List ecs-isp@2rosenthals.com Arkiverade meddelande #939

Från: "Massimo S." <ecs-isp@2rosenthals.com> Meddelandehuvud
Oavkodat meddelande
Ämne: Re: [eCS-ISP] HTTPS-Misery (for Steven)
Datum: Sat, 12 Oct 2024 01:40:40 +0200
Till: eCS ISP Mailing List <ecs-isp@2rosenthals.com>



Il 11/10/2024 22:20, Steven Levine ha scritto:
In <list-11074276@2rosenthals.com>, on 10/11/24
    at 10:36 AM, "Massimo S." <ecs-isp@2rosenthals.com> said:

Hi Massimo,

i hope to have permissions to modify the script to adapt to my
environment/paths

You don't need my permission.  As it says in the header

politeness is much more important for me than GPL or such

    This program is free software licensed under the terms of
    the GNU General Public License Version 3 or newer.  The GPL
    Software License can be found in gnugpl3.txt or at
    http://www.gnu.org/licenses/licenses.html#GPL

If you don't know what the GPL is and how you are allowed to GPL licenced
code, I recommend you do some reading.

and added just
   docroot = 'X:\apache\htdocs\mywebsite\.well-known\acme-challenge'

of course like before i have to create an hook script for each domain,
but this is not a problem
now the scripts works well also here

Good to hear.  Let me know if you run into any unexpected problems.  As I
mentioned, the script is intended to be mostly generic, but one never
knows how generic a script is until it's got multiple users.

I would never have have gone with a multiple script solution, but it's
your time and your choice.

FWIW, if I had to implement a solution where the domain to directory
mapping is not algorithmic, I would have used a mapping file with lines of
the form

   domain  path

It's a simple job for REXX to read the file, match on the domain and map
the domain to the path.  This way I would only have one file to edit for
all domains being managed.

i've another question
in the \acme-challenge dir with my script i was used to find a lot of
token files
eg. zGaQTb6CdwEeuLNOm4-DK8zBxCSlql-oCxXl2V3t9Q0
now the dir remains empty

This is how the ACME token files are supposed to be managed.  Your naive
scripts did not implement the hook as intended.

The token files are only good for one use and are supposed to be deleted
by the hook script.  If you review uacme-hook.log, you will see log
messages indicating when the token files are created and deleted.

and i didn't find in the code something that
clear the token file

The token files are deleted by

uacme-hook.cmd:131
   call SysFileDelete gTokenFile

uacme-hook.cmd:141
   call SysFileDelete gTokenFile

In the uacme.sh sample script, the token files are deleted by

uacme.sh:48
     "done"|"failed")
         case "$TYPE" in
             http-01)
                 rm ${CHALLENGE_PATH}/${TOKEN}
                 exit $?
                 ;;


i also added a say gType
before
   if gType \== 'http-01' then
at line 114
but i don't find any output to the screen

You are probably missing it.  The logs files are a better way to look for
this.  They don't scroll off the screen so fast.  From one of my logs, I
have >
2024/08/19-18:04:45 uacme-hook started at 2024/08/19-18:04:45
2024/08/19-18:04:45 method is begin
2024/08/19-18:04:45 type is dns-01
2024/08/19-18:04:45 ident is www.www.cih.bz
2024/08/19-18:04:45 token is nPKmBr_nbCWbtX-09jCugox_kuqPCSok3O13g3fb_hs
2024/08/19-18:04:45 auth is 3D6NBz-8HXPorNUQIcP2DS9DK4TeyN5L7byu10KwqYM

and

2024/08/13-08:39:26 method is begin
2024/08/13-08:39:26 type is tls-alpn-01
2024/08/13-08:39:26 ident is test.warpcave.com
2024/08/13-08:39:26 token is yL12UITv9P44oo6eEpL37-MSSnxno5ECoQnJDs4QYQc
2024/08/13-08:39:26 auth is dGEv0VC2mYKwXrYn0CHyFdg_77Qzuzw-3y_O0AbqTRY

so, it's clear that Let's Encrypt will try various challenge types.

I do seem mostly http-01 challenges, so it's possble to LE records the
last successful challenge type an tries it first most of the time.  It's
an obvious optimization.

Steven

thank you so much
but as you know i've not your skills
i still don't understand this

2024/10/12-01:33:15 hook_webmail started at 2024/10/12-01:33:15
2024/10/12-01:33:15 method is begin
2024/10/12-01:33:15 type is http-01
2024/10/12-01:33:15 ident is webmail.mydomain.it
2024/10/12-01:33:15 token is OQg2xEXcj39j6brHDmIDwj5V5mYY1_DOvU5DRDOnPh4
2024/10/12-01:33:25 hook_webmail started at 2024/10/12-01:33:25
2024/10/12-01:33:25 method is failed
2024/10/12-01:33:25 type is http-01
2024/10/12-01:33:25 ident is webmail.mydomain.it
2024/10/12-01:33:25 token is OQg2xEXcj39j6brHDmIDwj5V5mYY1_DOvU5DRDOnPh4
2024/10/12-01:33:25 auth is OQg2xEXcj39j6brHDmIDwj5V5mYY1_DOvU5DRDOnPh4.zyhanFlpd0tloojCJrdfZjZwx4LbkQHuYa75ndsa-Qs 2024/10/12-01:33:25 DoFailed deleting X:\apache\htdocs\webmail\.well-known\acme-challenge\OQg2xEXcj39j6brHDmIDwj5V5mYY1_DOvU5DRDOnPh4

for this domain it failed
i still find the acme-challenge dir empty
and it fails even if the method is http-01

i'm puzzled, sorry


massimo

Prenumerera: Sändning, Uppsamling, Index.
Stoppa prenumeration
Meddelande till ListMaster