From: "Steven Levine" Received: from [192.168.100.201] (HELO mail.2rosenthals.com) by 2rosenthals.com (CommuniGate Pro SMTP 5.4.10) with ESMTP id 10610763 for ecs-isp@2rosenthals.com; Fri, 16 Aug 2024 18:37:10 -0400 Received: from [192.168.200.201] (port=37156 helo=mail2.2rosenthals.com) by mail.2rosenthals.com with esmtp (Exim 4.97.1) (envelope-from ) id 1sf5Z6-000000004eV-1FNY for ecs-isp@2rosenthals.com; Fri, 16 Aug 2024 18:37:00 -0400 Received: from mta-101a.earthlink-vadesecure.net ([51.81.61.60]:48377) by mail2.2rosenthals.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.97.1) (envelope-from ) id 1sf5Z1-000000007Bo-0zoo for ecs-isp@2rosenthals.com; Fri, 16 Aug 2024 18:36:55 -0400 DKIM-Signature: v=1; a=rsa-sha256; bh=K+eerlvVycIe+r9AVbiVN4sIdk5muwWIzQ+HhQ dDaGo=; c=relaxed/relaxed; d=earthlink.net; h=from:reply-to:subject: date:to:cc:resent-date:resent-from:resent-to:resent-cc:in-reply-to: references:list-id:list-help:list-unsubscribe:list-unsubscribe-post: list-subscribe:list-post:list-owner:list-archive; q=dns/txt; s=dk12062016; t=1723847811; x=1724452611; b=cXFonJehZZi6CDCZdIyKAgzeMgO cqeqFMDMiS+lbk54aLJ+dgmTE7WGSh7B4g0jyiUnumIdeHn7vbzsd/bHPH8CmiR1v/XzX7W sESaepyLFfqL3LIjKW+Mbs7SHc1SVFenk4/yMmm61xD5jF1SAQyew9dfw6KJKXR9XUWIkxS pmDE5UUBp19rjkdZWLn5pjHykgFl1CfMF3IktUeaxjTWkvlYttGEQoBIdBK66TNU0V/WOS/ J63jgl59GruweppMsHn/mmjoHvfugsDOM/0UqqjT4/uw7lwFxXH2FQkWpGnkoKkRsrHHRtc aQL31XRL8oO7vVK6QXmtb4UL7Q2ZBYg== Received: from slamain ([172.56.240.198]) by vsel1nmtao01p.internal.vadesecure.com with ngmta id 75941c1f-17ec5672cae1b6d5; Fri, 16 Aug 2024 22:36:50 +0000 Message-ID: <66bfd32a.36.mr2ice.fgrirsq@earthlink.net> Date: Fri, 16 Aug 2024 15:31:06 -0700 To: ""Dan Napier, Massimo Sangriso , CIH, CAC"" In-Reply-To: Subject: Re: [eCS-ISP] Apache HTTPS Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-15 Content-Transfer-Encoding: quoted-printable X-Mailer: MR/2 Internet Cruiser Edition for OS/2 v3.00.11.24/60 In , on 08/16/24 at 10:59 AM, ""Dan Napier, MS, CIH, CAC"" said: Hi, >Here is as far as I get,=A0 I is asking for a TXT line in the dns server= ? What's your uacme command line? I appears you neglected to point uacme a= t your hook script. >=A0uacme.exe: challenge >https://acme-v02.api.letsencrypt.org/acme/chall-v3/38943333 6946/-1Wx1w >failed with status invalid >uacme.exe: the server reported the following error: >{ > "type": "urn:ietf:params:acme:error:dns", > "detail": "DNS problem: NXDOMAIN looking up TXT for >_acme-challenge.ns1.dnac ih.com - check that a DNS record exists for thi= s >domain", > "status": 400 >} >uacme.exe: failed to authorize order at >https://acme-v02.api.letsencrypt.org/acm e/order/1887586636/295703974986= This is what happens if you run without a hook script. The Let's Encrypt= server tries to use dns-01 type challenge to verify that you are allowed to issue the certificate. It is intend for systems that can update DNS records on demand. This is not us, but we need to provide a hook script and use the http-01 type challenge. Steven -- ---------------------------------------------------------------------- "Steven Levine" Warp/DIY/BlueLion etc. www.scoug.com www.arcanoae.com www.warpcave.com ----------------------------------------------------------------------