| Da: |
"Doug Bissett" <ecs-isp@2rosenthals.com> |
Intestazioni complete
Messaggio non codificato |
| Oggetto: |
Re: [eCS-ISP] Re[2]: [eCS-ISP] Re[2]: [eCS-ISP] SSL cert lifetime |
| Data: |
Mon, 25 May 2026 14:06:49 -0600 (MDT) |
| A: |
"eCS ISP Mailing List" <ecs-isp@2rosenthals.com> |
|
|---|
I don't think it is malicious. It is more likely a futile attempt to look like "they" are doing something about the problem. 47 days is a simple target, that AI should be able to defeat in a day, or two. The main problem is, that "they" can't seem to get their act together, and stop the abuse of the internet.
On 2026-05-25, at 19:40:06, Massimo S. wrote:
>
>Agree.
>
>This stuff (40 days certificate lifetime), like other idiocies i believe are methods built by large companies to
>discourage the birth of new small businesses in the sector,
>or to kick out the smaller ones already there.
>
>Over-regulation is a new and terrible phenomenon.
>
>massimo
>
>Il 25/05/2026 18:47, Dan Napier ha scritto:
>>Guys,
>>As a lifelong Safety and Security person, I have often seen what can only be described as less than
>optimal soulutons to past system failures. Or DAS. Somebody builds a wall that is ten feet high, another
>comes along with an eleven foot ladder. Or somebody digs a hole under the wall. At a recent criminal
>investigation during a warranted search, I observed the educated police officer open a tool proof thirty hour
>safe in about 45 seconds. So changing the combination daily would not have solved that problem! "The
>best laid plans of mice and men gang aft agley"
>>Respectfully Submitted
>>Dan Napier
>>------ Original Message ------
>> From "Dan Napier" <ecs-isp@2rosenthals.com <mailto:ecs-isp@2rosenthals.com>>
>>To "eCS ISP Mailing List" <ecs-isp@2rosenthals.com <mailto:ecs-isp@2rosenthals.com>>
>>Date 5/17/2026 7:03:17 PM
>>Subject [eCS-ISP] Re[2]: [eCS-ISP] Re[2]: [eCS-ISP] SSL cert lifetime
>>Peter,
>>>Yes I think that linux tries much more often. But I have not found that Steve's script needs to run more
>than once. I guess I am just lucky.
>>>Cron on the first tenth twentieth and twenty ninth. In the middle of the night on the west coast. But I am
>still testing. More news in December.
>>>Dan
>>>
>>>------ Original Message ------
>>>From "Peter Moylan" <ecs-isp@2rosenthals.com <mailto:ecs-isp@2rosenthals.com>>
>>>To "eCS ISP Mailing List" <ecs-isp@2rosenthals.com <mailto:ecs-isp@2rosenthals.com>>
>>>Date 5/17/2026 17:58:41
>>>Subject Re: [eCS-ISP] Re[2]: [eCS-ISP] SSL cert lifetime
>>>
>>>>On 18/05/26 03:08, Dan Napier wrote:
>>>>>Buenso Dai, Chaio, Good day, Well, I am running LE. The mirrored
>>>>>servers problem can be solved. You need to be in control of both your
>>>>>Apache servers and your DNS servers. It is a security issue so I
>>>>>would not dream of discussing that on a public platform. It can be
>>>>>accomplished. For a single OS2 apache server with no control to the
>>>>>DNS you can use cron to run steven's script on a few days of the
>>>>>month. If LE fails to update nothing happens, if it updates it
>>>>>updates! I forgot to update and decided to try that so far so good.
>>>>Does you "a few days of the month" mean that you are suggesting getting
>>>>a new certificate a lot more often than required? I hadn't thought of that.
>>>>I'm not using cron to schedule this. Instead, I'm using a feature of
>>>>DragText that puts a "Schedule" page into the Properties of every
>>>>program object. At present I run my update script once every 80 days.
>>>>Let's Encrypt has two main drawbacks:
>>>>1. The short expiry time (90 days).
>>>>2. The fact that an update attempt often fails (busy server?) so that
>>>>the job has to be repeated manually.
>>>>I keep meaning to write a higher-level script that will check for an
>>>>update failure and repeat the attempt an hour or two later. The best
>>>>checking method is not yet obvious to me. Parse the log file, or look at
>>>>the "last written" date of the certificate file? Probably the latter is
>>>>easier.
>>>>>Is there a utility that will start to run a script every 47 days? Or
>>>>>be smart enuf to remember when it last ran and run 47 days later?
>>>>DragText can do that, but I would have thought that cron can also do it.
>>>>-- Peter Moylan peter@pmoylan.org <mailto:peter@pmoylan.org>
>>>>http://www.pmoylan.org
>>>>=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
>>>>This message is sent to you because you are subscribed to
>>>>the mailing list <ecs-isp@2rosenthals.com <mailto:ecs-isp@2rosenthals.com>>.
>>>>To unsubscribe, E-mail to: <ecs-isp-off@2rosenthals.com <mailto:ecs-isp-off@2rosenthals.com>>
>>>>To switch to the DIGEST mode, E-mail to <ecs-isp-digest@2rosenthals.com
><mailto:ecs-isp-digest@2rosenthals.com>>
>>>>To switch to the INDEX mode, E-mail to <ecs-isp-index@2rosenthals.com
><mailto:ecs-isp-index@2rosenthals.com>>
>>>>Send administrative queries to <ecs-isp-request@2rosenthals.com
><mailto:ecs-isp-request@2rosenthals.com>>
>>>>To subscribe (new addresses), E-mail to: <ecs-isp-on@2rosenthals.com
><mailto:ecs-isp-on@2rosenthals.com>> and reply to the confirmation email.
>>>>Web archives are publicly available at: http://lists.2rosenthals.com
>>>>This list is hosted by Rosenthal & Rosenthal, LLC
>>>>P.O. Box 281, Deer Park, NY 11729-0281. Non-
>>>>electronic communications related to content
>>>>contained in these messages should be directed
>>>>to the above address. (CAN-SPAM Act of 2003)
>>>>=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
>
>=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
>This message is sent to you because you are subscribed to
> the mailing list <ecs-isp@2rosenthals.com>.
>To unsubscribe, E-mail to: <ecs-isp-off@2rosenthals.com>
>To switch to the DIGEST mode, E-mail to <ecs-isp-digest@2rosenthals.com>
>To switch to the INDEX mode, E-mail to <ecs-isp-index@2rosenthals.com>
>Send administrative queries to <ecs-isp-request@2rosenthals.com>
>To subscribe (new addresses), E-mail to: <ecs-isp-on@2rosenthals.com> and reply to the confirmation
>email.
>Web archives are publicly available at: http://lists.2rosenthals.com
>
>This list is hosted by Rosenthal & Rosenthal, LLC
>P.O. Box 281, Deer Park, NY 11729-0281. Non-
>electronic communications related to content
>contained in these messages should be directed
>to the above address. (CAN-SPAM Act of 2003)
>
>=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
>
--
****************************
From Doug Bissett's ArcaOS system
dougb007 AT ocii.com
****************************
... A can of worms doesn't open itself.
|