From: "Peter Moylan" <ecs-isp@2rosenthals.com>
Received: from [192.168.100.201] (HELO mail.2rosenthals.com)
  by 2rosenthals.com (CommuniGate Pro SMTP 5.4.10)
  with ESMTP id 11490309 for ecs-isp@2rosenthals.com; Thu, 19 Dec 2024 03:22:00 -0500
Received: from secmgr-va.randr ([192.168.200.201]:37125 helo=mail2.2rosenthals.com)
	by mail.2rosenthals.com with esmtp (Exim 4.97.1)
	(envelope-from <peter@pmoylan.org>)
	id 1tOBn4-000000005AV-1Ome
	for ecs-isp@2rosenthals.com;
	Thu, 19 Dec 2024 03:21:52 -0500
Received: from pmoylan.org ([144.6.37.71]:59225 helo=mail.pmoylan.org)
	by mail2.2rosenthals.com with esmtp (Exim 4.97.1)
	(envelope-from <peter@pmoylan.org>)
	id 1tOBmu-000000004yb-1t9D
	for ecs-isp@2rosenthals.com;
	Thu, 19 Dec 2024 03:21:42 -0500
X-SASI-Hits: BODYTEXTP_SIZE_3000_LESS 0.000000, BODY_ENDS_IN_URL 0.000000,
	BODY_SIZE_2000_2999 0.000000, BODY_SIZE_5000_LESS 0.000000,
	BODY_SIZE_7000_LESS 0.000000, CTE_7BIT 0.000000, DKIM_ALIGNS 0.000000,
	DKIM_SIGNATURE 0.000000, HTML_00_01 0.050000, HTML_00_10 0.050000,
	IN_REP_TO 0.000000, KNOWN_MSGID 0.000000, LEGITIMATE_SIGNS 0.000000,
	MSG_THREAD 0.000000, NO_URI_HTTPS 0.000000, REFERENCES 0.000000,
	SENDER_NO_AUTH 0.000000, SINGLE_URI_IN_BODY 0.000000, SUSP_DH_NEG 0.000000,
	TO_IN_SUBJECT 0.500000, USER_AGENT 0.000000, __ANY_URI 0.000000,
	__BODY_NO_MAILTO 0.000000, __BOUNCE_CHALLENGE_SUBJ 0.000000,
	__BOUNCE_NDR_SUBJ_EXEMPT 0.000000, __CP_URI_IN_BODY 0.000000, __CT 0.000000,
	__CTE 0.000000, __CT_TEXT_PLAIN 0.000000, __DKIM_ALIGNS_1 0.000000,
	__DKIM_ALIGNS_2 0.000000, __DQ_NEG_DOMAIN 0.000000, __DQ_NEG_HEUR 0.000000,
	__DQ_NEG_IP 0.000000, __FORWARDED_MSG 0.000000, __FUR_HEADER 0.000000,
	__HAS_FROM 0.000000, __HAS_MSGID 0.000000, __HAS_REFERENCES 0.000000,
	__HEADER_ORDER_FROM 0.000000, __IN_REP_TO 0.000000, __MAIL_CHAIN 0.000000,
	__MIME_BOUND_CHARSET 0.000000, __MIME_TEXT_ONLY 0.000000,
	__MIME_TEXT_P 0.000000, __MIME_TEXT_P1 0.000000, __MIME_VERSION 0.000000,
	__MOZILLA_MSGID 0.000000, __MOZILLA_USER_AGENT 0.000000,
	__NO_HTML_TAG_RAW 0.000000, __RCVD_FROM_DOMAIN 0.000000,
	__REFERENCES 0.000000, __SANE_MSGID 0.000000, __SCAN_D_NEG 0.000000,
	__SCAN_D_NEG2 0.000000, __SCAN_D_NEG_HEUR 0.000000,
	__SCAN_D_NEG_HEUR2 0.000000, __SINGLE_URI_TEXT 0.000000,
	__SUBJ_ALPHA_END 0.000000, __SUBJ_ALPHA_NEGATE 0.000000,
	__SUBJ_REPLY 0.000000, __TO_IN_SUBJECT 0.000000, __TO_MALFORMED_2 0.000000,
	__TO_NAME 0.000000, __TO_NAME_DIFF_FROM_ACC 0.000000,
	__TO_REAL_NAMES 0.000000, __URI_IN_BODY 0.000000, __URI_MAILTO 0.000000,
	__URI_NOT_IMG 0.000000, __URI_NO_PATH 0.000000, __URI_NS 0.000000,
	__URI_WITHOUT_PATH 0.000000, __USER_AGENT 0.000000
X-SASI-Probability: 9%
X-SASI-RCODE: 200
X-SASI-Version: Antispam-Engine: 5.1.4, AntispamData: 2024.12.19.74246
X-SASI-Hits: BODYTEXTP_SIZE_3000_LESS 0.000000, BODY_ENDS_IN_URL 0.000000,
