From: "Massimo S." <ecs-isp@2rosenthals.com>
Received: from [192.168.100.201] (HELO mail.2rosenthals.com)
  by 2rosenthals.com (CommuniGate Pro SMTP 5.4.10)
  with ESMTP id 10591826 for ecs-isp@2rosenthals.com; Mon, 12 Aug 2024 15:19:12 -0400
Received: from [192.168.200.201] (port=58764 helo=mail2.2rosenthals.com)
	by mail.2rosenthals.com with esmtp (Exim 4.97.1)
	(envelope-from <ml@ecomstation.it>)
	id 1sdaZS-000000003AD-1cEn
	for ecs-isp@2rosenthals.com;
	Mon, 12 Aug 2024 15:19:11 -0400
Received: from mail2.quasarbbs.net ([80.86.52.115]:10004)
	by mail2.2rosenthals.com with esmtp (Exim 4.97.1)
	(envelope-from <ml@ecomstation.it>)
	id 1sdaZK-000000002uP-0Ow4
	for ecs-isp@2rosenthals.com;
	Mon, 12 Aug 2024 15:19:02 -0400
X-SASI-Hits: BODY_SIZE_3000_3999 0.000000, BODY_SIZE_5000_LESS 0.000000,
	BODY_SIZE_7000_LESS 0.000000, CTE_8BIT 0.000000, HTML_00_01 0.050000,
	HTML_00_10 0.050000, IN_REP_TO 0.000000, LEGITIMATE_SIGNS 0.000000,
	MSGID_SAMEAS_FROM_HEX_844412 0.100000, MSG_THREAD 0.000000,
	REFERENCES 0.000000, REPLYTO_SAMEAS_FROM 0.000000, SENDER_NO_AUTH 0.000000,
	SUSP_DH_NEG 0.000000, TO_IN_SUBJECT 0.500000, URI_ENDS_IN_HTML 0.000000,
	USER_AGENT 0.000000, __ANY_URI 0.000000, __BODY_NO_MAILTO 0.000000,
	__BOUNCE_CHALLENGE_SUBJ 0.000000, __BOUNCE_NDR_SUBJ_EXEMPT 0.000000,
	__CP_URI_IN_BODY 0.000000, __CT 0.000000, __CTE 0.000000,
	__CT_TEXT_PLAIN 0.000000, __DQ_NEG_DOMAIN 0.000000, __DQ_NEG_HEUR 0.000000,
	__DQ_NEG_IP 0.000000, __FORWARDED_MSG 0.000000,
	__FROM_DOMAIN_NOT_IN_BODY 0.000000, __FROM_NAME_NOT_IN_ADDR 0.000000,
	__FROM_NAME_NOT_IN_BODY 0.000000, __FUR_HEADER 0.000000, __HAS_FROM 0.000000,
	__HAS_MSGID 0.000000, __HAS_REFERENCES 0.000000, __HAS_REPLYTO 0.000000,
	__HEADER_ORDER_FROM 0.000000, __HTTPS_URI 0.000000,
	__INVOICE_MULTILINGUAL 0.000000, __IN_REP_TO 0.000000, __MAIL_CHAIN 0.000000,
	__MIME_BOUND_CHARSET 0.000000, __MIME_TEXT_ONLY 0.000000,
	__MIME_TEXT_P 0.000000, __MIME_TEXT_P1 0.000000, __MIME_VERSION 0.000000,
	__MOZILLA_USER_AGENT 0.000000, __MSGID_HEX_844412 0.000000,
	__MULTIPLE_URI_TEXT 0.000000, __NO_HTML_TAG_RAW 0.000000,
	__PHISH_PHRASE1_A 0.000000, __REFERENCES 0.000000,
	__REPLYTO_SAMEAS_FROM_ACC 0.000000, __REPLYTO_SAMEAS_FROM_ADDY 0.000000,
	__REPLYTO_SAMEAS_FROM_DOMAIN 0.000000, __RUS_OBFU_PHONE 0.000000,
	__SANE_MSGID 0.000000, __SCAN_D_NEG 0.000000, __SCAN_D_NEG2 0.000000,
	__SCAN_D_NEG_HEUR 0.000000, __SCAN_D_NEG_HEUR2 0.000000,
	__SUBJ_ALPHA_END 0.000000, __SUBJ_ALPHA_NEGATE 0.000000,
	__SUBJ_REPLY 0.000000, __TO_IN_SUBJECT 0.000000, __TO_MALFORMED_2 0.000000,
	__TO_NAME 0.000000, __TO_NAME_DIFF_FROM_ACC 0.000000,
	__TO_REAL_NAMES 0.000000, __URI_IN_BODY 0.000000, __URI_MAILTO 0.000000,
	__URI_NOT_IMG 0.000000, __URI_NS 0.000000, __URI_WITHOUT_PATH 0.000000,
	__URI_WITH_PATH 0.000000, __USER_AGENT 0.000000
X-SASI-Probability: 10%
X-SASI-RCODE: 200
X-SASI-Version: Antispam-Engine: 5.1.4, AntispamData: 2024.8.12.183919
