Mailing List ecs-isp@2rosenthals.com Archived Message #922 | tilbake listen |
|
---|
Hi Steven,
i'm trying to catch that challenge value to verify when they accept HTTP-01 to improve the script
if i start this rexx from the command line it write the (re7.log) log file
but if i call the hook script from uacme i get no output, neither the file:
uacme issue www.mywebsite.com --c c:/mptn/etc/ssl/uacme -h zhook_mywebsite.cmd 2>X:\uacme\re6.log
and here the hook script code:
/* hook for client uacme */
parse arg var1 var2 var3 var4 var5
'echo . >re7.log'
'echo var1 'var1' >>re7.log'
'echo var1 'var2' >>re7.log'
'echo var1 'var3' >>re7.log'
'echo var1 'var4' >>re7.log'
'echo var1 'var5' >>re7.log'
myfile = 'X:\apache\htdocs\mywebsite\.well-known\acme-challenge\'||var4
call SysFileDelete 'X:\apache\htdocs\mywebsite\.well-known\acme-challenge\'||var4
rc= LINEOUT(myfile,var5)
massimo
Il 07/10/2024 18:54, Massimo S. ha scritto:
Il 07/10/2024 16:10, Massimo S. ha scritto:
the point is this:
"Yes, as I said, somewhere in the recent past Let's Encrypt randomises the order of the challenges in the autz. So you've got ⅓ chance of getting http-01 as the first one.
Your script needs to check which challenge is being processed by it and only respond if it's the http-01 challenge, just like how the sh script does it. I know you can't use it directly, but you should use the sh script as an example how the workflow needs to be."
so we need a script that understand if LE is serving an HTTP-01 challenge or not
if not just exit and retry
but i've asked also to Nicola Dilieto a solution for this issue.
https://github.com/ndilieto/uacme/issues/88
or with have to make as script (eg. rexx) that do something like this
sorry typO
i mean or we have to modify the hook script to exit if it do not
receive an http-01 challenge type
this is clearly a way to make life more difficult to the users
it has no sense to randomize the challenge type server side
it makes to manage certificates more complex
massimo
https://github.com/ndilieto/uacme/blob/master/uacme.sh
massimo
Il 07/10/2024 11:53, Massimo S. ha scritto:
Hi Dan,
i'm facing a strange issue these days with LE.
If you are interested follow this topic:
https://community.letsencrypt.org/t/renew-of-certificates-fails-randomly-in-the-last-month/227025
massimo
Il 12/08/2024 21:54, Dan Napier, MS, CIH, CAC ha scritto:
Here is where I am now?
uacme.exe: challenge https://acme-v02.api.letsencrypt.org/acme/chall-v3/38943333
6946/-1Wx1w failed with status invalid
uacme.exe: the server reported the following error:
{
"type": "urn:ietf:params:acme:error:dns",
"detail": "DNS problem: NXDOMAIN looking up TXT for _acme-challenge.ns1.dnac
ih.com - check that a DNS record exists for this domain",
"status": 400
}
uacme.exe: failed to authorize order at https://acme-v02.api.letsencrypt.org/acm
e/order/1887586636/295703974986
Any Idea what the DNS txt line should look like?
In the correct place of course--Context is everything ain't it!
_acme-challenge TXT = "WTF goe Here?"
Looking as some of the discussion changes bi monthly?
-- Certified Industrial Hygienist
Certified Asbestos Consultant
Dan Napier, MS, CIH, CAC
92-0614 8/24/24
2520 Artesia Boulevard
Redondo Beach, CA 90278-3210
310-644-1924 x 103
CSLB 773462
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
This message is sent to you because you are subscribed to
the mailing list <ecs-isp@2rosenthals.com>.
To unsubscribe, E-mail to: <ecs-isp-off@2rosenthals.com>
To switch to the DIGEST mode, E-mail to <ecs-isp-digest@2rosenthals.com>
To switch to the INDEX mode, E-mail to <ecs-isp-index@2rosenthals.com>
Send administrative queries to <ecs-isp-request@2rosenthals.com>
To subscribe (new addresses), E-mail to: <ecs-isp-on@2rosenthals.com> and reply to the confirmation email.
