From: "Massimo S." Received: from [192.168.100.201] (HELO mail.2rosenthals.com) by 2rosenthals.com (CommuniGate Pro SMTP 5.4.10) with ESMTP id 10352941 for ecs-isp@2rosenthals.com; Tue, 23 Jul 2024 06:21:00 -0400 Received: from secmgr-va.randr ([192.168.200.201]:39965 helo=mail2.2rosenthals.com) by mail.2rosenthals.com with esmtp (Exim 4.97.1) (envelope-from ) id 1sWCdW-000000002nm-12cb for ecs-isp@2rosenthals.com; Tue, 23 Jul 2024 06:20:50 -0400 Received: from mail2.quasarbbs.net ([80.86.52.115]:10191) by mail2.2rosenthals.com with esmtp (Exim 4.97.1) (envelope-from ) id 1sWCdR-000000002Va-0ydP for ecs-isp@2rosenthals.com; Tue, 23 Jul 2024 06:20:46 -0400 X-SASI-Hits: BODYTEXTP_SIZE_3000_LESS 0.000000, BODY_SIZE_2000_2999 0.000000, BODY_SIZE_5000_LESS 0.000000, BODY_SIZE_7000_LESS 0.000000, CTE_8BIT 0.000000, HTML_00_01 0.050000, HTML_00_10 0.050000, IN_REP_TO 0.000000, LEGITIMATE_SIGNS 0.000000, MSGID_SAMEAS_FROM_HEX_844412 0.100000, MSG_THREAD 0.000000, NO_URI_HTTPS 0.000000, REFERENCES 0.000000, REPLYTO_SAMEAS_FROM 0.000000, SENDER_NO_AUTH 0.000000, SUSP_DH_NEG 0.000000, TO_IN_SUBJECT 0.500000, USER_AGENT 0.000000, __ANY_URI 0.000000, __BODY_NO_MAILTO 0.000000, __BODY_VOICEMAIL 0.000000, __BOUNCE_CHALLENGE_SUBJ 0.000000, __BOUNCE_NDR_SUBJ_EXEMPT 0.000000, __CT 0.000000, __CTE 0.000000, __CT_TEXT_PLAIN 0.000000, __DQ_NEG_DOMAIN 0.000000, __DQ_NEG_HEUR 0.000000, __DQ_NEG_IP 0.000000, __FORWARDED_MSG 0.000000, __FRAUD_BEC 0.000000, __FROM_DOMAIN_NOT_IN_BODY 0.000000, __FROM_NAME_NOT_IN_ADDR 0.000000, __FROM_NAME_NOT_IN_BODY 0.000000, __FUR_HEADER 0.000000, __HAS_FROM 0.000000, __HAS_MSGID 0.000000, __HAS_REFERENCES 0.000000, __HAS_REPLYTO 0.000000, __HEADER_ORDER_FROM 0.000000, __HIGHBIT_ASCII_MIX 0.000000, __IN_REP_TO 0.000000, __MAIL_CHAIN 0.000000, __MIME_BOUND_CHARSET 0.000000, __MIME_TEXT_ONLY 0.000000, __MIME_TEXT_P 0.000000, __MIME_TEXT_P1 0.000000, __MIME_VERSION 0.000000, __MOZILLA_USER_AGENT 0.000000, __MSGID_HEX_844412 0.000000, __MULTIPLE_URI_TEXT 0.000000, __NO_HTML_TAG_RAW 0.000000, __REFERENCES 0.000000, __REPLYTO_SAMEAS_FROM_ACC 0.000000, __REPLYTO_SAMEAS_FROM_ADDY 0.000000, __REPLYTO_SAMEAS_FROM_DOMAIN 0.000000, __RUS_OBFU_PHONE 0.000000, __SANE_MSGID 0.000000, __SCAN_D_NEG 0.000000, __SCAN_D_NEG2 0.000000, __SCAN_D_NEG_HEUR 0.000000, __SCAN_D_NEG_HEUR2 0.000000, __SUBJ_ALPHA_END 0.000000, __SUBJ_ALPHA_NEGATE 0.000000, __SUBJ_REPLY 0.000000, __TOLL_FREE_PHONE_US 0.000000, __TO_IN_SUBJECT 0.000000, __TO_MALFORMED_2 0.000000, __TO_NAME 0.000000, __TO_NAME_DIFF_FROM_ACC 0.000000, __TO_REAL_NAMES 0.000000, __URI_IN_BODY 0.000000, __URI_NOT_IMG 0.000000, __URI_NO_MAILTO 0.000000, __URI_NO_PATH 0.000000, __URI_NS 0.000000, __URI_WITHOUT_PATH 0.000000, __USER_AGENT 0.000000 X-SASI-Probability: 