From: "Peter Moylan" <ecs-isp@2rosenthals.com>
Subject: Re: [eCS-ISP] Getting started with Let's Encrypt
To: eCS ISP Mailing List <ecs-isp@2rosenthals.com>
References: <list-11323468@2rosenthals.com>
Message-ID: <67556E24.90707@pmoylan.org>
Date: Sun, 8 Dec 2024 21:00:04 +1100
User-Agent: Mozilla/5.0 (OS/2; Warp 4.5; rv:38.0) Gecko/20100101
 Thunderbird/38.8.0
MIME-Version: 1.0
In-Reply-To: <list-11323468@2rosenthals.com>
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 7bit

On 07/12/24 16:42, Steven Levine wrote:

> Then you need to register yourself with Let's Encrypt using
>
> uacme -v new
>
> to create your production account.  This will create
> c:\etc\ssl\uacme\private\key.pem - your account's private key.

SYS1804: The system cannot find the file GTLS30.

I've tracked down a copy of gnutls-3.5.8.zip from OS2Site, and extracted
GTLS30.DLL from that.

SYS1804: The system cannot find the file CURL4.

Hmm. ANPM says that I have curl installed. It sounds as if I'm going to
be spending a few days on a DLL hunt. I think I'll switch to another job
before tackling that.

> going to automatically work for other folks setups.  When time
> permits, I plan to modify uacme-hook and uacme-renew to use a single
> configuration file which will make the scripts easier to use for
> others.

Suggestion: modify the format of your uacme-renew.domains file so that
the first field on each line gives the HTML document root for that
domain. Because, no matter what "logical" file layout plan you devise,
you will find installations where that arrangement doesn't work.

Some time back I rearranged my HTML files to put them all in
subdirectories of D:\Domains. But it turned out that my main domain
pmoylan.org (the only one that's in serious use at present) broke the
logical pattern, because I ended up with directories
D:\Domains\pmoylan.org\Public and D:\Domains\pmoylan.org\Private. The
private part is necessary because I have a lot of password-protected web
pages, and also several password-protected FTP accounts. In hindsight, I
now see that I should change D:\Domains\pmoylan.org\Private to
D:\Domains\Private\pmoylan.org, and move everything in the "Public" part
one level up in the tree, so that all the public pages in all domains
follow a simple logical tree structure. But to do this I'll have to
change some directory entries in Setup for WebServe, FtpServer,
SFtpServer, and maybe some others that I've forgotten. Reorganisation
always has a cost.

I noticed that your uacme-hook has a lot of error checking that could,
in my opinion, be once-only checks. (In my case, the error messages
prompted me to create a number of directories that didn't exist.) If I
were doing that job, I'd write a separate "configure" script that
created all the necessary directories and configuration file, and where
needed prompted the user for some locations; and then simplify the
uacme-hook code.

-- 
Peter Moylan                  peter@pmoylan.org
http://www.pmoylan.org