Web archives are publicly available at: http://lists.2rosenthals.com
This list is hosted by Rosenthal & Rosenthal, LLC
P.O. Box 281, Deer Park, NY 11729-0281. Non-
electronic communications related to content
contained in these messages should be directed
to the above address. (CAN-SPAM Act of 2003)
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
This message is sent to you because you are subscribed to
the mailing list <ecs-isp@2rosenthals.com>.
To unsubscribe, E-mail to: <ecs-isp-off@2rosenthals.com>
To switch to the DIGEST mode, E-mail to <ecs-isp-digest@2rosenthals.com>
To switch to the INDEX mode, E-mail to <ecs-isp-index@2rosenthals.com>
Send administrative queries to <ecs-isp-request@2rosenthals.com>
To subscribe (new addresses), E-mail to: <ecs-isp-on@2rosenthals.com> and reply to the confirmation email.
Web archives are publicly available at: http://lists.2rosenthals.com
This list is hosted by Rosenthal & Rosenthal, LLC
P.O. Box 281, Deer Park, NY 11729-0281. Non-
electronic communications related to content
contained in these messages should be directed
to the above address. (CAN-SPAM Act of 2003)
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
This message is sent to you because you are subscribed to
the mailing list <ecs-isp@2rosenthals.com>.
To unsubscribe, E-mail to: <ecs-isp-off@2rosenthals.com>
To switch to the DIGEST mode, E-mail to <ecs-isp-digest@2rosenthals.com>
To switch to the INDEX mode, E-mail to <ecs-isp-index@2rosenthals.com>
Send administrative queries to <ecs-isp-request@2rosenthals.com>
To subscribe (new addresses), E-mail to: <ecs-isp-on@2rosenthals.com> and reply to the confirmation email.
Web archives are publicly available at: http://lists.2rosenthals.com
This list is hosted by Rosenthal & Rosenthal, LLC
P.O. Box 281, Deer Park, NY 11729-0281. Non-
electronic communications related to content
contained in these messages should be directed
to the above address. (CAN-SPAM Act of 2003)
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
This message is sent to you because you are subscribed to
the mailing list <ecs-isp@2rosenthals.com>.
To unsubscribe, E-mail to: <ecs-isp-off@2rosenthals.com>
To switch to the DIGEST mode, E-mail to <ecs-isp-digest@2rosenthals.com>
To switch to the INDEX mode, E-mail to <ecs-isp-index@2rosenthals.com>
Send administrative queries to <ecs-isp-request@2rosenthals.com>
To subscribe (new addresses), E-mail to: <ecs-isp-on@2rosenthals.com> and reply to the confirmation email.
Web archives are publicly available at: http://lists.2rosenthals.com
This list is hosted by Rosenthal & Rosenthal, LLC
P.O. Box 281, Deer Park, NY 11729-0281. Non-
electronic communications related to content
contained in these messages should be directed
to the above address. (CAN-SPAM Act of 2003)
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
This message is sent to you because you are subscribed to
the mailing list <ecs-isp@2rosenthals.com>.
To unsubscribe, E-mail to: <ecs-isp-off@2rosenthals.com>
To switch to the DIGEST mode, E-mail to <ecs-isp-digest@2rosenthals.com>
To switch to the INDEX mode, E-mail to <ecs-isp-index@2rosenthals.com>
Send administrative queries to <ecs-isp-request@2rosenthals.com>
To subscribe (new addresses), E-mail to: <ecs-isp-on@2rosenthals.com> and reply to the confirmation email.
Web archives are publicly available at: http://lists.2rosenthals.com
This list is hosted by Rosenthal & Rosenthal, LLC
P.O. Box 281, Deer Park, NY 11729-0281. Non-
electronic communications related to content
contained in these messages should be directed
to the above address. (CAN-SPAM Act of 2003)
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Abboner: Feed,
Digest,
Index. Stopp abbonement E-post til ListMaster |