10% X-SASI-RCODE: 200 X-SASI-Version: Antispam-Engine: 5.1.4, AntispamData: 2024.7.23.94816 X-SASI-Hits: BODYTEXTP_SIZE_3000_LESS 0.000000, BODY_SIZE_2000_2999 0.000000, BODY_SIZE_5000_LESS 0.000000, BODY_SIZE_7000_LESS 0.000000, CTE_8BIT 0.000000, HTML_00_01 0.050000, HTML_00_10 0.050000, IN_REP_TO 0.000000, LEGITIMATE_SIGNS 0.000000, MSGID_SAMEAS_FROM_HEX_844412 0.100000, MSG_THREAD 0.000000, NO_URI_HTTPS 0.000000, REFERENCES 0.000000, REPLYTO_SAMEAS_FROM 0.000000, SUSP_DH_NEG 0.000000, TO_IN_SUBJECT 0.500000, USER_AGENT 0.000000, __ANY_URI 0.000000, __AUTH_RES_PASS 0.000000, __BODY_NO_MAILTO 0.000000, __BODY_VOICEMAIL 0.000000, __BOUNCE_CHALLENGE_SUBJ 0.000000, __BOUNCE_NDR_SUBJ_EXEMPT 0.000000, __CT 0.000000, __CTE 0.000000, __CT_TEXT_PLAIN 0.000000, __DQ_NEG_DOMAIN 0.000000, __DQ_NEG_HEUR 0.000000, __DQ_NEG_IP 0.000000, __FORWARDED_MSG 0.000000, __FRAUD_BEC 0.000000, __FROM_DOMAIN_NOT_IN_BODY 0.000000, __FROM_NAME_NOT_IN_ADDR 0.000000, __FROM_NAME_NOT_IN_BODY 0.000000, __FUR_HEADER 0.000000, __HAS_FROM 0.000000, __HAS_MSGID 0.000000, __HAS_REFERENCES 0.000000, __HAS_REPLYTO 0.000000, __HEADER_ORDER_FROM 0.000000, __HIGHBIT_ASCII_MIX 0.000000, __IN_REP_TO 0.000000, __MAIL_CHAIN 0.000000, __MIME_BOUND_CHARSET 0.000000, __MIME_TEXT_ONLY 0.000000, __MIME_TEXT_P 0.000000, __MIME_TEXT_P1 0.000000, __MIME_VERSION 0.000000, __MOZILLA_USER_AGENT 0.000000, __MSGID_HEX_844412 0.000000, __MULTIPLE_URI_TEXT 0.000000, __NO_HTML_TAG_RAW 0.000000, __REFERENCES 0.000000, __REPLYTO_SAMEAS_FROM_ACC 0.000000, __REPLYTO_SAMEAS_FROM_ADDY 0.000000, __REPLYTO_SAMEAS_FROM_DOMAIN 0.000000, __RUS_OBFU_PHONE 0.000000, __SANE_MSGID 0.000000, __SCAN_D_NEG 0.000000, __SCAN_D_NEG2 0.000000, __SCAN_D_NEG_HEUR 0.000000, __SCAN_D_NEG_HEUR2 0.000000, __SUBJ_ALPHA_END 0.000000, __SUBJ_ALPHA_NEGATE 0.000000, __SUBJ_REPLY 0.000000, __TOLL_FREE_PHONE_US 0.000000, __TO_IN_SUBJECT 0.000000, __TO_MALFORMED_2 0.000000, __TO_NAME 0.000000, __TO_NAME_DIFF_FROM_ACC 0.000000, __TO_REAL_NAMES 0.000000, __URI_IN_BODY 0.000000, __URI_NOT_IMG 0.000000, __URI_NO_MAILTO 0.000000, __URI_NO_PATH 0.000000, __URI_NS 0.000000, __URI_WITHOUT_PATH 0.000000, __USER_AGENT 0.000000 X-SASI-Probability: 10% X-SASI-RCODE: 200 X-SASI-Version: Antispam-Engine: 5.1.4, AntispamData: 2024.7.23.94816 Received: from [192.168.10.199] (dtp [192.168.10.199]) by srv2 (Weasel v2.9-0001 ) for ; Tue, 23 Jul 2024 12:18:14 -0000 Reply-To: ml@ecomstation.it Subject: Re: [eCS-ISP] Apache HTTPS To: eCS ISP Mailing List References: Organization: Massimo S. Message-ID: <0c7a72ff-c231-e413-8941-9c0a3cd2f7ad@ecomstation.it> Date: Tue, 23 Jul 2024 12:20:39 +0200 User-Agent: Mozilla/5.0 (OS/2; U; Warp 4.5; it-IT; rv:1.7.13) Gecko/20060424 Thunderbird/1.0.8 Mnenhy/0.7.4.