Mailing List ecs-isp@2rosenthals.com Archived Message #1063

Fra: "Steven Levine" <ecs-isp@2rosenthals.com> Full Headers
Undecoded message
Emne: Re: [eCS-ISP] Getting started with Let's Encrypt
Dato: Sat, 07 Dec 2024 20:57:50 -0800
Til: "eCS ISP Mailing List" <ecs-isp@2rosenthals.com>

In <list-11330729@2rosenthals.com>, on 12/08/24
   at 02:11 PM, "Peter Moylan" <ecs-isp@2rosenthals.com> said:

Hi Peter,

>Thanks for this. I've downloaded it, and am now in the process of reading
>through the scripts to be sure I understand the process, and to see where
>I need to edit the scripts.

>I think I now understand the system, though:
>the probing server wants a token to be inserted at a particular point in
>the HTML document tree, and then it looks to see whether the token is
>there.

Yes, this is how the http-01 verification method works.  It allows Let's
Encrypt to verify that the certificate requester has as least this much
control of the site content.

>I notice that one of your scripts (I forget which) had a comment saying
>that you need to check for prerequisites. You're welcome to copy the
>procedure CheckPrerequisites that is included in some of my Weasel
>utilities, for example
>      ftp://ftp.pmoylan.org/weasel/tools/adduser.cmd
>It's not precisely what you need, but is easy to modify.

Thanks.  I'm aware of the function.  One of the many places I've run into
it is in your qmail.cmd.  The comment was to remind me to add the code to
add the checks, if needed, if the script ever escaped into the wild, which
seems to be happening. :-)

>I was under the impression that C:\etc\SSL was a remnant of a much
>earlier version of OS/2, before SSL was replaced by TLS, so I've been
>using the directory

\etc\SSL has it's origins in the unix world.  The directory never existed
on my systems, until ported Linux apps started to appear.

>     C:\etc\pki\tls
>as a place to keep keys and certificates. It's easy enough to change to
>using the SSL directory, though.

You have the option to override uacme's defaults with the --confdir switch
options.  We decided it was easier to go wi the flow and change to using
the uacme defaults.  Back when we were usin self-signed certs, we put them
in the apache conf directory and gave them unique names based on the
domain name.

>>> I've tried looking for uact documentation, but my eyesight is
>>> weakening to the point where I can't read pages on github.

When I want to read he man page, my goto is

  https://manpages.ubuntu.com/manpages/focal/man1/uacme.1.html

The page format is pretty clean and the text size is easy to adjust.


>I had cataract surgery years ago. My GP advised me not to wait until it
>got bad, but to get it over with even though my symptoms weren't severe.
>It was an easy procedure, after which my vision was good for a number of
>years.

I've had LASIK was was also an easy procedure.

>More recently, though, I've had macular degeneration. My left eye
>is now useless for reading, because of distortion at the focus.

That's a problem.  As I understand it, there are still no really good
treatmen options.

>That made me rediscover a flaw in the design:
>changing the font size changes it for all instances of the shell (and
>also all instances of 4OS2) rather than for just one application.

The design of what?  The WPS?  You can change to font size of one session
without changing the size system wide.  Use the Change button, not the
Save button.

>Oh, and
>the account reconciliation also requires me to hold a magnifying glass
>over my phone, because my bank's online banking is incompatible with
>Firefox for OS/2.

This is where I find a tablet with a large screen handy.  Another option
is to cast the phone screen to a Smart TV.

Steven

--
----------------------------------------------------------------------
"Steven Levine" <steve53@earthlink.net>  Warp/DIY/BlueLion etc.
www.scoug.com www.arcanoae.com www.warpcave.com
----------------------------------------------------------------------


Abboner: Feed, Digest, Index.
Stopp abbonement
E-post til ListMaster