| | 
| De: | "Lewis G Rosenthal" <ecs-isp@2rosenthals.com> | Encabezados Completos Mensaje no decodificado
 |  
| Asunto: | Re: [eCS-ISP] Apache HTTPS |  
| Fecha: | Sun, 11 Aug 2024 17:02:48 -0400 |  
| Para: | eCS ISP Mailing List <ecs-isp@2rosenthals.com> |  | 
|---|
 PMFJI...
 
 On 08/11/24 04:47 pm, Dan Napier, MS, CIH, CAC wrote:
 
 massimo,
 More questions than answers.  I guess that you installed the uacme under c:\mpts\etc\ssl.
 How do you make all the directories under that ?
 How do you get the certificates the first time?
 where does the example code you sent go?
 How do you elicite the cmd file that would be called by rsync?
 what needs to be added to the PATH?
 
 Thanks for any help, What is a second level or third level?
 
 
 -- Certified Industrial Hygienist
 Certified Asbestos Consultant
 
 Dan Napier, MS, CIH, CAC
 92-0614 8/24/24
 2520 Artesia Boulevard
 Redondo Beach, CA 90278-3210
 310-644-1924 x 103
 CSLB 773462
 
 
 
 On Tuesday, July 23, 2024 03:20 PDT, "Massimo S." <ecs-isp@2rosenthals.com> wrote:
 
 I use Paul's port of UACME, it can renew the www.yourwebsite.com (3rd level) cert and both the 2nd levelyourwebsite.com at the same time too.
 
 
 This is a simple reissue of just www.yourwebsite.. certificate.
 I run uacme in a separate tree, not under the apache tree, i don't suggest
 you to run it under \apache tree.
 You need port 80 (HTTP) open on your webserver for this operation.
 You need to create all these paths you can see down here.
 You don't need Let's Encrypt chain certificates files, since uacme already by it's own
 create a certificate with the chain certificate inside of the .cert, so
 you have always the latest chain certificate from Let's Encrypt automatically.
 
 I run the scripts scheduled once each 2 months (LE Certs only last 3 months),
 so in case of issues i still have 1 month to fix them.
 **don't forget** to add a Call SysSleep of about 10 seconds between a reissue
 and another (if you runs tenths of renewals like me) or you can get problems,
 i mean renewal that fails.
 In your script after the renewal/s you can place the code to restart apache.
 
 
 
 renewal (issue) script:
 
 @attrib c:\mptn\etc\ssl\uacme\private\www.youwebsite.com\key.pem -R
 @copy c:\mptn\etc\ssl\uacme\private\www.youwebsite.com\key_old.pem
 c:\mptn\etc\ssl\uacme\private\www.youwebsite.com\key_old2.pem
 @copy c:\mptn\etc\ssl\uacme\private\www.youwebsite.com\key.pem
 c:\mptn\etc\ssl\uacme\private\www.youwebsite.com\key_old.pem
 @del c:\mptn\etc\ssl\uacme\private\www.youwebsite.com\key.pem /N
 @attrib c:\mptn\etc\ssl\uacme\www.youwebsite.com\cert.pem -R
 @copy c:\mptn\etc\ssl\uacme\www.youwebsite.com\cert_old.pem c:\mptn\etc\ssl\uacme\www.youwebsite.com\cert_old2.pem
 @copy c:\mptn\etc\ssl\uacme\www.youwebsite.com\cert.pem c:\mptn\etc\ssl\uacme\www.youwebsite.com\cert_old.pem
 
 @del c:\mptn\etc\ssl\uacme\www.youwebsite.com\cert.pem /N
 uacme issue www.youwebsite.com -h hook_yourwebsite_com.cmd 2>>d:\services\uacme\re.log
 
 
 
 hook script:
 
 parse arg var1 var2 var3 var4 var5
 myfile = 'X:\apache\htdocs\yourwebsite\.well-known\acme-challenge\'||var4
 call SysFileDelete 'X:\apache\htdocs\yourwebsite\.well-known\acme-challenge\'||var4
 rc= LINEOUT(myfile,var5)
 
 
 
 i'm keeping 2 bkup of private keys + certs (you can see all those copies)
 hope it's all explained well
 
 massimo
 
 
 Il 22/07/2024 15:33, Dan Napier ha scritto:
 > Has anyone installed let’s Encrypt Certbot on OS2 .  What did you use ?
 >
 > HTTPS is needed.  Or how are you installing the certs?
 >
 
 Egad...
 
 ...or you can get a real cert good for a reasonable amount of time (398 days), and only swap out your cert once a year or so.
 
 Geez, these free certs are such a pain for such little cost for a real cert.
 
 Disclaimer: Rosenthal & Rosenthal resells SSL certs for GoDaddy (http://domains.2rosenthals.com), so yes, I do have a profit motive for disliking free short-lived certs. Also, they make my SVN and GIT update script stall waiting on me to accept a new cert, so the fewer new certs, the better from my POV.
 
 --
 Lewis
 -------------------------------------------------------------
 Lewis G Rosenthal, CNA, CLP, CLE, CWTS, EA
 Rosenthal & Rosenthal, LLC                www.2rosenthals.com
 visit my IT blog                www.2rosenthals.net/wordpress
 -------------------------------------------------------------
 
 
 |