From: "Dan Napier" <ecs-isp@2rosenthals.com>
To: "eCS ISP Mailing List" <ecs-isp@2rosenthals.com>
Subject: Re: [eCS-ISP] Re[2]: [eCS-ISP] Re[2]: [eCS-ISP] SSL cert lifetime
Date: Mon, 25 May 2026 16:47:12 +0000
Message-Id: <em5eb5f618-109e-4ee1-85a1-2134c6d693d6@cihcsp.com>
In-Reply-To: <list-2492280@2rosenthals.com>
References: <list-2480176@2rosenthals.com> <list-2480224@2rosenthals.com>
 <list-2490373@2rosenthals.com> <list-2492253@2rosenthals.com>
 <list-2492280@2rosenthals.com>
Reply-To: "Dan Napier" <dan@cihcsp.com>
User-Agent: eMClient/10.4.0.0
MIME-Version: 1.0
Content-Type: multipart/alternative;
 boundary="------=_MBBA0FE609-7D93-46A1-BE6F-BA2FEE4E50DD"

--------=_MBBA0FE609-7D93-46A1-BE6F-BA2FEE4E50DD
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: quoted-printable

Guys,

As a lifelong Safety and Security person, I have often seen what can=20
only be described as less than optimal soulutons to past system=20
failures.  Or DAS.  Somebody builds a wall that is ten feet high,=20
another comes along with an eleven foot ladder.  Or somebody digs a hole=20
under the wall.  At a recent criminal investigation during a warranted=20
search, I observed  the educated police officer open a tool proof thirty=20
hour safe in about 45 seconds.  So changing the combination daily would=20
not have solved that problem!  "The best laid plans of mice and men gang=20
aft agley"

Respectfully Submitted

Dan Napier


------ Original Message ------
From "Dan Napier" <ecs-isp@2rosenthals.com>
To "eCS ISP Mailing List" <ecs-isp@2rosenthals.com>
Date 5/17/2026 7:03:17 PM
Subject [eCS-ISP] Re[2]: [eCS-ISP] Re[2]: [eCS-ISP] SSL cert lifetime

>Peter,
>Yes I think that linux tries much more often. But I have not found that=20
>Steve=E2=80=99s script needs to run more than once. I guess I am just luck=
y.
>Cron on the first tenth twentieth and twenty ninth. In the middle of=20
>the night on the west coast. But I am still testing. More news in=20
>December.
>Dan
>
>------ Original Message ------
>From "Peter Moylan" <ecs-isp@2rosenthals.com>
>To "eCS ISP Mailing List" <ecs-isp@2rosenthals.com>
>Date 5/17/2026 17:58:41
>Subject Re: [eCS-ISP] Re[2]: [eCS-ISP] SSL cert lifetime
>
>>On 18/05/26 03:08, Dan Napier wrote:
>>
>>>Buenso Dai, Chaio, Good day, Well,  I am running LE.  The mirrored
>>>servers problem can be solved. You need to be in control of both your
>>>Apache servers and your DNS servers. It is a security issue so I
>>>would not dream of discussing that on a public platform.  It can be
>>>accomplished.  For a single OS2 apache server with no control to the
>>>DNS you can use cron to run steven's script on a few days of the
>>>month.  If  LE fails to update nothing happens, if it updates it
>>>updates!  I forgot to update and decided to try that so far so good.
>>
>>Does you "a few days of the month" mean that you are suggesting getting
>>a new certificate a lot more often than required? I hadn't thought of tha=
t.
>>
>>I'm not using cron to schedule this. Instead, I'm using a feature of
>>DragText that puts a "Schedule" page into the Properties of every
>>program object. At present I run my update script once every 80 days.
>>
>>Let's Encrypt has two main drawbacks:
>>1. The short expiry time (90 days).
>>2. The fact that an update attempt often fails (busy server?) so that
>>the job has to be repeated manually.
>>
>>I keep meaning to write a higher-level script that will check for an
>>update failure and repeat the attempt an hour or two later. The best
>>checking method is not yet obvious to me. Parse the log file, or look at
>>the "last written" date of the certificate file? Probably the latter is
>>easier.
>>
>>>Is there a utility that will start to run a script every 47 days?  Or
>>>be smart enuf to remember when it last ran and run 47 days later?
>>
>>DragText can do that, but I would have thought that cron can also do it.
>>
>>-- Peter Moylan                  peter@pmoylan.org
>>http://www.pmoylan.org
>>
>>=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=
=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D
>>This message is sent to you because you are subscribed to
>>  the mailing list <ecs-isp@2rosenthals.com>.
>>To unsubscribe, E-mail to: <ecs-isp-off@2rosenthals.com>
>>To switch to the DIGEST mode, E-mail to <ecs-isp-digest@2rosenthals.com>
>>To switch to the INDEX mode, E-mail to <ecs-isp-index@2rosenthals.com>
>>Send administrative queries to  <ecs-isp-request@2rosenthals.com>
>>To subscribe (new addresses), E-mail to: <ecs-isp-on@2rosenthals.com> and =
reply to the confirmation email.
>>Web archives are publicly available at: http://lists.2rosenthals.com
>>
>>This list is hosted by Rosenthal & Rosenthal, LLC
>>P.O. Box 281, Deer Park, NY 11729-0281. Non-
>>electronic communications related to content
>>contained in these messages should be directed
>>to the above address. (CAN-SPAM Act of 2003)
>>
>>=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=
=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D
>>
--------=_MBBA0FE609-7D93-46A1-BE6F-BA2FEE4E50DD
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: quoted-printable