	BODY_SIZE_2000_2999 0.000000, BODY_SIZE_5000_LESS 0.000000,
	BODY_SIZE_7000_LESS 0.000000, CTE_7BIT 0.000000, DKIM_ALIGNS 0.000000,
	DKIM_SIGNATURE 0.000000, HTML_00_01 0.050000, HTML_00_10 0.050000,
	IN_REP_TO 0.000000, KNOWN_MSGID 0.000000, LEGITIMATE_SIGNS 0.000000,
	MSG_THREAD 0.000000, NO_URI_HTTPS 0.000000, REFERENCES 0.000000,
	SENDER_NO_AUTH 0.000000, SINGLE_URI_IN_BODY 0.000000, SUSP_DH_NEG 0.000000,
	TO_IN_SUBJECT 0.500000, USER_AGENT 0.000000, __ANY_URI 0.000000,
	__BODY_NO_MAILTO 0.000000, __BOUNCE_CHALLENGE_SUBJ 0.000000,
	__BOUNCE_NDR_SUBJ_EXEMPT 0.000000, __CP_URI_IN_BODY 0.000000, __CT 0.000000,
	__CTE 0.000000, __CT_TEXT_PLAIN 0.000000, __DKIM_ALIGNS_1 0.000000,
	__DKIM_ALIGNS_2 0.000000, __DQ_NEG_DOMAIN 0.000000, __DQ_NEG_HEUR 0.000000,
	__DQ_NEG_IP 0.000000, __FORWARDED_MSG 0.000000, __FUR_HEADER 0.000000,
	__HAS_FROM 0.000000, __HAS_MSGID 0.000000, __HAS_REFERENCES 0.000000,
	__HEADER_ORDER_FROM 0.000000, __IN_REP_TO 0.000000, __MAIL_CHAIN 0.000000,
	__MIME_BOUND_CHARSET 0.000000, __MIME_TEXT_ONLY 0.000000,
	__MIME_TEXT_P 0.000000, __MIME_TEXT_P1 0.000000, __MIME_VERSION 0.000000,
	__MOZILLA_MSGID 0.000000, __MOZILLA_USER_AGENT 0.000000,
	__NO_HTML_TAG_RAW 0.000000, __RCVD_FROM_DOMAIN 0.000000,
	__REFERENCES 0.000000, __SANE_MSGID 0.000000, __SCAN_D_NEG 0.000000,
	__SCAN_D_NEG2 0.000000, __SCAN_D_NEG_HEUR 0.000000,
	__SCAN_D_NEG_HEUR2 0.000000, __SINGLE_URI_TEXT 0.000000,
	__SUBJ_ALPHA_END 0.000000, __SUBJ_ALPHA_NEGATE 0.000000,
	__SUBJ_REPLY 0.000000, __TO_IN_SUBJECT 0.000000, __TO_MALFORMED_2 0.000000,
	__TO_NAME 0.000000, __TO_NAME_DIFF_FROM_ACC 0.000000,
	__TO_REAL_NAMES 0.000000, __URI_IN_BODY 0.000000, __URI_MAILTO 0.000000,
	__URI_NOT_IMG 0.000000, __URI_NO_PATH 0.000000, __URI_NS 0.000000,
	__URI_WITHOUT_PATH 0.000000, __USER_AGENT 0.000000
X-SASI-Probability: 9%
X-SASI-RCODE: 200
X-SASI-Version: Antispam-Engine: 5.1.4, AntispamData: 2024.12.19.74246
DKIM-Signature: v=1; q=dns/txt; a=rsa-sha256; c=relaxed/relaxed; s=default;
 d=pmoylan.org;
 bh=gSucHSdpdgtqdeTqYJ5APOZVkHa8FiriiAoS6ufqrlQ=;
 h=From:To:Date:Message-ID;
 b=I7rvVzaxjHbAhqn51OupUxXLs8VVRTEaBphc8zv7oe6b9lTkl79BzW2Nq3eTecHKlPBEW
 2bpWGwUgl4SJscTypkzvbsdhx9pbmvl+V0JcX7xY7mjfNSKJxTjO75729DHyLyS91Ry4PbC
 U2xAngBPgEGEBJC5rHDaz+7s8IzfQWM=
Received: from [192.168.20.3] (peter.pmoylan.org [192.168.20.3]) by 
 mail.pmoylan.org (Weasel v3.0) for <ecs-isp@2rosenthals.com>; 
 Thu, 19 Dec 2024 19:21:33 +1100
Subject: Re: [eCS-ISP] Getting started with Let's Encrypt
To: eCS ISP Mailing List <ecs-isp@2rosenthals.com>
References: <list-11360531@2rosenthals.com>
Message-ID: <6763D78C.3090205@pmoylan.org>
Date: Thu, 19 Dec 2024 19:21:32 +1100
User-Agent: Mozilla/5.0 (OS/2; Warp 4.5; rv:38.0) Gecko/20100101
 Thunderbird/38.8.0
MIME-Version: 1.0
In-Reply-To: <list-11360531@2rosenthals.com>
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 7bit

