From: "Peter Moylan" <ecs-isp@2rosenthals.com>
Received: from [192.168.100.201] (HELO mail.2rosenthals.com)
  by 2rosenthals.com (CommuniGate Pro SMTP 5.4.10)
  with ESMTP id 2492245 for ecs-isp@2rosenthals.com; Sun, 17 May 2026 20:59:09 -0400
Received: from [192.168.200.201] (port=51851 helo=mail2.2rosenthals.com)
	by mail.2rosenthals.com with esmtp (Exim 4.98.2)
	(envelope-from <peter@pmoylan.org>)
	id 1wOmJw-0000000046i-1C0r
	for ecs-isp@2rosenthals.com;
	Sun, 17 May 2026 20:59:02 -0400
Received: from pmoylan.org ([144.6.37.71]:62297 helo=mail.pmoylan.org)
	by mail2.2rosenthals.com with esmtp (Exim 4.98.2)
	(envelope-from <peter@pmoylan.org>)
	id 1wOmJm-000000004vJ-093V
	for ecs-isp@2rosenthals.com;
	Sun, 17 May 2026 20:58:51 -0400
X-SASI-Hits: BODYTEXTP_SIZE_3000_LESS 0.000000, BODY_ENDS_IN_URL 0.000000,
	BODY_SIZE_1700_1799 0.000000, BODY_SIZE_2000_LESS 0.000000,
	BODY_SIZE_5000_LESS 0.000000, BODY_SIZE_7000_LESS 0.000000,
	CTE_7BIT 0.000000, DKIM_ALIGNS 0.000000, DKIM_SIGNATURE 0.000000,
	HTML_00_01 0.050000, HTML_00_10 0.050000, IN_REP_TO 0.000000,
	KNOWN_MSGID 0.000000, LEGITIMATE_SIGNS 0.000000, MSG_THREAD 0.000000,
	MSG_THREAD_SOLO 0.000000, NO_URI_HTTPS 0.000000, REFERENCES 0.000000,
	SENDER_NO_AUTH 0.000000, SINGLE_URI_IN_BODY 0.000000, SUSP_DH_NEG 0.000000,
	TO_IN_SUBJECT 0.500000, USER_AGENT 0.000000, __ANY_URI 0.000000,
	__BODY_NO_MAILTO 0.000000, __BOUNCE_CHALLENGE_SUBJ 0.000000,
	__BOUNCE_NDR_SUBJ_EXEMPT 0.000000, __CP_URI_IN_BODY 0.000000, __CT 0.000000,
	__CTE 0.000000, __CT_TEXT_PLAIN 0.000000, __DKIM_ALIGNS_1 0.000000,
	__DKIM_ALIGNS_2 0.000000, __DQ_NEG_DOMAIN 0.000000, __DQ_NEG_HEUR 0.000000,
	__DQ_NEG_IP 0.000000, __FORWARDED_MSG 0.000000, __FRAUD_INTRO 0.000000,
	__FUR_HEADER 0.000000, __HAS_FROM 0.000000, __HAS_MSGID 0.000000,
	__HAS_REFERENCES 0.000000, __HEADER_ORDER_FROM 0.000000,
	__INVOICE_MULTILINGUAL 0.000000, __IN_REP_TO 0.000000, __MAIL_CHAIN 0.000000,
	__MIME_BOUND_CHARSET 0.000000, __MIME_TEXT_ONLY 0.000000,
	__MIME_TEXT_P 0.000000, __MIME_TEXT_P1 0.000000, __MIME_VERSION 0.000000,
	__MOZILLA_MSGID 0.000000, __MOZILLA_USER_AGENT 0.000000,
	__NO_HTML_TAG_RAW 0.000000, __PHISH_SPEAR_GREETING 0.000000,
	__RCVD_FROM_DOMAIN 0.000000, __REFERENCES 0.000000, __SANE_MSGID 0.000000,
	__SCAN_D_NEG 0.000000, __SCAN_D_NEG2 0.000000, __SCAN_D_NEG_HEUR 0.000000,
	__SCAN_D_NEG_HEUR2 0.000000, __SINGLE_URI_TEXT 0.000000, __SL_HEAVY 0.000000,
	__SUBJ_ALPHA_END 0.000000, __SUBJ_ALPHA_NEGATE 0.000000,
	__SUBJ_REPLY 0.000000, __TO_IN_SUBJECT 0.000000, __TO_MALFORMED_2 0.000000,
	__TO_NAME 0.000000, __TO_NAME_DIFF_FROM_ACC 0.000000,
	__TO_REAL_NAMES 0.000000, __URI_IN_BODY 0.000000, __URI_MAILTO 0.000000,
	__URI_NOT_IMG 0.000000, __URI_NO_PATH 0.000000, __URI_NS 0.000000,
	__URI_WITHOUT_PATH 0.000000, __USER_AGENT 0.000000
X-SASI-Probability: 9%
X-SASI-RCODE: 200
X-SASI-Version: Antispam-Engine: 5.1.4, AntispamData: 2026.5.18.2719
X-SASI-Hits: BODYTEXTP_SIZE_3000_LESS 0.000000, BODY_ENDS_IN_URL 0.000000,
	BODY_SIZE_1700_1799 0.000000, BODY_SIZE_2000_LESS 0.000000,