<html><head>

<style type=3D"text/css"><!--#x8c0d0f42f820459 blockquote.cite2
{margin-left: 5px; margin-right: 0px; padding-left: 10px; padding-right: 0p=
x; border-left: 1px solid rgb(204, 204, 204); margin-top: 3px; padding-top: =
0px;}
#x8c0d0f42f820459 a
{word-break: break-word;}
#x8c0d0f42f820459
{font-family: -apple-system, "Segoe UI", "Helvetica Neue", Helvetica, Arial=
, sans-serif;}
--></style><style id=3D"css_styles" type=3D"text/css"><!--blockquote.cite { =
margin-left: 5px; margin-right: 0px; padding-left: 10px; padding-right:0px=
; border-left: 1px solid #cccccc }
blockquote.cite2 {margin-left: 5px; margin-right: 0px; padding-left: 10px;=
 padding-right:0px; border-left: 1px solid #cccccc; margin-top: 3px; padding=
-top: 0px; }
a img { border: 0px; }
li[style=3D'text-align: center;'], li[style=3D'text-align: center; '], li[s=
tyle=3D'text-align: right;'], li[style=3D'text-align: right; '] {  list-sty=
le-position: inside;}
body { font-family: 'Segoe UI'; font-size: 12pt; }
.quote { margin-left: 1em; margin-right: 1em; border-left: 5px #ebebeb soli=
d; padding-left: 0.3em; }
a.em-mention[href] { text-decoration: none; color: inherit; border-radius:=
 3px; padding-left: 2px; padding-right: 2px; background-color: #e2e2e2; }
._em_placeholder {color: gray; border-bottom: 1px dotted lightblue;} ._em_p=
laceholder:before{color:gray; content: '{{ ';} ._em_placeholder:after{color=
:gray; content: ' }}';}
--></style>