On 12/12/24 19:13, Steven Levine wrote:
> In <list-11360508@2rosenthals.com>, on 12/12/24 at 04:31 PM, "Peter
> Moylan" <ecs-isp@2rosenthals.com> said:
>
>> This must have been announced at some stage, and I probably put
>> the announcement into my "deal with this later" pile.
>
> You must not be on any of the groups.io OS/2 message lists.  The
> threads discussing the implementation of hobbesarchive totalled
> hundreds of messages.

You're right. I hadn't even heard of groups.io. I've just done some
googling about it, and got as far as getting a list of all groups, but I
couldn't find any mention of OS/2. The problem, I guess, is that I
stopped reading the OS/2 Usenet newsgroups a few years ago, after the
traffic started dying.

Back to the earlier topic. I've had to put aside the question of Let's
Encrypt for a while. That's because I had to make big changes to
WebServe Setup once I realised how to have separate certificates for
different domains. That meant I had to make the TLS properties
per-domain rather than global. In the process of making that change,
something corrupted my resource file. (Possibly a bug in DrDialog, which
I use to create and edit resource files.) After a few attempts failed to
fix the problem, I had to re-create all the WebServe notebooks and
notebook pages from scratch, a tedious job. That's now done.

I still have to modify the server code dealing with certificates, so
that's delayed my planned release of a new WebServe version.

While rewriting the manual, I had a closer look at what I had received
from Let's Encrypt. (It's confusing having two files called key.pem, and
multiple files all called cert.pem, but I guess there's no way around
that. I just have to memorise which directory is which.) That's when I
discovered, last night, that the cert.pem is actually a file containing
two certificates, one for my domain and one for the Let's Encrypt
domain. That makes sense, but was unexpected. For now I've copied them
as cert1.pem and cert2.pem, which is good enough for initial testing,
but I need to develop a longer-term strategy.

Is this form of bundling the two standard practice? That is, do all
certificate authorities do it, or just Let's Encrypt? In the former
case, I can modify my "load certificate" code to handle a sequence of
certificates in the same file. In the latter case, I'm not sure.

-- 
Peter Moylan                  peter@pmoylan.org
http://www.pmoylan.org