From: "Steven Levine" Received: from [192.168.100.201] (HELO mail.2rosenthals.com) by 2rosenthals.com (CommuniGate Pro SMTP 5.4.10) with ESMTP id 11340264 for ecs-isp@2rosenthals.com; Wed, 11 Dec 2024 01:05:30 -0500 Received: from secmgr-va.randr ([192.168.200.201]:38405 helo=mail2.2rosenthals.com) by mail.2rosenthals.com with esmtp (Exim 4.97.1) (envelope-from ) id 1tLFqa-000000002V3-0o7z for ecs-isp@2rosenthals.com; Wed, 11 Dec 2024 01:05:20 -0500 Received: from mta-102b.earthlink-vadesecure.net ([51.81.61.67]:47713 helo=mta-102a.earthlink-vadesecure.net) by mail2.2rosenthals.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.97.1) (envelope-from ) id 1tLFqW-000000007VL-0qHS for ecs-isp@2rosenthals.com; Wed, 11 Dec 2024 01:05:16 -0500 DKIM-Signature: v=1; a=rsa-sha256; bh=adMaS4HZ2Q0jRa8LWzWCc3D5tLlVH2EBIy/NBL XPRH4=; c=relaxed/relaxed; d=earthlink.net; h=from:reply-to:subject: date:to:cc:resent-date:resent-from:resent-to:resent-cc:in-reply-to: references:list-id:list-help:list-unsubscribe:list-unsubscribe-post: list-subscribe:list-post:list-owner:list-archive; q=dns/txt; s=dk12062016; t=1733897116; x=1734501916; b=EKq/5/3TdOJjTjaMB2Kp9vCdRUW S2kNGKIbALducvUTlavXRKgarvUL3yE7W5UqLLiqexpWv9sPLraU7BNfBqLuChVhi9dvvnx f8J8Q245yCPxZevllN9jkQ4AGr+13ceCGp59ofCb4E95LG1SQrSNFHTER4eeilI4c8ZyB1t aCJigqQam3xiL9mNci3DTjmS79JC1u51N5euxjlyyIz9V479TOUsCf5b7xm4TIi0RDClm30 WF9ptDxdeNZoMpqfiIgDDCkiizc16MAavFUuhThk5A5WixW72rxTpFsqh62/gjjbU2toKWc +Tx57pGgLrIB7Z5ojfrijjn1CNarcyA== Received: from slamain ([172.56.178.196]) by vsel1nmtao02p.internal.vadesecure.com with ngmta id c5a873e5-18100a3d70cda483; Wed, 11 Dec 2024 06:05:15 +0000 Message-ID: <675925f1.6.mr2ice.fgrirsq@earthlink.net> Date: Tue, 10 Dec 2024 21:41:05 -0800 To: "eCS ISP Mailing List" In-Reply-To: Subject: Re: [eCS-ISP] Getting started with Let's Encrypt X-Mailer: MR/2 Internet Cruiser Edition for OS/2 v3.00.11.24/60 In , on 12/10/24 at 10:54 AM, "Peter Moylan" said: Hi Peter, >Well, I can report partial success. It turns out that uacme wants a >number of DLLs that existed on my desktop computer but not on my server. >After copying those over, the "uacme -v new" worked, except for an error >message at the end. That should not have occured. What was the error message? >> uacme -v -h uacme-hook.cmd issue www.pmoylan.org pmoylan.org ... This looks fine to me. >Here's the result of that "issue" operation: >[D:\APPS\UACME]uacme -v -h uacme-hook.cmd issue pmoylan.org >www.pmoylan.org mail.pmoylan.org >uacme: version 1.2.4 starting on Tue, 10 Dec 2024 10:06:27 >uacme: loading key from /@unixroot/etc/ssl/uacme/private/key.pem uacme: >loading key from /@unixroot/etc/ssl/uacme/private/pmoylan.org/key.pem >uacme: checking existence and expiration of >/@unixroot/etc/ssl/uacme/pmoylan.org >/cert.pem >uacme: /@unixroot/etc/ssl/uacme/pmoylan.org/cert.pem does not exist So far, so good. Since this is first time you are issuing this certificate, it should not exist. >uacme: fetching directory at >https://acme-v02.api.letsencrypt.org/directory A non-recoverable error >occurred. The process ended. >It looks as if the crash happened at the point of fetching something >from the letsencrypt.org web site. Did uacme really crash or are you just calling the reported failure a crash? If uacme really did crash, you should have a popuplog entry or an exceptq report. >I've checked with Firefox that that >URL gives an apparently valid file. https://acme-v02.api.letsencrypt.org/directory defines the capabilities supported by the Let's Encrypt server and maps the capabilities to URLs. The page is in json format, which is pretty widely used these days. >I now have two key.pem files (and they look OK) but no certificate. You did not mention the file locations, but the key.pem in uacme\private is your account's private key. The other key.pem which probably in the uacme\www.pmoylan.org\private directory is the private key uacme generated to be used with your to be created certificate. >The >only challenge in the .well-known\acme-challenge directory of my web >site is a couple of files left over from a test of two days ago (so I've >deleted those), so the process has not proceeded to the point of >issuing the challenge. Agreed. The console output indicates this. >I don't think that uacme-hook.cmd has yet been invoked, but maybe I >should insert some tracing code into that script to see whether it >started. Why bother if it's not getting run. IAC, there's already plenty of tracing code in the hook. When the hook does get run, it's hard to miss the console output, which also gets written to the log file. How many times did you retry the issue request. The Let's Encrypt site can get busy. This is why the uacme-renew script has retry logic. Just to be sure, I recommend using yum or rpm to ensure that your set of netlabs supplied DLLs is up to date and consistent. Steven -- ---------------------------------------------------------------------- "Steven Levine" Warp/DIY/BlueLion etc. www.scoug.com www.arcanoae.com www.warpcave.com ----------------------------------------------------------------------