</head>
<body><div>Guys,</div><div><br /></div><div>As a lifelong Safety and Securi=
ty person, I have often seen what can only be described as less than optima=
l soulutons to past system failures.=C2=A0 Or DAS.=C2=A0 Somebody builds a=
 wall that is ten feet high, another comes along with an eleven foot ladder.=
=C2=A0 Or somebody digs a hole under the wall.=C2=A0 At a recent criminal i=
nvestigation=C2=A0during a warranted search,=C2=A0I observed=C2=A0 the educ=
ated police officer open a tool proof thirty hour safe in about 45 seconds.=
=C2=A0 So changing the combination daily would not have solved that problem=
!=C2=A0 "The best laid plans of mice and men gang=C2=A0aft=C2=A0agley"=C2=
=A0=C2=A0</div><div><span><br /></span></div><div><span>Respectfully Submit=
ted</span></div><div><span><br /></span></div><div><span>Dan Napier</span><=
/div>
<div><br /></div>
<div x-em-replyforwardheader=3D""><br /></div>
<div>
<div>------ Original Message ------</div>
<div>From "Dan Napier" &lt;<a href=3D"mailto:ecs-isp@2rosenthals.com">ecs-i=
sp@2rosenthals.com</a>&gt;</div>
<div>To "eCS ISP Mailing List" &lt;<a href=3D"mailto:ecs-isp@2rosenthals.co=
m">ecs-isp@2rosenthals.com</a>&gt;</div>
<div>Date 5/17/2026 7:03:17 PM</div>
<div>Subject [eCS-ISP] Re[2]: [eCS-ISP] Re[2]: [eCS-ISP] SSL cert lifetime<=
/div></div><div x-em-quote=3D""><br /></div>
<div id=3D"x8c0d0f42f820459"><blockquote cite=3D"list-2492280@2rosenthals.c=
om" type=3D"cite" class=3D"cite2">
<div>Peter,</div><div dir=3D"auto">Yes I think that linux tries much more o=
ften. But I have not found that Steve=E2=80=99s script needs to run more th=
an once. I guess I am just lucky.=C2=A0</div><div dir=3D"auto">Cron on the=
 first tenth twentieth and twenty ninth. In the middle of the night on the w=
est coast. But I am still testing. More news in December.=C2=A0</div><div d=
ir=3D"auto">Dan</div>
<div x-em-replyforwardheader=3D""><br /></div>
<div>
<div>------ Original Message ------</div>
<div>From "Peter Moylan" &lt;<a href=3D"mailto:ecs-isp@2rosenthals.com">ecs=
-isp@2rosenthals.com</a>&gt;</div>
<div>To "eCS ISP Mailing List" &lt;<a href=3D"mailto:ecs-isp@2rosenthals.co=
m">ecs-isp@2rosenthals.com</a>&gt;</div>
<div>Date 5/17/2026 17:58:41</div>
<div>Subject Re: [eCS-ISP] Re[2]: [eCS-ISP] SSL cert lifetime</div></div><d=
iv x-em-quote=3D""><br /></div>
<div id=3D"xe6eb871d0c6a49d" class=3D"plain"><blockquote cite=3D"list-24922=
53@2rosenthals.com" type=3D"cite" class=3D"cite2">