X-SASI-Hits: BODY_SIZE_3000_3999 0.000000, BODY_SIZE_5000_LESS 0.000000,
	BODY_SIZE_7000_LESS 0.000000, CTE_8BIT 0.000000, HTML_00_01 0.050000,
	HTML_00_10 0.050000, IN_REP_TO 0.000000, LEGITIMATE_SIGNS 0.000000,
	MSGID_SAMEAS_FROM_HEX_844412 0.100000, MSG_THREAD 0.000000,
	REFERENCES 0.000000, REPLYTO_SAMEAS_FROM 0.000000, SUSP_DH_NEG 0.000000,
	TO_IN_SUBJECT 0.500000, URI_ENDS_IN_HTML 0.000000, USER_AGENT 0.000000,
	__ANY_URI 0.000000, __AUTH_RES_PASS 0.000000, __BODY_NO_MAILTO 0.000000,
	__BOUNCE_CHALLENGE_SUBJ 0.000000, __BOUNCE_NDR_SUBJ_EXEMPT 0.000000,
	__CP_URI_IN_BODY 0.000000, __CT 0.000000, __CTE 0.000000,
	__CT_TEXT_PLAIN 0.000000, __DQ_NEG_DOMAIN 0.000000, __DQ_NEG_HEUR 0.000000,
	__DQ_NEG_IP 0.000000, __FORWARDED_MSG 0.000000,
	__FROM_DOMAIN_NOT_IN_BODY 0.000000, __FROM_NAME_NOT_IN_ADDR 0.000000,
	__FROM_NAME_NOT_IN_BODY 0.000000, __FUR_HEADER 0.000000, __HAS_FROM 0.000000,
	__HAS_MSGID 0.000000, __HAS_REFERENCES 0.000000, __HAS_REPLYTO 0.000000,
	__HEADER_ORDER_FROM 0.000000, __HTTPS_URI 0.000000,
	__INVOICE_MULTILINGUAL 0.000000, __IN_REP_TO 0.000000, __MAIL_CHAIN 0.000000,
	__MIME_BOUND_CHARSET 0.000000, __MIME_TEXT_ONLY 0.000000,
	__MIME_TEXT_P 0.000000, __MIME_TEXT_P1 0.000000, __MIME_VERSION 0.000000,
	__MOZILLA_USER_AGENT 0.000000, __MSGID_HEX_844412 0.000000,
	__MULTIPLE_URI_TEXT 0.000000, __NO_HTML_TAG_RAW 0.000000,
	__PHISH_PHRASE1_A 0.000000, __REFERENCES 0.000000,
	__REPLYTO_SAMEAS_FROM_ACC 0.000000, __REPLYTO_SAMEAS_FROM_ADDY 0.000000,
	__REPLYTO_SAMEAS_FROM_DOMAIN 0.000000, __RUS_OBFU_PHONE 0.000000,
	__SANE_MSGID 0.000000, __SCAN_D_NEG 0.000000, __SCAN_D_NEG2 0.000000,
	__SCAN_D_NEG_HEUR 0.000000, __SCAN_D_NEG_HEUR2 0.000000,
	__SUBJ_ALPHA_END 0.000000, __SUBJ_ALPHA_NEGATE 0.000000,
	__SUBJ_REPLY 0.000000, __TO_IN_SUBJECT 0.000000, __TO_MALFORMED_2 0.000000,
	__TO_NAME 0.000000, __TO_NAME_DIFF_FROM_ACC 0.000000,
	__TO_REAL_NAMES 0.000000, __URI_IN_BODY 0.000000, __URI_MAILTO 0.000000,
	__URI_NOT_IMG 0.000000, __URI_NS 0.000000, __URI_WITHOUT_PATH 0.000000,
	__URI_WITH_PATH 0.000000, __USER_AGENT 0.000000
X-SASI-Probability: 10%
X-SASI-RCODE: 200
X-SASI-Version: Antispam-Engine: 5.1.4, AntispamData: 2024.8.12.183919
Received: from [192.168.10.199] (dtp [192.168.10.199]) by srv2 (Weasel v2.9-0001
 ) for <ecs-isp@2rosenthals.com>; Mon, 12 Aug 2024 20:30:12 -0000
Reply-To: ml@ecomstation.it
Subject: Re: [eCS-ISP] Let's encrypt
To: eCS ISP Mailing List <ecs-isp@2rosenthals.com>
References: <list-10570006@2rosenthals.com> <list-10572497@2rosenthals.com>
 <list-10572648@2rosenthals.com>
Organization: Massimo S.
Message-ID: <287d65f8-1a57-e993-593e-0557aa9f43f9@ecomstation.it>
Date: Mon, 12 Aug 2024 21:18:56 +0200
User-Agent: Mozilla/5.0 (OS/2; U; Warp 4.5; it-IT; rv:1.7.13) Gecko/20060424
 Thunderbird/1.0.8 Mnenhy/0.7.4.0
MIME-Version: 1.0
In-Reply-To: <list-10572648@2rosenthals.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: it-IT
Content-Transfer-Encoding: 8bit