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=windows-1252; format=flowed Content-Language: it-IT Content-Transfer-Encoding: 8bit I use Paul's port of UACME, it can renew the www.yourwebsite.com (3rd level) cert and both the 2nd level yourwebsite.com at the same time too. This is a simple reissue of just www.yourwebsite.. certificate. I run uacme in a separate tree, not under the apache tree, i don't suggest you to run it under \apache tree. You need port 80 (HTTP) open on your webserver for this operation. You need to create all these paths you can see down here. You don't need Let's Encrypt chain certificates files, since uacme already by it's own create a certificate with the chain certificate inside of the .cert, so you have always the latest chain certificate from Let's Encrypt automatically. I run the scripts scheduled once each 2 months (LE Certs only last 3 months), so in case of issues i still have 1 month to fix them. **don't forget** to add a Call SysSleep of about 10 seconds between a reissue and another (if you runs tenths of renewals like me) or you can get problems, i mean renewal that fails. In your script after the renewal/s you can place the code to restart apache. renewal (issue) script: @attrib c:\mptn\etc\ssl\uacme\private\www.youwebsite.com\key.pem -R @copy c:\mptn\etc\ssl\uacme\private\www.youwebsite.com\key_old.pem c:\mptn\etc\ssl\uacme\private\www.youwebsite.com\key_old2.pem @copy c:\mptn\etc\ssl\uacme\private\www.youwebsite.com\key.pem c:\mptn\etc\ssl\uacme\private\www.youwebsite.com\key_old.pem @del c:\mptn\etc\ssl\uacme\private\www.youwebsite.com\key.pem /N @attrib c:\mptn\etc\ssl\uacme\www.youwebsite.com\cert.pem -R @copy c:\mptn\etc\ssl\uacme\www.youwebsite.com\cert_old.pem c:\mptn\etc\ssl\uacme\www.youwebsite.com\cert_old2.pem @copy c:\mptn\etc\ssl\uacme\www.youwebsite.com\cert.pem c:\mptn\etc\ssl\uacme\www.youwebsite.com\cert_old.pem @del c:\mptn\etc\ssl\uacme\www.youwebsite.com\cert.pem /N uacme issue www.youwebsite.com -h hook_yourwebsite_com.cmd 2>>d:\services\uacme\re.log hook script: parse arg var1 var2 var3 var4 var5 myfile = 'X:\apache\htdocs\yourwebsite\.well-known\acme-challenge\'||var4 call SysFileDelete 'X:\apache\htdocs\yourwebsite\.well-known\acme-challenge\'||var4 rc= LINEOUT(myfile,var5) i'm keeping 2 bkup of private keys + certs (you can see all those copies) hope it's all explained well massimo Il 22/07/2024 15:33, Dan Napier ha scritto: > Has anyone installed let’s Encrypt Certbot on OS2 .  What did you use ? > > HTTPS is needed.  Or how are you installing the certs? > > Dan Napier, MS, CIH > > DNA Industrial Hygiene > > 2520 Artesia Boulevard > > Redondo Beach, CA 90278-3210 > > 310-644-1924 X 103 > > CSLB #773462 > > DNA Industrial Hygiene 800-644-1924 >