uacme.exe: challenge https://acme-v02.api.letsencrypt.org/acme/chall-v3/38943333
6946/-1Wx1w failed with status invalid
uacme.exe: the server reported the following error:
{
    "type": "urn:ietf:params:acme:error:dns",
    "detail": "DNS problem: NXDOMAIN looking up TXT for _acme-challenge.ns1.dnac
ih.com - check that a DNS record exists for this domain",
    "status": 400
}
uacme.exe: failed to authorize order at https://acme-v02.api.letsencrypt.org/acm
e/order/1887586636/295703974986

Now the apache httpd.conf part:


this rewrite http requests to the https vhost:

<VirtualHost *:80>
ServerAdmin webmaster@yourwebsite.com
ServerName www.yourwebsite.com
ServerAlias yourwebsite.com
RewriteEngine on
RewriteCond %{HTTP_HOST} ^(www\.)?yourwebsite\.com [NC]
RewriteCond %{HTTPS} off
RewriteRule ^/(.*)$ https://www.yourwebsite.com/$1 [R,L]
</VirtualHost>


now the https vhost:

<VirtualHost *:443>
ServerAdmin webmaster@yourwebsite.com
DocumentRoot d:/apache/htdocs/yourwebsite
ServerName www.yourwebsite.com
ServerAlias yourwebsite.com

SSLEngine on
SSLCertificateFile c:/mptn/etc/ssl/uacme/www.yourwebsite.com/cert.pem
SSLCertificateKeyFile c:/mptn/etc/ssl/uacme/private/www.yourwebsite.com/key.pem

</VirtualHost>


you don't need the chain certificate since UACME create automatically a certificate with also the chain
certificate inside it


to verify your certificate you can use this web tool:

https://decoder.link/sslchecker/www.yourwebsite.com/443

that's all

massimo


Il 23/07/2024 12:20, Massimo S. ha scritto:
> I use Paul's port of UACME, it can renew the www.yourwebsite.com (3rd level) cert and both the 2nd level
> yourwebsite.com at the same time too.
>
>
> This is a simple reissue of just www.yourwebsite.. certificate.
> I run uacme in a separate tree, not under the apache tree, i don't suggest
> you to run it under \apache tree.
> You need port 80 (HTTP) open on your webserver for this operation.
> You need to create all these paths you can see down here.
> You don't need Let's Encrypt chain certificates files, since uacme already by it's own
> create a certificate with the chain certificate inside of the .cert, so
> you have always the latest chain certificate from Let's Encrypt automatically.
>
> I run the scripts scheduled once each 2 months (LE Certs only last 3 months),
> so in case of issues i still have 1 month to fix them.
> **don't forget** to add a Call SysSleep of about 10 seconds between a reissue
> and another (if you runs tenths of renewals like me) or you can get problems,
> i mean renewal that fails.
> In your script after the renewal/s you can place the code to restart apache.
>
>
>
> renewal (issue) script:
>
> @attrib c:\mptn\etc\ssl\uacme\private\www.youwebsite.com\key.pem -R
> @copy c:\mptn\etc\ssl\uacme\private\www.youwebsite.com\key_old.pem
> c:\mptn\etc\ssl\uacme\private\www.youwebsite.com\key_old2.pem
> @copy c:\mptn\etc\ssl\uacme\private\www.youwebsite.com\key.pem
> c:\mptn\etc\ssl\uacme\private\www.youwebsite.com\key_old.pem
> @del c:\mptn\etc\ssl\uacme\private\www.youwebsite.com\key.pem /N
> @attrib c:\mptn\etc\ssl\uacme\www.youwebsite.com\cert.pem -R
> @copy c:\mptn\etc\ssl\uacme\www.youwebsite.com\cert_old.pem
> c:\mptn\etc\ssl\uacme\www.youwebsite.com\cert_old2.pem
> @copy c:\mptn\etc\ssl\uacme\www.youwebsite.com\cert.pem c:\mptn\etc\ssl\uacme\www.youwebsite.com\cert_old.pem
> @del c:\mptn\etc\ssl\uacme\www.youwebsite.com\cert.pem /N
> uacme issue www.youwebsite.com -h hook_yourwebsite_com.cmd 2>>d:\services\uacme\re.log
>
>
>
> hook script:
>
> parse arg var1 var2 var3 var4 var5
> myfile = 'X:\apache\htdocs\yourwebsite\.well-known\acme-challenge\'||var4
> call SysFileDelete 'X:\apache\htdocs\yourwebsite\.well-known\acme-challenge\'||var4
> rc= LINEOUT(myfile,var5)
>
>
>
> i'm keeping 2 bkup of private keys + certs (you can see all those copies)
> hope it's all explained well
>
> massimo
>
>
> Il 22/07/2024 15:33, Dan Napier ha scritto:
>> Has anyone installed let’s Encrypt Certbot on OS2 .  What did you use ?
>>
>> HTTPS is needed.  Or how are you installing the certs?
>>
>> Dan Napier, MS, CIH
>>
>> DNA Industrial Hygiene
>>
>> 2520 Artesia Boulevard
>>
>> Redondo Beach, CA 90278-3210
>>
>> 310-644-1924 X 103
>>
>> CSLB #773462
>>
>> DNA Industrial Hygiene 800-644-1924
>>
>
> =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
> This message is sent to you because you are subscribed to
>  the mailing list <ecs-isp@2rosenthals.com>.
> To unsubscribe, E-mail to: <ecs-isp-off@2rosenthals.com>
> To switch to the DIGEST mode, E-mail to <ecs-isp-digest@2rosenthals.com>
> To switch to the INDEX mode, E-mail to <ecs-isp-index@2rosenthals.com>
> Send administrative queries to  <ecs-isp-request@2rosenthals.com>
> To subscribe (new addresses), E-mail to: <ecs-isp-on@2rosenthals.com> and reply to the confirmation email.
> Web archives are publicly available at: http://lists.2rosenthals.com
>
> This list is hosted by Rosenthal & Rosenthal, LLC
> P.O. Box 281, Deer Park, NY 11729-0281. Non-
> electronic communications related to content
> contained in these messages should be directed
> to the above address. (CAN-SPAM Act of 2003)
>
> =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
>

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
This message is sent to you because you are subscribed to
the mailing list <ecs-isp@2rosenthals.com>.
To unsubscribe, E-mail to: <ecs-isp-off@2rosenthals.com>
To switch to the DIGEST mode, E-mail to <ecs-isp-digest@2rosenthals.com>
To switch to the INDEX mode, E-mail to <ecs-isp-index@2rosenthals.com>
Send administrative queries to <ecs-isp-request@2rosenthals.com>
To subscribe (new addresses), E-mail to: <ecs-isp-on@2rosenthals.com> and reply to the confirmation email.
Web archives are publicly available at: http://lists.2rosenthals.com

This list is hosted by Rosenthal & Rosenthal, LLC
P.O. Box 281, Deer Park, NY 11729-0281. Non-
electronic communications related to content
contained in these messages should be directed
to the above address. (CAN-SPAM Act of 2003)

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=