| | 
| Från: | "Massimo S." <ecs-isp@2rosenthals.com> | Meddelandehuvud Oavkodat meddelande
 |  
| Ämne: | Re: [eCS-ISP] HTTPS-Misery (for Steven) |  
| Datum: | Mon, 7 Oct 2024 20:48:12 +0200 |  
| Till: | eCS ISP Mailing List <ecs-isp@2rosenthals.com> |  | 
|---|
 what should i get
 (i can only see it if a use the rexx command "say" in the script)
 
 begin
 http-01
 www.domain.com
 VfD7yNIXE4R3KaS8CsBD8thkrZo3W9a3YDyWQHcOxVo
 VfD7yNIXE4R3KaS8CsBD8thkrZo3W9a3YDyWQHcOxVo.zyhanFlpd0tloojCJrdfZjZwx4LbkQHuYa75ndsa-Qs X:\apache\htdocs\mydomain\.well-known\acme-challenge\VfD7yNIXE4R3KaS8CsBD8thkrZo3W9a3YDyWQHcOxVo done
 
 so if var1 is not = "http-01" exit
 
 massimo
 
 
 Il 07/10/2024 20:22, Massimo S. ha scritto:
 
 Hi Steven,
 i'm trying to catch that challenge value to verify when they accept HTTP-01 to improve the script
 
 if i start this rexx from the command line it write the (re7.log) log file
 but if i call the hook script from uacme i get no output, neither the file:
 
 uacme issue www.mywebsite.com --c c:/mptn/etc/ssl/uacme -h zhook_mywebsite.cmd 2>X:\uacme\re6.log
 
 and here the hook script code:
 
 /* hook for client uacme */
 
 parse arg var1 var2 var3 var4 var5
 
 'echo . >re7.log'
 'echo var1 'var1' >>re7.log'
 'echo var1 'var2' >>re7.log'
 'echo var1 'var3' >>re7.log'
 'echo var1 'var4' >>re7.log'
 'echo var1 'var5' >>re7.log'
 
 myfile = 'X:\apache\htdocs\mywebsite\.well-known\acme-challenge\'||var4
 call SysFileDelete 'X:\apache\htdocs\mywebsite\.well-known\acme-challenge\'||var4
 rc= LINEOUT(myfile,var5)
 
 
 massimo
 
 
 Il 07/10/2024 18:54, Massimo S. ha scritto:
 
 
 Il 07/10/2024 16:10, Massimo S. ha scritto:
 
 the point is this:
 "Yes, as I said, somewhere in the recent past Let's Encrypt randomises the order of the challenges in the autz. So you've got ⅓ chance of getting http-01 as the first one.
 
 Your script needs to check which challenge is being processed by it and only respond if it's the http-01 challenge, just like how the sh script does it. I know you can't use it directly, but you should use the sh script as an example how the workflow needs to be."
 
 so we need a script that understand if LE is serving an HTTP-01 challenge or not
 if not just exit and retry
 
 but i've asked also to Nicola Dilieto a solution for this issue.
 
 https://github.com/ndilieto/uacme/issues/88
 
 or with have to make as script (eg. rexx) that do something like this
 
 sorry typO
 
 i mean or we have to modify the hook script to exit if it do not
 receive an http-01 challenge type
 
 this is clearly a way to make life more difficult to the users
 
 it has no sense to randomize the challenge type server side
 it makes to manage certificates more complex
 
 massimo
 
 
 https://github.com/ndilieto/uacme/blob/master/uacme.sh
 
 
 massimo
 
 
 Il 07/10/2024 11:53, Massimo S. ha scritto:
 
 Hi Dan,
 i'm facing a strange issue these days with LE.
 
 If you are interested follow this topic:
 
 https://community.letsencrypt.org/t/renew-of-certificates-fails-randomly-in-the-last-month/227025
 
 massimo
 
 Il 12/08/2024 21:54, Dan Napier, MS, CIH, CAC ha scritto:
 
 Here is where I am now?
 uacme.exe: challenge https://acme-v02.api.letsencrypt.org/acme/chall-v3/38943333
 6946/-1Wx1w failed with status invalid
 uacme.exe: the server reported the following error:
 {
 "type": "urn:ietf:params:acme:error:dns",
 "detail": "DNS problem: NXDOMAIN looking up TXT for _acme-challenge.ns1.dnac
 ih.com - check that a DNS record exists for this domain",
 "status": 400
 }
 uacme.exe: failed to authorize order at https://acme-v02.api.letsencrypt.org/acm
 e/order/1887586636/295703974986
 
 Any Idea what the DNS txt line should look like?
 In the correct place of course--Context is everything ain't it!
 
 _acme-challenge     TXT = "WTF goe Here?"
 
 Looking as some of the discussion changes bi monthly?
 
