From: "Peter Moylan" <ecs-isp@2rosenthals.com>
Received: from [192.168.100.201] (HELO mail.2rosenthals.com)
  by 2rosenthals.com (CommuniGate Pro SMTP 5.4.10)
  with ESMTP id 2730111 for ecs-isp@2rosenthals.com; Tue, 09 Jun 2026 07:04:10 -0400
Received: from secmgr-va.2rosenthals.com ([50.73.8.217]:46911 helo=mail2.2rosenthals.com)
	by mail.2rosenthals.com with esmtps  (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.98.2)
	(envelope-from <peter@pmoylan.org>)
	id 1wWuFU-000000002up-1vo6
	for ecs-isp@2rosenthals.com;
	Tue, 09 Jun 2026 07:04:01 -0400
Received: from pmoylan.org ([144.6.37.71]:63375 helo=mail.pmoylan.org)
	by mail2.2rosenthals.com with esmtp (Exim 4.98.2)
	(envelope-from <peter@pmoylan.org>)
	id 1wWuFR-0000000085R-1gJc
	for ecs-isp@2rosenthals.com;
	Tue, 09 Jun 2026 07:03:58 -0400
X-SASI-Hits: BODYTEXTP_SIZE_3000_LESS 0.000000, BODY_ENDS_IN_URL 0.000000,
	BODY_SIZE_1500_1599 0.000000, BODY_SIZE_2000_LESS 0.000000,
	BODY_SIZE_5000_LESS 0.000000, BODY_SIZE_7000_LESS 0.000000,
	CTE_7BIT 0.000000, DKIM_ALIGNS 0.000000, DKIM_SIGNATURE 0.000000,
	HTML_00_01 0.050000, HTML_00_10 0.050000, IN_REP_TO 0.000000,
	KNOWN_MSGID 0.000000, LEGITIMATE_SIGNS 0.000000, MSG_THREAD 0.000000,
	MSG_THREAD_SOLO 0.000000, REFERENCES 0.000000, SENDER_NO_AUTH 0.000000,
	SUSP_DH_NEG 0.000000, TO_IN_SUBJECT 0.500000, USER_AGENT 0.000000,
	__ANY_URI 0.000000, __BODY_NO_MAILTO 0.000000, __BODY_VOICEMAIL 0.000000,
	__BOUNCE_CHALLENGE_SUBJ 0.000000, __BOUNCE_NDR_SUBJ_EXEMPT 0.000000,
	__CP_URI_IN_BODY 0.000000, __CT 0.000000, __CTE 0.000000,
	__CT_TEXT_PLAIN 0.000000, __DKIM_ALIGNS_1 0.000000, __DKIM_ALIGNS_2 0.000000,
	__DQ_NEG_DOMAIN 0.000000, __DQ_NEG_HEUR 0.000000, __DQ_NEG_IP 0.000000,
	__FORWARDED_MSG 0.000000, __FUR_HEADER 0.000000, __HAS_FROM 0.000000,
	__HAS_MSGID 0.000000, __HAS_REFERENCES 0.000000,
	__HEADER_ORDER_FROM 0.000000, __HTTPS_URI 0.000000, __IN_REP_TO 0.000000,
	__MAIL_CHAIN 0.000000, __MIME_BOUND_CHARSET 0.000000,
	__MIME_TEXT_ONLY 0.000000, __MIME_TEXT_P 0.000000, __MIME_TEXT_P1 0.000000,
	__MIME_VERSION 0.000000, __MOZILLA_MSGID 0.000000,
	__MOZILLA_USER_AGENT 0.000000, __MULTIPLE_URI_TEXT 0.000000,
	__NO_HTML_TAG_RAW 0.000000, __PHISH_SPEAR_SUBJ_ALERT 0.000000,
	__RCVD_FROM_DOMAIN 0.000000, __REFERENCES 0.000000, __SANE_MSGID 0.000000,
	__SCAN_D_NEG 0.000000, __SCAN_D_NEG2 0.000000, __SCAN_D_NEG_HEUR 0.000000,
	__SCAN_D_NEG_HEUR2 0.000000, __SL_HEAVY 0.000000, __SUBJ_ALPHA_END 0.000000,
	__SUBJ_ALPHA_NEGATE 0.000000, __SUBJ_REPLY 0.000000,
	__TO_IN_SUBJECT 0.000000, __TO_MALFORMED_2 0.000000, __TO_NAME 0.000000,
