From: "Massimo S." <ecs-isp@2rosenthals.com>
Received: from [192.168.100.201] (HELO mail.2rosenthals.com)
  by 2rosenthals.com (CommuniGate Pro SMTP 5.4.10)
  with ESMTP id 2040012 for ecs-isp@2rosenthals.com; Wed, 08 Apr 2026 03:12:39 -0400
Received: from [192.168.200.201] (port=42380 helo=mail2.2rosenthals.com)
	by mail.2rosenthals.com with esmtp (Exim 4.98.2)
	(envelope-from <ml@ecomstation.it>)
	id 1wAN5S-000000006M7-0wvu
	for ecs-isp@2rosenthals.com;
	Wed, 08 Apr 2026 03:12:31 -0400
Received: from mail2.quasarbbs.net ([80.86.52.115]:10150)
	by mail2.2rosenthals.com with esmtp (Exim 4.98.2)
	(envelope-from <ml@ecomstation.it>)
	id 1wAN5N-000000008C2-0ML4
	for ecs-isp@2rosenthals.com;
	Wed, 08 Apr 2026 03:12:26 -0400
X-SASI-Hits: B2B_THREAD_SOLO 0.000000, BODYTEXTP_SIZE_3000_LESS 0.000000,
	BODY_SIZE_2000_2999 0.000000, BODY_SIZE_5000_LESS 0.000000,
	BODY_SIZE_7000_LESS 0.000000, CTE_7BIT 0.000000, DKIM_ALIGNS 0.000000,
	DKIM_SIGNATURE 0.000000, HTML_00_01 0.050000, HTML_00_10 0.050000,
	IN_REP_TO 0.000000, LEGITIMATE_SIGNS 0.000000,
	MSGID_SAMEAS_FROM_HEX_844412 0.100000, MSG_THREAD 0.000000,
	MSG_THREAD_SOLO 0.000000, REFERENCES 0.000000, REPLYTO_SAMEAS_FROM 0.000000,
	SENDER_NO_AUTH 0.000000, SUSPECT_AGG3 0.000000, SUSP_DH_NEG 0.000000,
	TO_IN_SUBJECT 0.500000, TRANSACTIONAL 0.000000, URI_WITH_PATH_ONLY 0.000000,
	USER_AGENT 0.000000, __ANY_URI 0.000000, __B2B_PROBE 0.000000,
	__BODY_NO_MAILTO 0.000000, __BODY_VOICEMAIL 0.000000,
	__BOUNCE_CHALLENGE_SUBJ 0.000000, __BOUNCE_NDR_SUBJ_EXEMPT 0.000000,
	__CP_URI_IN_BODY 0.000000, __CT 0.000000, __CTE 0.000000,
	__CT_TEXT_PLAIN 0.000000, __DKIM_ALIGNS_1 0.000000, __DKIM_ALIGNS_2 0.000000,
	__DQ_NEG_DOMAIN 0.000000, __DQ_NEG_HEUR 0.000000, __DQ_NEG_IP 0.000000,
	__FORWARDED_MSG 0.000000, __FROM_DOMAIN_NOT_IN_BODY 0.000000,
	__FROM_NAME_NOT_IN_ADDR 0.000000, __FROM_NAME_NOT_IN_BODY 0.000000,
	__FUR_HEADER 0.000000, __HAS_FROM 0.000000, __HAS_MSGID 0.000000,
	__HAS_REFERENCES 0.000000, __HAS_REPLYTO 0.000000,
	__HEADER_ORDER_FROM 0.000000, __HTTPS_URI 0.000000, __IN_REP_TO 0.000000,
	__MAIL_CHAIN 0.000000, __MIME_BOUND_CHARSET 0.000000,
	__MIME_TEXT_ONLY 0.000000, __MIME_TEXT_P 0.000000, __MIME_TEXT_P1 0.000000,
	__MIME_VERSION 0.000000, __MOZILLA_USER_AGENT 0.000000,
	__MSGID_HEX_844412 0.000000, __MULTIPLE_URI_TEXT 0.000000,
	__NO_HTML_TAG_RAW 0.000000, __PHISH_SUBJ_PHRASE9 0.000000,
	__REFERENCES 0.000000, __REPLYTO_SAMEAS_FROM_ACC 0.000000,
	__REPLYTO_SAMEAS_FROM_ADDY 0.000000, __REPLYTO_SAMEAS_FROM_DOMAIN 0.000000,
	__SANE_MSGID 0.000000, __SCAN_D_NEG 0.000000, __SCAN_D_NEG2 0.000000,
	__SCAN_D_NEG_HEUR 0.000000, __SCAN_D_NEG_HEUR2 0.000000, __SL_HEAVY 0.000000,
	__SUBJ_ALPHA_END 0.000000, __SUBJ_ALPHA_NEGATE 0.000000,
	__SUBJ_REPLY 0.000000, __SUBJ_TRANSACTIONAL 0.000000, __SUBJ_TR_GEN 0.000000,
	__TO_IN_SUBJECT 0.000000, __TO_MALFORMED_2 0.000000, __TO_NAME 0.000000,
	__TO_NAME_DIFF_FROM_ACC 0.000000, __TO_REAL_NAMES 0.000000,
	__URI_HAS_HYPHEN_USC 0.000000, __URI_IN_BODY 0.000000, __URI_MAILTO 0.000000,
	__URI_NOT_IMG 0.000000, __URI_NO_WWW 0.000000, __URI_NS 0.000000,
	__URI_WITH_PATH 0.000000, __USER_AGENT 0.000000
X-SASI-Probability: 10%
X-SASI-RCODE: 200
X-SASI-Version: Antispam-Engine: 5.1.4, AntispamData: 2026.4.8.62719
X-SASI-Hits: B2B_THREAD_SOLO 0.000000, BODYTEXTP_SIZE_3000_LESS 0.000000,
	BODY_SIZE_2000_2999 0.000000, BODY_SIZE_5000_LESS 0.000000,
	BODY_SIZE_7000_LESS 0.000000, CTE_7BIT 0.000000, DKIM_ALIGNS 0.000000,
	DKIM_SIGNATURE 0.000000, HTML_00_01 0.050000, HTML_00_10 0.050000,
