| | 
| Da: | "Peter Moylan" <ecs-isp@2rosenthals.com> | Intestazioni complete Messaggio non codificato
 |  
| Oggetto: | Re: [eCS-ISP] Getting started with Let's Encrypt |  
| Data: | Thu, 19 Dec 2024 19:21:32 +1100 |  
| A: | eCS ISP Mailing List <ecs-isp@2rosenthals.com> |  | 
|---|
 On 12/12/24 19:13, Steven Levine wrote:
 
 In <list-11360508@2rosenthals.com>, on 12/12/24 at 04:31 PM, "PeterMoylan" <ecs-isp@2rosenthals.com> said:
 
 
 This must have been announced at some stage, and I probably putthe announcement into my "deal with this later" pile.
 
 You must not be on any of the groups.io OS/2 message lists.  The
 threads discussing the implementation of hobbesarchive totalled
 hundreds of messages.
 
 You're right. I hadn't even heard of groups.io. I've just done some
 googling about it, and got as far as getting a list of all groups, but I
 couldn't find any mention of OS/2. The problem, I guess, is that I
 stopped reading the OS/2 Usenet newsgroups a few years ago, after the
 traffic started dying.
 
 Back to the earlier topic. I've had to put aside the question of Let's
 Encrypt for a while. That's because I had to make big changes to
 WebServe Setup once I realised how to have separate certificates for
 different domains. That meant I had to make the TLS properties
 per-domain rather than global. In the process of making that change,
 something corrupted my resource file. (Possibly a bug in DrDialog, which
 I use to create and edit resource files.) After a few attempts failed to
 fix the problem, I had to re-create all the WebServe notebooks and
 notebook pages from scratch, a tedious job. That's now done.
 
 I still have to modify the server code dealing with certificates, so
 that's delayed my planned release of a new WebServe version.
 
 While rewriting the manual, I had a closer look at what I had received
 from Let's Encrypt. (It's confusing having two files called key.pem, and
 multiple files all called cert.pem, but I guess there's no way around
 that. I just have to memorise which directory is which.) That's when I
 discovered, last night, that the cert.pem is actually a file containing
 two certificates, one for my domain and one for the Let's Encrypt
 domain. That makes sense, but was unexpected. For now I've copied them
 as cert1.pem and cert2.pem, which is good enough for initial testing,
 but I need to develop a longer-term strategy.
 
 Is this form of bundling the two standard practice? That is, do all
 certificate authorities do it, or just Let's Encrypt? In the former
 case, I can modify my "load certificate" code to handle a sequence of
 certificates in the same file. In the latter case, I'm not sure.
 
 --
 Peter Moylan                  peter@pmoylan.org
 http://www.pmoylan.org
 
 |