 
 -- Certified Industrial Hygienist
 Certified Asbestos Consultant
 
 Dan Napier, MS, CIH, CAC
 92-0614 8/24/24
 2520 Artesia Boulevard
 Redondo Beach, CA 90278-3210
 310-644-1924 x 103
 CSLB 773462
 
 =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
 This message is sent to you because you are subscribed to
 the mailing list <ecs-isp@2rosenthals.com>.
 To unsubscribe, E-mail to: <ecs-isp-off@2rosenthals.com>
 To switch to the DIGEST mode, E-mail to <ecs-isp-digest@2rosenthals.com>
 To switch to the INDEX mode, E-mail to <ecs-isp-index@2rosenthals.com>
 Send administrative queries to  <ecs-isp-request@2rosenthals.com>
 To subscribe (new addresses), E-mail to: <ecs-isp-on@2rosenthals.com> and reply to the confirmation email.
 Web archives are publicly available at: http://lists.2rosenthals.com
 
 This list is hosted by Rosenthal & Rosenthal, LLC
 P.O. Box 281, Deer Park, NY 11729-0281. Non-
 electronic communications related to content
 contained in these messages should be directed
 to the above address. (CAN-SPAM Act of 2003)
 
 =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
 
 
 =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
 This message is sent to you because you are subscribed to
 the mailing list <ecs-isp@2rosenthals.com>.
 To unsubscribe, E-mail to: <ecs-isp-off@2rosenthals.com>
 To switch to the DIGEST mode, E-mail to <ecs-isp-digest@2rosenthals.com>
 To switch to the INDEX mode, E-mail to <ecs-isp-index@2rosenthals.com>
 Send administrative queries to  <ecs-isp-request@2rosenthals.com>
 To subscribe (new addresses), E-mail to: <ecs-isp-on@2rosenthals.com> and reply to the confirmation email.
 Web archives are publicly available at: http://lists.2rosenthals.com
 
 This list is hosted by Rosenthal & Rosenthal, LLC
 P.O. Box 281, Deer Park, NY 11729-0281. Non-
 electronic communications related to content
 contained in these messages should be directed
 to the above address. (CAN-SPAM Act of 2003)
 
 =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
 
 
 =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
 This message is sent to you because you are subscribed to
 the mailing list <ecs-isp@2rosenthals.com>.
 To unsubscribe, E-mail to: <ecs-isp-off@2rosenthals.com>
 To switch to the DIGEST mode, E-mail to <ecs-isp-digest@2rosenthals.com>
 To switch to the INDEX mode, E-mail to <ecs-isp-index@2rosenthals.com>
 Send administrative queries to  <ecs-isp-request@2rosenthals.com>
 To subscribe (new addresses), E-mail to: <ecs-isp-on@2rosenthals.com> and reply to the confirmation email.
 Web archives are publicly available at: http://lists.2rosenthals.com
 
 This list is hosted by Rosenthal & Rosenthal, LLC
 P.O. Box 281, Deer Park, NY 11729-0281. Non-
 electronic communications related to content
 contained in these messages should be directed
 to the above address. (CAN-SPAM Act of 2003)
 
 =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
 
 
 =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
 This message is sent to you because you are subscribed to
 the mailing list <ecs-isp@2rosenthals.com>.
 To unsubscribe, E-mail to: <ecs-isp-off@2rosenthals.com>
 To switch to the DIGEST mode, E-mail to <ecs-isp-digest@2rosenthals.com>
 To switch to the INDEX mode, E-mail to <ecs-isp-index@2rosenthals.com>
 Send administrative queries to  <ecs-isp-request@2rosenthals.com>
 To subscribe (new addresses), E-mail to: <ecs-isp-on@2rosenthals.com> and reply to the confirmation email.
 Web archives are publicly available at: http://lists.2rosenthals.com
 
 This list is hosted by Rosenthal & Rosenthal, LLC
 P.O. Box 281, Deer Park, NY 11729-0281. Non-
 electronic communications related to content
 contained in these messages should be directed
 to the above address. (CAN-SPAM Act of 2003)
 
 =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
 
 
 =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
 This message is sent to you because you are subscribed to
 the mailing list <ecs-isp@2rosenthals.com>.
 To unsubscribe, E-mail to: <ecs-isp-off@2rosenthals.com>
 To switch to the DIGEST mode, E-mail to <ecs-isp-digest@2rosenthals.com>
 To switch to the INDEX mode, E-mail to <ecs-isp-index@2rosenthals.com>
 Send administrative queries to  <ecs-isp-request@2rosenthals.com>
 To subscribe (new addresses), E-mail to: <ecs-isp-on@2rosenthals.com> and reply to the confirmation email.
 Web archives are publicly available at: http://lists.2rosenthals.com
 
 This list is hosted by Rosenthal & Rosenthal, LLC
 P.O. Box 281, Deer Park, NY 11729-0281. Non-
 electronic communications related to content
 contained in these messages should be directed
 to the above address. (CAN-SPAM Act of 2003)
 
 =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
 
 
 |