From: "Steven Levine" Received: from [192.168.100.201] (HELO mail.2rosenthals.com) by 2rosenthals.com (CommuniGate Pro SMTP 5.4.10) with ESMTP id 10591922 for ecs-isp@2rosenthals.com; Mon, 12 Aug 2024 15:43:58 -0400 Received: from [192.168.200.201] (port=59080 helo=mail2.2rosenthals.com) by mail.2rosenthals.com with esmtp (Exim 4.97.1) (envelope-from ) id 1sdaxK-000000004ll-0vRe for ecs-isp@2rosenthals.com; Mon, 12 Aug 2024 15:43:50 -0400 Received: from mta-101b.earthlink-vadesecure.net ([51.81.61.61]:48063 helo=mta-101a.earthlink-vadesecure.net) by mail2.2rosenthals.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.97.1) (envelope-from ) id 1sdaxE-000000003In-02bg for ecs-isp@2rosenthals.com; Mon, 12 Aug 2024 15:43:44 -0400 DKIM-Signature: v=1; a=rsa-sha256; bh=MhmOz5lJ68JBtjm774JUvKF7kYXiLbLXjk4ib4 P3Jjs=; c=relaxed/relaxed; d=earthlink.net; h=from:reply-to:subject: date:to:cc:resent-date:resent-from:resent-to:resent-cc:in-reply-to: references:list-id:list-help:list-unsubscribe:list-unsubscribe-post: list-subscribe:list-post:list-owner:list-archive; q=dns/txt; s=dk12062016; t=1723491823; x=1724096623; b=nctS2uqYaUhSTuZU4ewVQW8u4qj 7ng7MzE+W2Q+HffHQqGvb4FHuPzHQKGAdg7FWLCXcNkkdZn+EZQ0MIfcKGaTkWy+lqtsvf7 TYbClg9qU0I3KLOKqKZPPZZI89ZZ9GbhWcwGJ+YkitlzOohgTRUAu+OD0cO+tuc2+Pcg4KJ 2JFqSBKx//lUDM8B+n24n4sxnZilUDkFSEyiHSnwW8UBTesvF6UpW84xFJEsEisMAQFZdyb 3KXJUcr2wR8/sb5aSvV2vq9QVnpDtTYKXKNvmPH7gx88LMfzMvuPxtyKxvaMzO1IxgBoCQz ONkcX7TXSixDlHb+llJ9JKSqNkz89JA== Received: from slamain ([172.56.240.198]) by vsel1nmtao01p.internal.vadesecure.com with ngmta id 7d8dee23-17eb12ae87570df8; Mon, 12 Aug 2024 19:43:43 +0000 Message-ID: <66ba2fbd.13.mr2ice.fgrirsq@earthlink.net> Date: Mon, 12 Aug 2024 08:52:29 -0700 To: "eCS ISP Mailing List" In-Reply-To: Subject: Re: [eCS-ISP] Apache HTTPS X-Mailer: MR/2 Internet Cruiser Edition for OS/2 v3.00.11.24/60 In , on 08/12/24 at 05:13 PM, "Paul Smedley" said: Hi Paul, >That was easier than I thought - try with >https://smedley.id.au/tmp/uacme-1.0.19-os2-20240812.zip This works as expected, so far. >uacme -v new uacme.exe: version 1.0.19 starting on Mon, 12 Aug 2024 08:48:55 uacme.exe: loading key from /etc/ssl/uacme/private/key.pem uacme.exe: fetching directory at https://acme-v02.api.letsencrypt.org/directory uacme.exe: creating new account at https://acme-v02.api.letsencrypt.org/acme/new-acct uacme.exe: type 'y' to accept the terms at https://letsencrypt.org/documents/LE-SA-v1.4-April-3-2024.pdf y uacme.exe: account created at https://acme-v02.api.letsencrypt.org/acme/acct/1887445026 A few comments... When getting started it's probably better to use the --staging (-s) option. This is designed for testing. uacme hardcodes the configuration directory to /etc/ssl/uacme. Most of us use the libc path rewriter which with default settings will map this path to %ETC/ssl/uacme. Perhaps the next build should use /@unixroot/etc/ssl rather than /etc/ssl? This generally works better with apps built against kLIBC? FWIW, I have implmented a mostly tested and working ucame-hook.cmd. It's sufficiently generic that one script should work for all domains on a given system. Steven -- ---------------------------------------------------------------------- "Steven Levine" Warp/DIY/BlueLion etc. www.scoug.com www.arcanoae.com www.warpcave.com ----------------------------------------------------------------------