 0.000000, __MIME_TEXT_P 0.000000, __MIME_TEXT_P1 0.000000, __MIME_VERSION 0.000000, __MOZILLA_MSGID 0.000000, __MOZILLA_USER_AGENT 0.000000, __MULTIPLE_URI_TEXT 0.000000, __NO_HTML_TAG_RAW 0.000000, __PHISH_SPEAR_STORAGE_LIMIT2 0.000000, __RCVD_FROM_DOMAIN 0.000000, __REFERENCES 0.000000, __SANE_MSGID 0.000000, __SCAN_D_NEG 0.000000, __SCAN_D_NEG2 0.000000, __SCAN_D_NEG_HEUR 0.000000, __SCAN_D_NEG_HEUR2 0.000000, __SUBJ_ALPHA_END 0.000000, __SUBJ_ALPHA_NEGATE 0.000000, __SUBJ_REPLY 0.000000, __TO_IN_SUBJECT 0.000000, __TO_MALFORMED_2 0.000000, __TO_NAME 0.000000, __TO_NAME_DIFF_FROM_ACC 0.000000, __TO_REAL_NAMES 0.000000, __URI_IN_BODY 0.000000, __URI_MAILTO 0.000000, __URI_NOT_IMG 0.000000, __URI_NS 0.000000, __URI_WITHOUT_PATH 0.000000, __URI_WITH_PATH 0.000000, __USER_AGENT 0.000000 X-SASI-Probability: 9% X-SASI-RCODE: 200 X-SASI-Version: Antispam-Engine: 5.1.4, AntispamData: 2024.12.8.23646 DKIM-Signature: v=1; q=dns/txt; a=rsa-sha256; c=relaxed/relaxed; s=default; d=pmoylan.org; bh=8pNWki/3OQseCEdbqPhnEer3D2l0tNzBt0QQmwabaBA=; h=From:To:Date:Message-ID; b=bBy38pdnkUVXO4quqBeQvDUZEKG1pLfjmbxuaXLbg3V/Zo1jdmDHWvOqV/IK2hIuhnilM r5jtDD2PcEW+iDAVK5ZeKlKTQZUOXR7/OddM8h0uuBbsrZLWArld88EIp3c6Qzg7cFmU3F2 fGYE3BAOKnO046I38GflO+stYy5Tbt8= Received: from [192.168.20.3] (peter.pmoylan.org [192.168.20.3]) by mail.pmoylan.org (Weasel v3.0) for ; Sun, 08 Dec 2024 14:11:06 +1100 Subject: Re: [eCS-ISP] Getting started with Let's Encrypt To: eCS ISP Mailing List References: Message-ID: <67550E48.3020701@pmoylan.org> Date: Sun, 8 Dec 2024 14:11:04 +1100 User-Agent: Mozilla/5.0 (OS/2; Warp 4.5; rv:38.0) Gecko/20100101 Thunderbird/38.8.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit On 07/12/24 16:42, Steven Levine wrote: > In , on 12/07/24 at 01:16 PM, "Peter > Moylan" said: > > Hi Peter, > >> Would you mind posting that REXX script again? In fact, I hve the >> impression that there have to be two scripts, one for the hook and >> one to invoke uact. > > I've uploaded > > uacme-scripts-for-peter-2024-12-06-20240818.zip > > to > > www.warpcave.com/betas > > The archive includes uacme-scripts-notes.txt which includes a brief > overview to the archive contents and a description of how uacme > generated keys and certs work with apache httpd. Thanks for this. I've downloaded it, and am now in the process of reading through the scripts to be sure I understand the process, and to see where I need to edit the scripts. I think I now understand the system, though: the probing server wants a token to be inserted at a particular point in the HTML document tree, and then it looks to see whether the token is there. I notice that one of your scripts (I forget which) had a comment saying that you need to check for prerequisites. You're welcome to copy the procedure CheckPrerequisites that is included in some of my Weasel utilities, for example ftp://ftp.pmoylan.org/weasel/tools/adduser.cmd It's not precisely what you need, but is easy to modify. > To get started you need to create the c:\etc\ssl\uacme directory > that uacme.exe expects to exist. I was under the impression that C:\etc\SSL was a remnant of a much earlier version of OS/2, before SSL was replaced by TLS, so I've been using the directory C:\etc\pki\tls as a place to keep keys and certificates. It's easy enough to change to using the SSL directory, though. > Then you need to ... [details saved for when I get to the next step] >> I've tried looking for uact documentation, but my eyesight is >> weakening to the point where I can't read pages on github. > > I can commiserate. Good luck with this. Both Joan and I are > getting close to needing cataract surgery. It's more than a bit > frustrating not to be able to read the the speed I once could. I had cataract surgery years ago. My GP advised me not to wait until it got bad, but to get it over with even though my symptoms weren't severe. It was an easy procedure, after which my vision was good for a number of years. More recently, though, I've had macular degeneration. My left eye is now useless for reading, because of distortion at the focus. The right eye is still good but I now have trouble with small fonts or inadequate lighting. I still do bank account reconciliation with a program that I wrote back in the MS-DOS days. Lately I've had to change the fonts for an OS/2 command shell to 22 x 12, which means the shell takes up more than a quarter of the screen size. That made me rediscover a flaw in the design: changing the font size changes it for all instances of the shell (and also all instances of 4OS2) rather than for just one application. Oh, and the account reconciliation also requires me to hold a magnifying glass over my phone, because my bank's online banking is incompatible with Firefox for OS/2. Another example: I'm learning Irish, but the only way I can use my Irish-English dictionary is with a torch (flashlight). Otherwise the contrast is not good enough. -- Peter Moylan peter@pmoylan.org http://www.pmoylan.org