<div class=3D"plain_line">On 18/05/26 03:08, Dan Napier wrote:</div>
<div class=3D"plain_line">=C2=A0</div>
<blockquote type=3D"cite" class=3D"cite2">
<div class=3D"plain_line">Buenso Dai, Chaio, Good day, Well,  I am running=
 LE.  The mirrored</div>
<div class=3D"plain_line">servers problem can be solved. You need to be in=
 control of both your</div>
<div class=3D"plain_line">Apache servers and your DNS servers. It is a secu=
rity issue so I</div>
<div class=3D"plain_line">would not dream of discussing that on a public pl=
atform.  It can be</div>
<div class=3D"plain_line">accomplished.  For a single OS2 apache server wit=
h no control to the</div>
<div class=3D"plain_line">DNS you can use cron to run steven's script on a=
 few days of the</div>
<div class=3D"plain_line">month.  If  LE fails to update nothing happens, i=
f it updates it</div>
<div class=3D"plain_line">updates!  I forgot to update and decided to try t=
hat so far so good.</div>
</blockquote>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line">Does you "a few days of the month" mean that you=
 are suggesting getting</div>
<div class=3D"plain_line">a new certificate a lot more often than required? =
I hadn't thought of that.</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line">I'm not using cron to schedule this. Instead, I'm =
using a feature of</div>
<div class=3D"plain_line">DragText that puts a "Schedule" page into the Pro=
perties of every</div>
<div class=3D"plain_line">program object. At present I run my update script =
once every 80 days.</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line">Let's Encrypt has two main drawbacks:</div>
<div class=3D"plain_line">1. The short expiry time (90 days).</div>
<div class=3D"plain_line">2. The fact that an update attempt often fails (b=
usy server?) so that</div>
<div class=3D"plain_line">the job has to be repeated manually.</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line">I keep meaning to write a higher-level script tha=
t will check for an</div>
<div class=3D"plain_line">update failure and repeat the attempt an hour or=
 two later. The best</div>
<div class=3D"plain_line">checking method is not yet obvious to me. Parse t=
he log file, or look at</div>
<div class=3D"plain_line">the "last written" date of the certificate file?=
 Probably the latter is</div>
<div class=3D"plain_line">easier.</div>
<div class=3D"plain_line">=C2=A0</div>
<blockquote type=3D"cite" class=3D"cite2">
<div class=3D"plain_line">Is there a utility that will start to run a scrip=
t every 47 days?  Or</div>
<div class=3D"plain_line">be smart enuf to remember when it last ran and ru=
n 47 days later?</div>
</blockquote>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line">DragText can do that, but I would have thought th=
at cron can also do it.</div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line">-- Peter Moylan                  <a href=3D"mailt=
o:peter@pmoylan.org">peter@pmoylan.org</a></div>
<div class=3D"plain_line"><a href=3D"http://www.pmoylan.org">http://www.pmo=
ylan.org</a></div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line">=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=
=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D=
-=3D-=3D</div>
<div class=3D"plain_line">This message is sent to you because you are subsc=
ribed to</div>
<div class=3D"plain_line"> the mailing list &lt;<a href=3D"mailto:ecs-isp@2=
rosenthals.com">ecs-isp@2rosenthals.com</a>&gt;.</div>
<div class=3D"plain_line">To unsubscribe, E-mail to: &lt;<a href=3D"mailto:=
ecs-isp-off@2rosenthals.com">ecs-isp-off@2rosenthals.com</a>&gt;</div>
<div class=3D"plain_line">To switch to the DIGEST mode, E-mail to &lt;<a hr=
ef=3D"mailto:ecs-isp-digest@2rosenthals.com">ecs-isp-digest@2rosenthals.com=
</a>&gt;</div>
<div class=3D"plain_line">To switch to the INDEX mode, E-mail to &lt;<a hre=
f=3D"mailto:ecs-isp-index@2rosenthals.com">ecs-isp-index@2rosenthals.com</a=
>&gt;</div>
<div class=3D"plain_line">Send administrative queries to  &lt;<a href=3D"ma=
ilto:ecs-isp-request@2rosenthals.com">ecs-isp-request@2rosenthals.com</a>&g=
t;</div>
<div class=3D"plain_line">To subscribe (new addresses), E-mail to: &lt;<a h=
ref=3D"mailto:ecs-isp-on@2rosenthals.com">ecs-isp-on@2rosenthals.com</a>&gt=
; and reply to the confirmation email.</div>
<div class=3D"plain_line">Web archives are publicly available at: <a href=
=3D"http://lists.2rosenthals.com">http://lists.2rosenthals.com</a></div>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line">This list is hosted by Rosenthal &amp; Rosenthal, =
LLC</div>
<div class=3D"plain_line">P.O. Box 281, Deer Park, NY 11729-0281. Non-</div=
>
<div class=3D"plain_line">electronic communications related to content</div=
>
<div class=3D"plain_line">contained in these messages should be directed</d=
iv>
<div class=3D"plain_line">to the above address. (CAN-SPAM Act of 2003)</div=
>
<div class=3D"plain_line">=C2=A0</div>
<div class=3D"plain_line">=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=
=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D=
-=3D-=3D</div>
<div class=3D"plain_line">=C2=A0</div>
</blockquote></div>


</blockquote></div>
</body></html>
--------=_MBBA0FE609-7D93-46A1-BE6F-BA2FEE4E50DD--