	__TO_NAME_DIFF_FROM_ACC 0.000000, __TO_REAL_NAMES 0.000000,
	__URI_HAS_HYPHEN_USC 0.000000, __URI_IN_BODY 0.000000, __URI_MAILTO 0.000000,
	__URI_NOT_IMG 0.000000, __URI_NS 0.000000, __URI_WITHOUT_PATH 0.000000,
	__URI_WITH_PATH 0.000000, __USER_AGENT 0.000000
X-SASI-Probability: 9%
X-SASI-RCODE: 200
X-SASI-Version: Antispam-Engine: 5.1.4, AntispamData: 2026.6.9.102719
X-SASI-Hits: BODYTEXTP_SIZE_3000_LESS 0.000000, BODY_ENDS_IN_URL 0.000000,
	BODY_SIZE_1500_1599 0.000000, BODY_SIZE_2000_LESS 0.000000,
	BODY_SIZE_5000_LESS 0.000000, BODY_SIZE_7000_LESS 0.000000,
	CTE_7BIT 0.000000, DKIM_ALIGNS 0.000000, DKIM_SIGNATURE 0.000000,
	HTML_00_01 0.050000, HTML_00_10 0.050000, IN_REP_TO 0.000000,
	KNOWN_MSGID 0.000000, LEGITIMATE_SIGNS 0.000000, MSG_THREAD 0.000000,
	MSG_THREAD_SOLO 0.000000, REFERENCES 0.000000, SENDER_NO_AUTH 0.000000,
	SUSP_DH_NEG 0.000000, TO_IN_SUBJECT 0.500000, USER_AGENT 0.000000,
	__ANY_URI 0.000000, __BODY_NO_MAILTO 0.000000, __BODY_VOICEMAIL 0.000000,
	__BOUNCE_CHALLENGE_SUBJ 0.000000, __BOUNCE_NDR_SUBJ_EXEMPT 0.000000,
	__CP_URI_IN_BODY 0.000000, __CT 0.000000, __CTE 0.000000,
	__CT_TEXT_PLAIN 0.000000, __DKIM_ALIGNS_1 0.000000, __DKIM_ALIGNS_2 0.000000,
	__DQ_NEG_DOMAIN 0.000000, __DQ_NEG_HEUR 0.000000, __DQ_NEG_IP 0.000000,
	__FORWARDED_MSG 0.000000, __FUR_HEADER 0.000000, __HAS_FROM 0.000000,
	__HAS_MSGID 0.000000, __HAS_REFERENCES 0.000000,
	__HEADER_ORDER_FROM 0.000000, __HTTPS_URI 0.000000, __IN_REP_TO 0.000000,
	__MAIL_CHAIN 0.000000, __MIME_BOUND_CHARSET 0.000000,
	__MIME_TEXT_ONLY 0.000000, __MIME_TEXT_P 0.000000, __MIME_TEXT_P1 0.000000,
	__MIME_VERSION 0.000000, __MOZILLA_MSGID 0.000000,
	__MOZILLA_USER_AGENT 0.000000, __MULTIPLE_URI_TEXT 0.000000,
	__NO_HTML_TAG_RAW 0.000000, __PHISH_SPEAR_SUBJ_ALERT 0.000000,
	__RCVD_FROM_DOMAIN 0.000000, __REFERENCES 0.000000, __SANE_MSGID 0.000000,
	__SCAN_D_NEG 0.000000, __SCAN_D_NEG2 0.000000, __SCAN_D_NEG_HEUR 0.000000,
	__SCAN_D_NEG_HEUR2 0.000000, __SL_HEAVY 0.000000, __SUBJ_ALPHA_END 0.000000,
	__SUBJ_ALPHA_NEGATE 0.000000, __SUBJ_REPLY 0.000000,
	__TO_IN_SUBJECT 0.000000, __TO_MALFORMED_2 0.000000, __TO_NAME 0.000000,
	__TO_NAME_DIFF_FROM_ACC 0.000000, __TO_REAL_NAMES 0.000000,
	__URI_HAS_HYPHEN_USC 0.000000, __URI_IN_BODY 0.000000, __URI_MAILTO 0.000000,
	__URI_NOT_IMG 0.000000, __URI_NS 0.000000, __URI_WITHOUT_PATH 0.000000,
	__URI_WITH_PATH 0.000000, __USER_AGENT 0.000000
X-SASI-Probability: 9%
X-SASI-RCODE: 200
X-SASI-Version: Antispam-Engine: 5.1.4, AntispamData: 2026.6.9.102719