	IN_REP_TO 0.000000, LEGITIMATE_SIGNS 0.000000,
	MSGID_SAMEAS_FROM_HEX_844412 0.100000, MSG_THREAD 0.000000,
	MSG_THREAD_SOLO 0.000000, REFERENCES 0.000000, REPLYTO_SAMEAS_FROM 0.000000,
	SUSPECT_AGG3 0.000000, SUSP_DH_NEG 0.000000, TO_IN_SUBJECT 0.500000,
	TRANSACTIONAL 0.000000, URI_WITH_PATH_ONLY 0.000000, USER_AGENT 0.000000,
	__ANY_URI 0.000000, __AUTH_RES_PASS 0.000000, __B2B_PROBE 0.000000,
	__BODY_NO_MAILTO 0.000000, __BODY_VOICEMAIL 0.000000,
	__BOUNCE_CHALLENGE_SUBJ 0.000000, __BOUNCE_NDR_SUBJ_EXEMPT 0.000000,
	__CP_URI_IN_BODY 0.000000, __CT 0.000000, __CTE 0.000000,
	__CT_TEXT_PLAIN 0.000000, __DKIM_ALIGNS_1 0.000000, __DKIM_ALIGNS_2 0.000000,
	__DQ_NEG_DOMAIN 0.000000, __DQ_NEG_HEUR 0.000000, __DQ_NEG_IP 0.000000,
	__FORWARDED_MSG 0.000000, __FROM_DOMAIN_NOT_IN_BODY 0.000000,
	__FROM_NAME_NOT_IN_ADDR 0.000000, __FROM_NAME_NOT_IN_BODY 0.000000,
	__FUR_HEADER 0.000000, __HAS_FROM 0.000000, __HAS_MSGID 0.000000,
	__HAS_REFERENCES 0.000000, __HAS_REPLYTO 0.000000,
	__HEADER_ORDER_FROM 0.000000, __HTTPS_URI 0.000000, __IN_REP_TO 0.000000,
	__MAIL_CHAIN 0.000000, __MIME_BOUND_CHARSET 0.000000,
	__MIME_TEXT_ONLY 0.000000, __MIME_TEXT_P 0.000000, __MIME_TEXT_P1 0.000000,
	__MIME_VERSION 0.000000, __MOZILLA_USER_AGENT 0.000000,
	__MSGID_HEX_844412 0.000000, __MULTIPLE_URI_TEXT 0.000000,
	__NO_HTML_TAG_RAW 0.000000, __PHISH_SUBJ_PHRASE9 0.000000,
	__REFERENCES 0.000000, __REPLYTO_SAMEAS_FROM_ACC 0.000000,
	__REPLYTO_SAMEAS_FROM_ADDY 0.000000, __REPLYTO_SAMEAS_FROM_DOMAIN 0.000000,
	__SANE_MSGID 0.000000, __SCAN_D_NEG 0.000000, __SCAN_D_NEG2 0.000000,
	__SCAN_D_NEG_HEUR 0.000000, __SCAN_D_NEG_HEUR2 0.000000, __SL_HEAVY 0.000000,
	__SUBJ_ALPHA_END 0.000000, __SUBJ_ALPHA_NEGATE 0.000000,
	__SUBJ_REPLY 0.000000, __SUBJ_TRANSACTIONAL 0.000000, __SUBJ_TR_GEN 0.000000,
	__TO_IN_SUBJECT 0.000000, __TO_MALFORMED_2 0.000000, __TO_NAME 0.000000,
	__TO_NAME_DIFF_FROM_ACC 0.000000, __TO_REAL_NAMES 0.000000,
	__URI_HAS_HYPHEN_USC 0.000000, __URI_IN_BODY 0.000000, __URI_MAILTO 0.000000,
	__URI_NOT_IMG 0.000000, __URI_NO_WWW 0.000000, __URI_NS 0.000000,
	__URI_WITH_PATH 0.000000, __USER_AGENT 0.000000
X-SASI-Probability: 10%
X-SASI-RCODE: 200
X-SASI-Version: Antispam-Engine: 5.1.4, AntispamData: 2026.4.8.62719
DKIM-Signature: v=1; q=dns/txt; a=rsa-sha256; c=relaxed/relaxed; s=default;
 d=ecomstation.it;
 bh=DjUgNmOQtF1Gq80SW/0FEWpLICwPyfInRqw3ljI9Zj8=;
 h=Return-Path:From:To:Subject:Date:Message-ID;
 b=L+xymCoMC3YLY/VvzFymYqscuzuRnBs9pmQRk+S6RgmLDI6pXulaVxgJN98WNUz3dAsKI
 MVWh1Uj21rNgFwWoi1eDaUZii+rRIwVnpYXd+VdF3s1tri96bcZ6lH+9zGvl9zBCUsIYwk8
 y6JQnWXzZCRhQSPdyirISlpWyNsSjgki8CPn2ZjnujsRrCB0ukwv7LVD3nqpelqzflkI5QL
 dTD0M9CQeQdoK18jjhtLeBdV8LTbIirwo7V6WlvJDQRn0HoTjP0CfeBuhIAjrjouq5XTTSt
 lzwe1NrtG1l2y+7pR3wjYlsm1gwx4q4G3+fx7lxvtu1+gDNnb2tUMCSYhaJw==
Received: from [192.168.10.199] (dtp [192.168.10.199]) by srv2 (Weasel v3.099)
  for <ecs-isp@2rosenthals.com>; Wed, 08 Apr 2026 09:12:19 -0000
Reply-To: ml@ecomstation.it
Subject: Re: [eCS-ISP] LE certificate renewal fails when using CRON2
To: eCS ISP Mailing List <ecs-isp@2rosenthals.com>
References: <list-2031159@2rosenthals.com>
Organization: Massimo S.
Message-ID: <df201b5a-a601-4198-8edb-d79073c70537@ecomstation.it>
Date: Wed, 8 Apr 2026 09:12:17 +0200
User-Agent: Mozilla/5.0 (OS/2; U; Warp 4.5; it-IT; rv:1.7.13) Gecko/20060424
 Thunderbird/1.0.8 Mnenhy/0.7.4.0
MIME-Version: 1.0
In-Reply-To: <list-2031159@2rosenthals.com>
Content-Type: text/plain; charset=iso-8859-15; format=flowed
Content-Language: it
Content-Transfer-Encoding: 7bit

