Mailing List ecs-isp@2rosenthals.com Archived Message #944

Fra: "Massimo S." <ecs-isp@2rosenthals.com> Full Headers
Undecoded message
Emne: Re: [eCS-ISP] HTTPS-Misery (for Steven)
Dato: Tue, 15 Oct 2024 17:53:43 +0200
Til: eCS ISP Mailing List <ecs-isp@2rosenthals.com>



Il 15/10/2024 11:49, Massimo S. ha scritto:


Il 12/10/2024 03:01, Steven Levine ha scritto:
In <list-11075097@2rosenthals.com>, on 10/12/24
    at 01:40 AM, "Massimo S." <ecs-isp@2rosenthals.com> said:

Hi Massimo,

i still don't understand this

No problem.  This stuff was all new to us at one time.

2024/10/12-01:33:15 hook_webmail started at 2024/10/12-01:33:15
2024/10/12-01:33:15 method is begin
2024/10/12-01:33:15 type is http-01
2024/10/12-01:33:15 ident is webmail.mydomain.it
2024/10/12-01:33:15 token is OQg2xEXcj39j6brHDmIDwj5V5mYY1_DOvU5DRDOnPh4

Not so good.  Notice that the hook did not create the token file.  You log
is missing a line like:

2024/08/25-19:58:36 Creating
D:\www\docs\mbopinion\.well-known\acme-challenge\pyyk1CI7afsiXskFrCC8RGVYS9t3qOvvQkRrL07rGaE

which reports that the token file has been successfully created.

My guess is you broke the script when you did your edits.  If think I see
what you did wrong.  You set docroot with

    docroot = 'X:\apache\htdocs\mywebsite\.well-known\acme-challenge'

You should have used

    docroot = 'X:\apache\htdocs\mywebsite'

docroot as the name implies is the name of the document root directory,
not the challenge directory.

The challenge directory name is set by

uacme-hook.cmd:88
   challengeDir = MakePath( docroot, '.well-known\acme-challenge')

I'm pretty sure the script reported that it could not access

   X:\apache\htdocs\mywebsite\.well-known\acme-challenge\.well-known\acme-challenge

and died and you ignored the error message or it scrolled by too fast for
you to read.

Run uacme with the -h and -v options and capture stdout and stderr to a
file:

   uacme -v -h uacme-hook.cmd issue webmail.mydomain.it >out.log 2>&1

Out.log should contain the error message you missed.

i still find the acme-challenge dir empty

This is normal. The only reason the challenge directory will not be empty
is if uacme or the hook script crashes in such a way that the token file
is not deleted.

Your issue is a bit different.  The token file never got created because
you pointed challengeDir at a non-existant directory and the script died.

Steven

hi all,

now i'm completely confused, i don't understand what's happening

this is a certificate i need to create for the first time:


uacme issue mywebsite2.ecomstation.it -h hook_mywebsite2.cmd
2024/10/15-11:24:03
2024/10/15-11:24:03 hook_mywebsite2 started at 2024/10/15-11:24:03
2024/10/15-11:24:03 method is begin
2024/10/15-11:24:03 type is http-01
2024/10/15-11:24:03 ident is mywebsite2.ecomstation.it
2024/10/15-11:24:14
2024/10/15-11:24:14 hook_mywebsite2 started at 2024/10/15-11:24:14
2024/10/15-11:24:14 method is failed
2024/10/15-11:24:14 type is http-01
2024/10/15-11:24:14 ident is mywebsite2.ecomstation.it
2024/10/15-11:24:14 token is U_8xDcx9AT6qFzEosUKhMas8SKcK8SKburtsjaq6zRc
2024/10/15-11:24:14 auth is U_8xDcx9AT6qFzEosUKhMas8SKcK8SKburtsjaq6zRc.zyhanFlpd0tloojCJrdfZjZwx4LbkQHuYa75ndsa-Qs                      2024/10/15-11:24:14 DoFailed deleting D:\apache2\htdocs\webmail2\.well-known\acme-challenge\U_8xDcx9AT6qFzEosUKhMas8SKcK8SKburtsjaq6zRc


2024/10/15-11:24:14 method is failed

why is failed?
it's http01


2024/10/15-11:24:14 DoFailed deleting X:\apache2\htdocs\mywebsite2\.well-known\acme-challenge\U_8xDcx9AT6qFzEosUKhMas8SKcK8SKburtsjaq6zRc

why it fails?

path is perfect, there are no issues in the path


massimo

i found that i had an issue with the virtual host
but i've to retry in the next days
since i'm over the "allmost punitive*" LE re-issue limit

massimo

*punitive since if you do some retry before you have understand
if it's a firewall problema, or an apache, or dns, or hook, or vhost
you have already ran out of retries

Abboner: Feed, Digest, Index.
Stopp abbonement
E-post til ListMaster