Il 12/08/2024 07:54, Dan Napier, MS, CIH, CAC ha scritto:
> 
> 
> -- 
> Certified Industrial Hygienist
> Certified Asbestos Consultant
> 
> Dan Napier, MS, CIH, CAC
> 92-0614 8/24/24
> 2520 Artesia Boulevard
> Redondo Beach, CA 90278-3210
> 310-644-1924 x 103
> CSLB 773462Massimo,
> Some steps are not so easy to see
> Step by step
> "create a certificate with the chain certificate inside of the .cert, so
> you have always the latest chain certificate from Let's Encrypt automatically."
> 
> OK I have no idea what to do here.  You say create a certificate.   COMO VA?
> 
> uacme -v new
> will not allow connection to the WEB
> 
> It installed a key in mptn\etc\ssl\uacme\  but that was all
> 
>      I appreciate your help, but there is alot left out.   apache needs some modules loaded, I think I may be 
> missing some of those.  I got rewrite and ssl, but did you load the ssl page from extra too?

Hi,

LoadModule ssl_module modules/ssl.dll

<IfModule ssl_module>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
</IfModule>

SSLPassPhraseDialog  builtin
SSLSessionCacheTimeout  300
SSLSessionCache        shmcb:X:/temp/ssl_scache(512000)
SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSV1.1
SSLHonorCipherOrder on

SSLCipherSuite    TLSv1.3 
TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_DHE_RSA_WITH_AES_256_GCM_SHA384

SSLCipherSuite    SSL 
ECDHE-RSA-AES256-GCM-SHA384:TLS_DHE_RSA_WITH_AES_256_GCM_SHA384:TLS_DHE_RSA_WITH_AES_256_CCM_8:TLS_DHE_RSA_WITH_AES_256_CCM

SSLUseStapling on
SSLStaplingErrorCacheTimeout 600
SSLStaplingCache shmcb:X:/temp/ssl_cache(512000)

SSLCompression Off



these will make your ssl hosting to get an overall rating of A+

https://www.ssllabs.com/ssltest/analyze.html?d=www.yourwebsite.com

it has been very hard to get A+ rating from this website ;-)



instead about session cache resumption:

Session resumption (caching)	No (IDs assigned but not accepted)

i still don't know how to improve this parameter

massimo




> On Sunday, August 11, 2024 22:00 PDT, "Massimo S." <ecs-isp@2rosenthals.com> wrote:
>> hi,
>>
>> you can find all in my posts here of 23/7/2024 12,20 and 13,30
>>
>> apache+uacme is explained in details, step by step
>>
>> massimo
>>
>>
>> Il 11/08/2024 22:07, Dan Napier, MS, CIH, CAC ha scritto:
>> > Massimo,
>> >
>> > potresti aiutarmi inviando una copia dello script che stai utilizzando per "Let's Encrypt" Sono totalmente
>> > perso, ma ispirato perché l'hai fatto. Dan Napier dan@cihcsp.com
>> >
>> >
>> >
>> >
>> >
>> >
>> > --
>> > Certified Industrial Hygienist
>> > Certified Asbestos Consultant
>> >
>> > Dan Napier, MS, CIH, CAC
>> > 92-0614 8/24/24
>> > 2520 Artesia Boulevard
>> > Redondo Beach, CA 90278-3210
>> > 310-644-1924 x 103
>> > CSLB 773462
>>
>> =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
>> This message is sent to you because you are subscribed to
>> the mailing list <ecs-isp@2rosenthals.com>.
>> To unsubscribe, E-mail to: <ecs-isp-off@2rosenthals.com>
>> To switch to the DIGEST mode, E-mail to <ecs-isp-digest@2rosenthals.com>
>> To switch to the INDEX mode, E-mail to <ecs-isp-index@2rosenthals.com>
>> Send administrative queries to <ecs-isp-request@2rosenthals.com>
>> To subscribe (new addresses), E-mail to: <ecs-isp-on@2rosenthals.com> and reply to the confirmation email.
>> Web archives are publicly available at: http://lists.2rosenthals.com
>>
>> This list is hosted by Rosenthal & Rosenthal, LLC
>> P.O. Box 281, Deer Park, NY 11729-0281. Non-
>> electronic communications related to content
>> contained in these messages should be directed
>> to the above address. (CAN-SPAM Act of 2003)
>>
>> =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=