Nachricht #1109 aus Archiv der Liste ecs-isp@2rosenthals.com vorhergehende Nachricht nächste Nachricht zurück zur Liste

Von: "Peter Moylan" <ecs-isp@2rosenthals.com> Kopfzeilen anzeigen
E-Mail Quelltext
Betreff: Re: [eCS-ISP] Getting started with Let's Encrypt
Datum: Thu, 19 Dec 2024 19:21:32 +1100
An: eCS ISP Mailing List <ecs-isp@2rosenthals.com>

On 12/12/24 19:13, Steven Levine wrote:
In <list-11360508@2rosenthals.com>, on 12/12/24 at 04:31 PM, "Peter
Moylan" <ecs-isp@2rosenthals.com> said:

This must have been announced at some stage, and I probably put
the announcement into my "deal with this later" pile.

You must not be on any of the groups.io OS/2 message lists.  The
threads discussing the implementation of hobbesarchive totalled
hundreds of messages.

You're right. I hadn't even heard of groups.io. I've just done some
googling about it, and got as far as getting a list of all groups, but I
couldn't find any mention of OS/2. The problem, I guess, is that I
stopped reading the OS/2 Usenet newsgroups a few years ago, after the
traffic started dying.

Back to the earlier topic. I've had to put aside the question of Let's
Encrypt for a while. That's because I had to make big changes to
WebServe Setup once I realised how to have separate certificates for
different domains. That meant I had to make the TLS properties
per-domain rather than global. In the process of making that change,
something corrupted my resource file. (Possibly a bug in DrDialog, which
I use to create and edit resource files.) After a few attempts failed to
fix the problem, I had to re-create all the WebServe notebooks and
notebook pages from scratch, a tedious job. That's now done.

I still have to modify the server code dealing with certificates, so
that's delayed my planned release of a new WebServe version.

While rewriting the manual, I had a closer look at what I had received
from Let's Encrypt. (It's confusing having two files called key.pem, and
multiple files all called cert.pem, but I guess there's no way around
that. I just have to memorise which directory is which.) That's when I
discovered, last night, that the cert.pem is actually a file containing
two certificates, one for my domain and one for the Let's Encrypt
domain. That makes sense, but was unexpected. For now I've copied them
as cert1.pem and cert2.pem, which is good enough for initial testing,
but I need to develop a longer-term strategy.

Is this form of bundling the two standard practice? That is, do all
certificate authorities do it, or just Let's Encrypt? In the former
case, I can modify my "load certificate" code to handle a sequence of
certificates in the same file. In the latter case, I'm not sure.

--
Peter Moylan                  peter@pmoylan.org
http://www.pmoylan.org
Abonnieren: Nachricht (Feed), Sammelnachricht (Digest), Index.
Abmelden
E-Mail an ListMaster