From: "Steven Levine" Received: from [192.168.100.201] (HELO mail.2rosenthals.com) by 2rosenthals.com (CommuniGate Pro SMTP 5.4.10) with ESMTP id 10601904 for ecs-isp@2rosenthals.com; Thu, 15 Aug 2024 17:35:01 -0400 Received: from secmgr-va.randr ([192.168.200.201]:49344 helo=mail2.2rosenthals.com) by mail.2rosenthals.com with esmtp (Exim 4.97.1) (envelope-from ) id 1sei7Y-000000008Ih-13SY for ecs-isp@2rosenthals.com; Thu, 15 Aug 2024 17:35:00 -0400 Received: from mta-102a.earthlink-vadesecure.net ([51.81.61.66]:39065) by mail2.2rosenthals.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.97.1) (envelope-from ) id 1sei7S-000000003UY-1mjP for ecs-isp@2rosenthals.com; Thu, 15 Aug 2024 17:34:54 -0400 DKIM-Signature: v=1; a=rsa-sha256; bh=ByoqL74t4JunCHLoOpd3/7vXsXqDacDk+r9nhf TGcfc=; c=relaxed/relaxed; d=earthlink.net; h=from:reply-to:subject: date:to:cc:resent-date:resent-from:resent-to:resent-cc:in-reply-to: references:list-id:list-help:list-unsubscribe:list-unsubscribe-post: list-subscribe:list-post:list-owner:list-archive; q=dns/txt; s=dk12062016; t=1723757694; x=1724362494; b=kx1bKZpAZhEMVRC4ehFWCP4KrPL CQNH0ficjX/KLhDJ3mj7CT6lEsvke7RIUExzCVJ4aCQhHR8/I5/lwNat+FS7C9Q9u91pCzI pV1X7F2CqFRPLObJIh8Mu7E9+hJaFzJhwPtWmUI+J2lqxb2BN791mMP1uwAyYfqbuvLZL76 O7PLKa446AEyeMLOAU02OjdmKvTDTCulP1WVYzkNV1jBED+4oVW4K3Yw1Km9BDj7nS331ty Bsa/JxcprNXrXijG6yoGtVjY9Eyxtr2hW9ZFOQs9Q4/ulBAtDTKY0uhYdsxDgBBJR7nBVTR hPAp83mS+nzwhhVbn1O/SppzHBv6TKQ== Received: from slamain ([172.56.240.198]) by vsel1nmtao02p.internal.vadesecure.com with ngmta id b714fc83-17ec047d65daf750; Thu, 15 Aug 2024 21:34:54 +0000 Message-ID: <66be7274.27.mr2ice.fgrirsq@earthlink.net> Date: Thu, 15 Aug 2024 14:26:12 -0700 To: "eCS ISP Mailing List" In-Reply-To: Subject: Re: [eCS-ISP] Apache HTTPS X-Mailer: MR/2 Internet Cruiser Edition for OS/2 v3.00.11.24/60 In , on 08/16/24 at 06:26 AM, "Paul Smedley" said: Hi Paul, >https://smedley.id.au/tmp/uacme-1.0.19-os2-20240816.zip is there now. This one understands @unixroot. Thanks. >Additional change is that it uses symlink() rather than link(). I don't think this is going to work for use in practice. When updating a certificate what uacme does is create a new-crt.pem and new-key.pem hardlink the existing key.pem to timestamped-key.pem hardlink the existing crt.pem to timestamped-crt.pem unlink key.pem unlink crt.pem rename new-crt.pem to crt.pem rename new-key.pem to key.pem With a symlink timestamped-key.pem will not contain the the content of key.pem, so there will be no useful backup. The is why is suggested that the link needed to be replaced with a copy operation. Steven -- ---------------------------------------------------------------------- "Steven Levine" Warp/DIY/BlueLion etc. www.scoug.com www.arcanoae.com www.warpcave.com ----------------------------------------------------------------------