List ecs-isp@2rosenthals.com Arkiverade meddelande #936

Från: "Massimo S." <ecs-isp@2rosenthals.com> Meddelandehuvud
Oavkodat meddelande
Ämne: Re: [eCS-ISP] HTTPS-Misery (for Steven)
Datum: Fri, 11 Oct 2024 10:36:59 +0200
Till: eCS ISP Mailing List <ecs-isp@2rosenthals.com>

Hi Steven,

i hope to have permissions to modify the script to adapt to my environment/paths

i've removed this part of the code:



  /* Find docs directory for server */
  docsdir = left(directory(), 1) || ':\www\docs\'
  if gTesting then
    docsdir = left(directory(), 1) || ':\Internet\apache24-data\htdocs'

  if \ IsDir(docsdir) then
    call Die 'Cannot access' docsdir 'directory'

  /* Map domain to VirtualHost docroot directory */
  ndx = lastpos('.', gIdent)
  if ndx = 0 then do
    domain = gIdent
    suffix = ''
  end
  else do
    suffix = substr(gIdent, ndx + 1) /* Without dot */
    domain = left(gIdent, ndx - 1)
    ndx = lastpos('.', domain)
    if ndx > 0 then
      domain = substr(domain, ndx + 1)
  end

  docroot = MakePath( docsdir, domain)
  if \ IsDir(docroot) then
    docroot = MakePath( docsdir, domain || suffix) /* cih.bz -> cihbz */




and added just

  docroot = 'X:\apache\htdocs\mywebsite\.well-known\acme-challenge'


of course like before i have to create an hook script for each domain,
but this is not a problem

now the scripts works well also here

i've another question

in the \acme-challenge dir with my script i was used to find
a lot of token files

eg. zGaQTb6CdwEeuLNOm4-DK8zBxCSlql-oCxXl2V3t9Q0

now the dir remains empty
i already reissued 2 times a certificate with success
but i still find the \acme-challenge dir empy
and i didn't find in the code something that
clear the token file

is this ok?


i also added a say gType
before

  if gType \== 'http-01' then

at line 114
but i don't find any output to the screen


thanks

massimo



Il 09/10/2024 10:28, Massimo S. ha scritto:
i'm reading the code it expect that virtual hosts directories
to have a specific name/path

but here it's not the same, they have different path names
some is abbreviated etc.

so i can't use this script
it requires too many modification to all my environment
i've too much stuff (scripts, bkups, etc. that expect these paths)

i've not the sufficient skill to fully modify your script
i'm sorry
even to understand it completely it could take months

i'm asking you an help

it should be possible only to add the "check http-01 method"
to this simpler (or naive :-) script?

so that i can keep on using all my infrastructure scripts and paths

maybe it should look like this:


/* comando di hook per client uacme */

parse arg var1 var2 var3 var4 var5

if var2 \== 'http-01' then call "issues"

myfile = 'X:\apache\htdocs\mywebsite\.well-known\acme-challenge\'||var4
call SysFileDelete 'X:\apache\htdocs\mywebsite\.well-known\acme-challenge\'||var4
rc= LINEOUT(myfile,var5)

issues:

"send a notify"
"and try again"
exit

return

i've some tents of domains, but it's not a problem to create a new hook script
for a new domain, since normally there is only a new website per year

thanks

massimo

Il 09/10/2024 09:43, Massimo S. ha scritto:
Hi Steven,

is there a place to download the script?
or could you send a zip?

thanks

massimo


Il 07/10/2024 21:58, Steven Levine ha scritto:
In <list-11070551@2rosenthals.com>, on 10/07/24
    at 08:22 PM, "Massimo S." <ecs-isp@2rosenthals.com> said:

i'm trying to catch that challenge value to verify when they accept
HTTP-01 to improve the script

I have appended a copy of the uacme-hook.cmd that Dan and I use.

The interesting code is above the

   /*==============================================================================*/
   /*=== SkelRexxFunc standards - Delete unused - Move modified above this
mark ===*/
   /*==============================================================================*/

separator.  Everything below is boilerplate code that is maintained by my
tools.

You may notice that the script is almost 100% generic.  Since our mapping
of domain names to document roots is consistent, I saw no need to parse
the httpd conf files or read the mappings from an external file.

The relevant mapping code follows the

   /* Map domain to VirtualHost docroot directory */

comment.

To handle possible uacme.exe failures, we back up the certificates before
the uacme.exe runs and configure httpd to use the certificates as created
by uacme.

Steven


=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
This message is sent to you because you are subscribed to
  the mailing list <ecs-isp@2rosenthals.com>.
To unsubscribe, E-mail to: <ecs-isp-off@2rosenthals.com>
To switch to the DIGEST mode, E-mail to <ecs-isp-digest@2rosenthals.com>
To switch to the INDEX mode, E-mail to <ecs-isp-index@2rosenthals.com>
Send administrative queries to  <ecs-isp-request@2rosenthals.com>
To subscribe (new addresses), E-mail to: <ecs-isp-on@2rosenthals.com> and reply to the confirmation email.
Web archives are publicly available at: http://lists.2rosenthals.com

This list is hosted by Rosenthal & Rosenthal, LLC
P.O. Box 281, Deer Park, NY 11729-0281. Non-
electronic communications related to content
contained in these messages should be directed
to the above address. (CAN-SPAM Act of 2003)

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=


Prenumerera: Sändning, Uppsamling, Index.
Stoppa prenumeration
Meddelande till ListMaster