From: "Massimo S." <ecs-isp@2rosenthals.com>
Reply-To: ml@ecomstation.it
Subject: Re: [eCS-ISP] Re[2]: [eCS-ISP] Re[2]: [eCS-ISP] SSL cert lifetime
To: eCS ISP Mailing List <ecs-isp@2rosenthals.com>
References: <list-2480176@2rosenthals.com> <list-2480224@2rosenthals.com>
 <list-2490373@2rosenthals.com> <list-2492253@2rosenthals.com>
 <list-2492280@2rosenthals.com> <list-2580448@2rosenthals.com>
Organization: Massimo S.
Message-ID: <afdce2af-34b7-0830-dd9f-4644d70d59ba@ecomstation.it>
Date: Mon, 25 May 2026 19:40:06 +0200
User-Agent: Mozilla/5.0 (OS/2; U; Warp 4.5; it-IT; rv:1.7.13) Gecko/20060424
 Thunderbird/1.0.8 Mnenhy/0.7.4.0
MIME-Version: 1.0
In-Reply-To: <list-2580448@2rosenthals.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: it
Content-Transfer-Encoding: 8bit

Agree.

This stuff (40 days certificate lifetime), like other idiocies i believe are methods built by large companies 
to discourage the birth of new small businesses in the sector,
or to kick out the smaller ones already there.

Over-regulation is a new and terrible phenomenon.

massimo

Il 25/05/2026 18:47, Dan Napier ha scritto:
> Guys,
> 
> As a lifelong Safety and Security person, I have often seen what can only be described as less than optimal 
> soulutons to past system failures.  Or DAS.  Somebody builds a wall that is ten feet high, another comes along 
> with an eleven foot ladder.  Or somebody digs a hole under the wall.  At a recent criminal 
> investigation during a warranted search, I observed  the educated police officer open a tool proof thirty hour 
> safe in about 45 seconds.  So changing the combination daily would not have solved that problem!  "The best 
> laid plans of mice and men gang aft agley"
> 
> Respectfully Submitted
> 
> Dan Napier
> 
> 
> ------ Original Message ------
>  From "Dan Napier" <ecs-isp@2rosenthals.com <mailto:ecs-isp@2rosenthals.com>>
> To "eCS ISP Mailing List" <ecs-isp@2rosenthals.com <mailto:ecs-isp@2rosenthals.com>>
> Date 5/17/2026 7:03:17 PM
> Subject [eCS-ISP] Re[2]: [eCS-ISP] Re[2]: [eCS-ISP] SSL cert lifetime
> 
>> Peter,
>> Yes I think that linux tries much more often. But I have not found that Steve’s script needs to run more 
>> than once. I guess I am just lucky.
>> Cron on the first tenth twentieth and twenty ninth. In the middle of the night on the west coast. But I am 
>> still testing. More news in December.
>> Dan
>>
>> ------ Original Message ------
>> From "Peter Moylan" <ecs-isp@2rosenthals.com <mailto:ecs-isp@2rosenthals.com>>
>> To "eCS ISP Mailing List" <ecs-isp@2rosenthals.com <mailto:ecs-isp@2rosenthals.com>>
>> Date 5/17/2026 17:58:41
>> Subject Re: [eCS-ISP] Re[2]: [eCS-ISP] SSL cert lifetime
>>
>>> On 18/05/26 03:08, Dan Napier wrote:
>>>> Buenso Dai, Chaio, Good day, Well, I am running LE. The mirrored
>>>> servers problem can be solved. You need to be in control of both your
>>>> Apache servers and your DNS servers. It is a security issue so I
>>>> would not dream of discussing that on a public platform. It can be
>>>> accomplished. For a single OS2 apache server with no control to the
>>>> DNS you can use cron to run steven's script on a few days of the
>>>> month. If LE fails to update nothing happens, if it updates it
>>>> updates! I forgot to update and decided to try that so far so good.
>>> Does you "a few days of the month" mean that you are suggesting getting
>>> a new certificate a lot more often than required? I hadn't thought of that.
>>> I'm not using cron to schedule this. Instead, I'm using a feature of
>>> DragText that puts a "Schedule" page into the Properties of every
>>> program object. At present I run my update script once every 80 days.
>>> Let's Encrypt has two main drawbacks:
>>> 1. The short expiry time (90 days).
>>> 2. The fact that an update attempt often fails (busy server?) so that
>>> the job has to be repeated manually.
>>> I keep meaning to write a higher-level script that will check for an
>>> update failure and repeat the attempt an hour or two later. The best
>>> checking method is not yet obvious to me. Parse the log file, or look at
>>> the "last written" date of the certificate file? Probably the latter is
>>> easier.
>>>> Is there a utility that will start to run a script every 47 days? Or
>>>> be smart enuf to remember when it last ran and run 47 days later?
>>> DragText can do that, but I would have thought that cron can also do it.
>>> -- Peter Moylan peter@pmoylan.org <mailto:peter@pmoylan.org>
>>> http://www.pmoylan.org
>>> =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
>>> This message is sent to you because you are subscribed to
>>> the mailing list <ecs-isp@2rosenthals.com <mailto:ecs-isp@2rosenthals.com>>.
>>> To unsubscribe, E-mail to: <ecs-isp-off@2rosenthals.com <mailto:ecs-isp-off@2rosenthals.com>>
>>> To switch to the DIGEST mode, E-mail to <ecs-isp-digest@2rosenthals.com 
>>> <mailto:ecs-isp-digest@2rosenthals.com>>
>>> To switch to the INDEX mode, E-mail to <ecs-isp-index@2rosenthals.com <mailto:ecs-isp-index@2rosenthals.com>>
>>> Send administrative queries to <ecs-isp-request@2rosenthals.com <mailto:ecs-isp-request@2rosenthals.com>>
>>> To subscribe (new addresses), E-mail to: <ecs-isp-on@2rosenthals.com <mailto:ecs-isp-on@2rosenthals.com>> 
>>> and reply to the confirmation email.
>>> Web archives are publicly available at: http://lists.2rosenthals.com
>>> This list is hosted by Rosenthal & Rosenthal, LLC
>>> P.O. Box 281, Deer Park, NY 11729-0281. Non-
>>> electronic communications related to content
>>> contained in these messages should be directed
>>> to the above address. (CAN-SPAM Act of 2003)
>>> =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=