DKIM-Signature: v=1; q=dns/txt; a=rsa-sha256; c=relaxed/relaxed; s=default;
 d=pmoylan.org;
 bh=2iYEaV3G18nFOJyXLYm2EwOYkJhn5cSxwmC01mwPS2Y=;
 h=From:To:Date:Message-ID;
 b=aHDieJ4HK5hVPp7uTuWaPpfGbVeFBjrb7hsZq5lqGxBk/Zq2gVVO7U+A4bhbB1VdLduUf
 WGsuXnXxt63m06WqI+ub0384wsQ9R6dtpzlN6G3ZZFhYfeR57SZPwYGlhiwa+bYbszqkd2M
 6ZO6ZU/z5QsPrQE67VlmCQlRI8YewxM=
Received: from [192.168.20.3] (peter.pmoylan.org [192.168.20.3]) by 
 mail.pmoylan.org (Weasel v3.11) for <ecs-isp@2rosenthals.com>; 
 Tue, 09 Jun 2026 21:03:54 +1000
Subject: Re: [eCS-ISP] uacme 1.2.4 issue
To: eCS ISP Mailing List <ecs-isp@2rosenthals.com>
References: <list-2730016@2rosenthals.com>
Message-ID: <6A27F319.7030100@pmoylan.org>
Date: Tue, 9 Jun 2026 21:03:53 +1000
User-Agent: Mozilla/5.0 (OS/2; Warp 4.5; rv:38.0) Gecko/20100101
 Thunderbird/38.8.0
MIME-Version: 1.0
In-Reply-To: <list-2730016@2rosenthals.com>
Content-Type: text/plain; charset=iso-8859-15; format=flowed
Content-Transfer-Encoding: 7bit

On 09/06/26 18:06, Massimo S. wrote:
> Hi all,
>
> for a LE certificate renewal if i use uacme 1.2.4 i get this:
>
> uacme: version 1.2.4 starting on Tue, 09 Jun 2026 09:34:39
> ...
> ...
> uacme: fetching directory at https://acme-v02.api.letsencrypt.org/directory
> uacme: curl_get: GET https://acme-v02.api.letsencrypt.org/directory
> failed: Problem with the SSL CA cert (path? access rights?)
> uacme: curl_get: waiting 5 seconds before retrying
> uacme: curl_get: GET https://acme-v02.api.letsencrypt.org/directory
> failed: Problem with the SSL CA cert (path? access rights?)
> uacme: curl_get: waiting 5 seconds before retrying
> uacme: curl_get: GET https://acme-v02.api.letsencrypt.org/directory
> failed: Problem with the SSL CA cert (path? access rights?)
> uacme: curl_get: waiting 5 seconds before retrying
> uacme: acme_get: curl_get failed
> uacme: failed to fetch directory at
> https://acme-v02.api.letsencrypt.org/directory
>
> while it works if i use uacme 1.0.9
>
> i've seen that i'm using 1.0.9 on all VMs, i forgot about that..

Paul suggested out-of-date prerequisite software, and he might well be
right.

If that doesn't help, here is another possibility. We have seen in the
past that different versions of uacme make different assumptions about
default directories. The best defence against that is to make sure that
your own scripts use explicit paths instead of relying on the default
assumptions. Now that I think of it, I think I had to do that when
updating to version 1.2.4.

-- 
Peter Moylan                  peter@pmoylan.org
http://www.pmoylan.org