Il 08/04/2026 08:10, Steven Levine ha scritto:
> In <list-2030831@2rosenthals.com>, on 04/07/26
>     at 10:13 PM, "Massimo S." <ecs-isp@2rosenthals.com> said:
> 
> Hi Massimo,
> 
>> if i start the script manually from the command line everything works
>> correctly, but instead when the script is started by the scheduler
>> (CRON2) it fails with this:
> 
> When did the start happening or did it never work from cron?

never, it only works if i start it manually

>> uacme: fetching directory at
>> https://acme-v02.api.letsencrypt.org/directory uacme: curl_get: GET
>> https://acme-v02.api.letsencrypt.org/directory failed: Problem with the
>> SSL CA cert  (path? access rights?)
>> uacme: curl_get: waiting 5 seconds before retrying
> 
> When Let's Encrypt is overloaded, it can have problems access with
> accessing URLs on it's server.  The relevant code is
> 
> curlwrap.c:116
>          res = curl_easy_perform(curl);
>          if (res != CURLE_OK) {
>              warnx("curl_get: GET %s failed: %s", url,
>                      curl_easy_strerror(res));
>              curldata_free(c);
>              c = NULL;
> 
> I would normally suspect a problem at the server end, but since you can
> run from the command line, it must be something else.
> 
> ATM, I have no idea what cron2 might be doing to mess up the runtime
> environment for uacme, but it must be doing something.
> 
> You could try turning on logging.  You could try running full screen or
> not minimized.
> 
> 
> Steven

the script as first thing is copying a firerule that has port 80 open
for injoy fw, then it reload the fw rules

after it start webserve and after it start uacme

my suspect is that running it scheduled it don't execute something,
maybe it do not correctly open port 80 even if i see from logs
that the fw rules get reloaded

this is a mail server so port 80 is not opened by default
and webserve is ran only to renew the popS and TLS certificate

i've added a "go >file.txt", but i've seen that all the
right processes are loaded in memory while the script
is running

now i've added also a netstat -s and -l
i hope they can help

i've also seen curl stuff (dll, exe etc.) and they are on
pair with other VMs where the renewal works, but there
i'm not using webserve, but apache

massimo