Mensaje archivado #939 de la Lista ecs-isp@2rosenthals.com | volver a la lista |
|
---|
In <list-11074276@2rosenthals.com>, on 10/11/24
at 10:36 AM, "Massimo S." <ecs-isp@2rosenthals.com> said:
Hi Massimo,
i hope to have permissions to modify the script to adapt to my
environment/paths
You don't need my permission. As it says in the header
This program is free software licensed under the terms of
the GNU General Public License Version 3 or newer. The GPL
Software License can be found in gnugpl3.txt or at
http://www.gnu.org/licenses/licenses.html#GPL
If you don't know what the GPL is and how you are allowed to GPL licenced
code, I recommend you do some reading.
and added just
docroot = 'X:\apache\htdocs\mywebsite\.well-known\acme-challenge'
of course like before i have to create an hook script for each domain,
but this is not a problem
now the scripts works well also here
Good to hear. Let me know if you run into any unexpected problems. As I
mentioned, the script is intended to be mostly generic, but one never
knows how generic a script is until it's got multiple users.
I would never have have gone with a multiple script solution, but it's
your time and your choice.
FWIW, if I had to implement a solution where the domain to directory
mapping is not algorithmic, I would have used a mapping file with lines of
the form
domain path
It's a simple job for REXX to read the file, match on the domain and map
the domain to the path. This way I would only have one file to edit for
all domains being managed.
i've another question
in the \acme-challenge dir with my script i was used to find a lot of
token files
eg. zGaQTb6CdwEeuLNOm4-DK8zBxCSlql-oCxXl2V3t9Q0
now the dir remains empty
This is how the ACME token files are supposed to be managed. Your naive
scripts did not implement the hook as intended.
The token files are only good for one use and are supposed to be deleted
by the hook script. If you review uacme-hook.log, you will see log
messages indicating when the token files are created and deleted.
and i didn't find in the code something that
clear the token file
The token files are deleted by
uacme-hook.cmd:131
call SysFileDelete gTokenFile
uacme-hook.cmd:141
call SysFileDelete gTokenFile
In the uacme.sh sample script, the token files are deleted by
uacme.sh:48
"done"|"failed")
case "$TYPE" in
http-01)
rm ${CHALLENGE_PATH}/${TOKEN}
exit $?
;;
i also added a say gType
before
if gType \== 'http-01' then
at line 114
but i don't find any output to the screen
You are probably missing it. The logs files are a better way to look for
this. They don't scroll off the screen so fast. From one of my logs, I
have >
2024/08/19-18:04:45 uacme-hook started at 2024/08/19-18:04:45
2024/08/19-18:04:45 method is begin
2024/08/19-18:04:45 type is dns-01
2024/08/19-18:04:45 ident is www.www.cih.bz
2024/08/19-18:04:45 token is nPKmBr_nbCWbtX-09jCugox_kuqPCSok3O13g3fb_hs
2024/08/19-18:04:45 auth is 3D6NBz-8HXPorNUQIcP2DS9DK4TeyN5L7byu10KwqYM
and
2024/08/13-08:39:26 method is begin
2024/08/13-08:39:26 type is tls-alpn-01
2024/08/13-08:39:26 ident is test.warpcave.com
2024/08/13-08:39:26 token is yL12UITv9P44oo6eEpL37-MSSnxno5ECoQnJDs4QYQc
2024/08/13-08:39:26 auth is dGEv0VC2mYKwXrYn0CHyFdg_77Qzuzw-3y_O0AbqTRY
so, it's clear that Let's Encrypt will try various challenge types.
I do seem mostly http-01 challenges, so it's possble to LE records the
last successful challenge type an tries it first most of the time. It's
an obvious optimization.
Steven
Suscribirse: Todos,
Compendio,
Indice. Desuscribirse Correo al dueño de la Lista |