From: "Paul Smedley" <ecs-isp@2rosenthals.com>
Received: from [192.168.100.201] (HELO mail.2rosenthals.com)
  by 2rosenthals.com (CommuniGate Pro SMTP 5.4.10)
  with ESMTP id 10601979 for ecs-isp@2rosenthals.com; Thu, 15 Aug 2024 20:10:39 -0400
Received: from [192.168.200.201] (port=51169 helo=mail2.2rosenthals.com)
	by mail.2rosenthals.com with esmtp (Exim 4.97.1)
	(envelope-from <paul@smedley.id.au>)
	id 1sekY2-000000000Um-11tq
	for ecs-isp@2rosenthals.com;
	Thu, 15 Aug 2024 20:10:30 -0400
Received: from donkey.ash.relay.mailchannels.net ([23.83.222.49]:12623)
	by mail2.2rosenthals.com with esmtps  (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.97.1)
	(envelope-from <paul@smedley.id.au>)
	id 1sekXz-000000005qZ-0GXS
	for ecs-isp@2rosenthals.com;
	Thu, 15 Aug 2024 20:10:27 -0400
X-Sender-Id: perthwebhosting|x-authuser|paul@smedley.id.au
Received: from relay.mailchannels.net (localhost [127.0.0.1])
	by relay.mailchannels.net (Postfix) with ESMTP id 6B6056C5F72
	for <ecs-isp@2rosenthals.com>; Fri, 16 Aug 2024 00:10:25 +0000 (UTC)
Received: from colossiansvm.perthwebhosting.net.au (unknown [127.0.0.6])
	(Authenticated sender: perthwebhosting)
	by relay.mailchannels.net (Postfix) with ESMTPA id 856ED6C5C0C
	for <ecs-isp@2rosenthals.com>; Fri, 16 Aug 2024 00:10:24 +0000 (UTC)
ARC-Seal: i=1; s=arc-2022; d=mailchannels.net; t=1723767024; a=rsa-sha256;
	cv=none;
	b=1SGprUZjk/WdtqulDReYYEyEuNdZnXq4HVYDIAWhTZiicR2VrWkRcxeLBs5WJoZAyJWsmf
	yQsj3vQBRfHEuRiIiFXls5HBtwK9hSElS/BzKeMeqJ7ZVAQvhi4rLVddnf4mSd/S7Oy9uz
	mrcom+drDOEsHJ8+U8DpAhz5Awi7lsk0GIkUa5v9f+czjbtg/zVH/rQX13bFIlPq3VBnZu
	Z/forhUY+Ug7mKcaQZ1cURfRge7P05VWkivhR1txGDwsYYrQ7vdgazvWeNXhrhMlfTCbTf
	1NDZBTqXEb1lcbk/IsqOUVeybdz4Ah1xYlFe38ruBbE5OvwtiQYm5WMacH4ffQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed;
 d=mailchannels.net;
	s=arc-2022; t=1723767024;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=6wr6VFWVX+XhfiWgZYIGTRs3h1s+VGyYmJHHVS77JcA=;
	b=V6NqT/t/SArRdwLVKzy++xeUgSd1VYkBTdeLE0s1xT9CpRGKD8GEERVboT2g01KGasx7Jo
	V+/AStjNY2ZLaZS5DCelD1+L2ax//BxWL+XWefEfg9m0ezT42PuNiauCqDGDPGAaLiCsvr
	Q4cYYhS6rk5w0eZFzUUeMt5VtrRjyNzrexVbj9udoVarfypDoKuAVnWUt3Ers21ytDtEl0
	cEWFTZWla3mzyRrsJvTaqHPAAJPROwQuEZHENZRnVUVdVamuJAIj6BEO/P/r53t/XLnYBM
	0yE0tQ3uPsSYe2HxrwWgLV2hpQ60Ya1ZUHsoO2pneGyAednPFRf07Cp3WdaJaQ==
ARC-Authentication-Results: i=1;
	rspamd-c4b59d8dc-5b9hm;
	auth=pass smtp.auth=perthwebhosting smtp.mailfrom=paul@smedley.id.au
X-Sender-Id: perthwebhosting|x-authuser|paul@smedley.id.au
X-MC-Relay: Neutral
X-MailChannels-SenderId: perthwebhosting|x-authuser|paul@smedley.id.au
X-MailChannels-Auth-Id: perthwebhosting
X-Thoughtful-Blushing: 1aaaef190bcd45c4_1723767025182_2217445751
X-MC-Loop-Signature: 1723767025182:2086635420
X-MC-Ingress-Time: 1723767025181
Received: from colossiansvm.perthwebhosting.net.au
 (colossiansvm.perthwebhosting.net.au [103.13.84.198])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384)
	by 100.125.215.6 (trex/7.0.2);
	Fri, 16 Aug 2024 00:10:25 +0000
Received: from smedley.org ([45.249.117.21]:56396 helo=[192.168.1.159])
	by colossiansvm.perthwebhosting.net.au with esmtpsa  (TLS1.3) tls TLS_AES_128_GCM_SHA256
	(Exim 4.97.1)
	(envelope-from <paul@smedley.id.au>)
	id 1sekXv-0000000Ba14-006c
	for ecs-isp@2rosenthals.com;
	Fri, 16 Aug 2024 08:10:22 +0800
Message-ID: <bd3ca92c-0dfd-4d39-ada5-1e74dd9acaa3@smedley.id.au>
Date: Fri, 16 Aug 2024 09:40:21 +0930
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Subject: Re: [eCS-ISP] Apache HTTPS
To: eCS ISP Mailing List <ecs-isp@2rosenthals.com>
References: <list-10601970@2rosenthals.com>
Content-Language: en-AU
In-Reply-To: <list-10601970@2rosenthals.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-AuthUser: paul@smedley.id.au

Hi Steven,

On 16/8/24 09:00, Steven Levine wrote:
> In <list-10601924@2rosenthals.com>, on 08/16/24
>     at 07:28 AM, "Paul Smedley" <ecs-isp@2rosenthals.com> said:
>
> Hi,
>
>>>     create a new-crt.pem and new-key.pem
>>>     hardlink the existing key.pem to timestamped-key.pem
>>>     hardlink the existing crt.pem to timestamped-crt.pem
>>>     unlink key.pem
>>>     unlink crt.pem
>>>     rename new-crt.pem to crt.pem
>>>     rename new-key.pem to key.pem
>> OK... there is no copy() function in klibc - so I guess I'll find an
>> implementation, the alternate option being to rely on the user having
>> cp.exe available in path and calling that.
> It's going to be an edge case for cp.exe not to exist on a system that
> would need to use uacme.exe.  The system() call  would fail so the
> condiition would not go unnoticed.
>
> You could also do
>
>      create a new-crt.pem and new-key.pem
>      rename existing key.pem to timestamped-key.pem
>      rename existing crt.pem to timestamped-crt.pem
>      rename new-crt.pem to crt.pem
>      rename new-key.pem to key.pem
>
> It's not quite as safe as the method the developers chose, but the
> difference is negligible, IMO

http://smedley.id.au/tmp/uacme-1.0.19-os2-20240816.zip is refreshed to 
call cp.exe

Cheers,

Paul