	BODY_SIZE_5000_LESS 0.000000, BODY_SIZE_7000_LESS 0.000000,
	CTE_7BIT 0.000000, DKIM_ALIGNS 0.000000, DKIM_SIGNATURE 0.000000,
	HTML_00_01 0.050000, HTML_00_10 0.050000, IN_REP_TO 0.000000,
	KNOWN_MSGID 0.000000, LEGITIMATE_SIGNS 0.000000, MSG_THREAD 0.000000,
	MSG_THREAD_SOLO 0.000000, NO_URI_HTTPS 0.000000, REFERENCES 0.000000,
	SENDER_NO_AUTH 0.000000, SINGLE_URI_IN_BODY 0.000000, SUSP_DH_NEG 0.000000,
	TO_IN_SUBJECT 0.500000, USER_AGENT 0.000000, __ANY_URI 0.000000,
	__BODY_NO_MAILTO 0.000000, __BOUNCE_CHALLENGE_SUBJ 0.000000,
	__BOUNCE_NDR_SUBJ_EXEMPT 0.000000, __CP_URI_IN_BODY 0.000000, __CT 0.000000,
	__CTE 0.000000, __CT_TEXT_PLAIN 0.000000, __DKIM_ALIGNS_1 0.000000,
	__DKIM_ALIGNS_2 0.000000, __DQ_NEG_DOMAIN 0.000000, __DQ_NEG_HEUR 0.000000,
	__DQ_NEG_IP 0.000000, __FORWARDED_MSG 0.000000, __FRAUD_INTRO 0.000000,
	__FUR_HEADER 0.000000, __HAS_FROM 0.000000, __HAS_MSGID 0.000000,
	__HAS_REFERENCES 0.000000, __HEADER_ORDER_FROM 0.000000,
	__INVOICE_MULTILINGUAL 0.000000, __IN_REP_TO 0.000000, __MAIL_CHAIN 0.000000,
	__MIME_BOUND_CHARSET 0.000000, __MIME_TEXT_ONLY 0.000000,
	__MIME_TEXT_P 0.000000, __MIME_TEXT_P1 0.000000, __MIME_VERSION 0.000000,
	__MOZILLA_MSGID 0.000000, __MOZILLA_USER_AGENT 0.000000,
	__NO_HTML_TAG_RAW 0.000000, __PHISH_SPEAR_GREETING 0.000000,
	__RCVD_FROM_DOMAIN 0.000000, __REFERENCES 0.000000, __SANE_MSGID 0.000000,
	__SCAN_D_NEG 0.000000, __SCAN_D_NEG2 0.000000, __SCAN_D_NEG_HEUR 0.000000,
	__SCAN_D_NEG_HEUR2 0.000000, __SINGLE_URI_TEXT 0.000000, __SL_HEAVY 0.000000,
	__SUBJ_ALPHA_END 0.000000, __SUBJ_ALPHA_NEGATE 0.000000,
	__SUBJ_REPLY 0.000000, __TO_IN_SUBJECT 0.000000, __TO_MALFORMED_2 0.000000,
	__TO_NAME 0.000000, __TO_NAME_DIFF_FROM_ACC 0.000000,
	__TO_REAL_NAMES 0.000000, __URI_IN_BODY 0.000000, __URI_MAILTO 0.000000,
	__URI_NOT_IMG 0.000000, __URI_NO_PATH 0.000000, __URI_NS 0.000000,
	__URI_WITHOUT_PATH 0.000000, __USER_AGENT 0.000000
X-SASI-Probability: 9%
X-SASI-RCODE: 200
X-SASI-Version: Antispam-Engine: 5.1.4, AntispamData: 2026.5.18.2719
DKIM-Signature: v=1; q=dns/txt; a=rsa-sha256; c=relaxed/relaxed; s=default;
 d=pmoylan.org;
 bh=ujIcpU5gbOmmK12cukyVXDHe1HwoyAqqA5KbpwrU3wU=;
 h=From:To:Date:Message-ID;
 b=Mcjc7q7Lxs+rUFVNBxy6in0RaormjYYgtzUHtAPaqLlQYUbvTjpF/Tog8ZNy+JD3RlQ3Q
 BfBMYi80aYfAn053RsJ0fqS7x5AiFef3UVewn846ODBaixKYfJywo2omCYhBYR3FrQohEWh
 XrP33fUa4Myk+DXH1Mv3gB6LbkKmGwI=
Received: from [192.168.20.3] (peter.pmoylan.org [192.168.20.3]) by 
 mail.pmoylan.org (Weasel v3.11) for <ecs-isp@2rosenthals.com>; 
 Mon, 18 May 2026 10:58:42 +1000
Subject: Re: [eCS-ISP] Re[2]: [eCS-ISP] SSL cert lifetime
To: eCS ISP Mailing List <ecs-isp@2rosenthals.com>
References: <list-2480176@2rosenthals.com> <list-2480224@2rosenthals.com>
 <list-2490373@2rosenthals.com>
Message-ID: <6A0A6441.8080500@pmoylan.org>
Date: Mon, 18 May 2026 10:58:41 +1000
User-Agent: Mozilla/5.0 (OS/2; Warp 4.5; rv:38.0) Gecko/20100101
 Thunderbird/38.8.0
MIME-Version: 1.0
In-Reply-To: <list-2490373@2rosenthals.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit

On 18/05/26 03:08, Dan Napier wrote:

> Buenso Dai, Chaio, Good day, Well,  I am running LE.  The mirrored
> servers problem can be solved. You need to be in control of both your
> Apache servers and your DNS servers. It is a security issue so I
> would not dream of discussing that on a public platform.  It can be
> accomplished.  For a single OS2 apache server with no control to the
> DNS you can use cron to run steven's script on a few days of the
> month.  If  LE fails to update nothing happens, if it updates it
> updates!  I forgot to update and decided to try that so far so good.

Does you "a few days of the month" mean that you are suggesting getting
a new certificate a lot more often than required? I hadn't thought of that.

I'm not using cron to schedule this. Instead, I'm using a feature of
DragText that puts a "Schedule" page into the Properties of every
program object. At present I run my update script once every 80 days.

Let's Encrypt has two main drawbacks:
1. The short expiry time (90 days).
2. The fact that an update attempt often fails (busy server?) so that
the job has to be repeated manually.

I keep meaning to write a higher-level script that will check for an
update failure and repeat the attempt an hour or two later. The best
checking method is not yet obvious to me. Parse the log file, or look at
the "last written" date of the certificate file? Probably the latter is
easier.

> Is there a utility that will start to run a script every 47 days?  Or
> be smart enuf to remember when it last ran and run 47 days later?

DragText can do that, but I would have thought that cron can also do it.

-- 
Peter Moylan                  peter@pmoylan.org
http://www.pmoylan.org