From: "Paul Smedley" <ecs-isp@2rosenthals.com>
Received: from [192.168.100.201] (HELO mail.2rosenthals.com)
  by 2rosenthals.com (CommuniGate Pro SMTP 5.4.10)
  with ESMTP id 10601923 for ecs-isp@2rosenthals.com; Thu, 15 Aug 2024 17:58:39 -0400
Received: from secmgr-va.2rosenthals.com ([50.73.8.217]:53790 helo=mail2.2rosenthals.com)
	by mail.2rosenthals.com with esmtps  (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.97.1)
	(envelope-from <paul@smedley.id.au>)
	id 1seiUI-000000001bF-0wpF
	for ecs-isp@2rosenthals.com;
	Thu, 15 Aug 2024 17:58:30 -0400
Received: from tiger.tulip.relay.mailchannels.net ([23.83.218.248]:56691)
	by mail2.2rosenthals.com with esmtps  (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.97.1)
	(envelope-from <paul@smedley.id.au>)
	id 1seiUC-000000003qT-13eZ
	for ecs-isp@2rosenthals.com;
	Thu, 15 Aug 2024 17:58:24 -0400
X-Sender-Id: perthwebhosting|x-authuser|paul@smedley.id.au
Received: from relay.mailchannels.net (localhost [127.0.0.1])
	by relay.mailchannels.net (Postfix) with ESMTP id 686035C40DE
	for <ecs-isp@2rosenthals.com>; Thu, 15 Aug 2024 21:58:23 +0000 (UTC)
Received: from colossiansvm.perthwebhosting.net.au (unknown [127.0.0.6])
	(Authenticated sender: perthwebhosting)
	by relay.mailchannels.net (Postfix) with ESMTPA id 9A12E5C556B
	for <ecs-isp@2rosenthals.com>; Thu, 15 Aug 2024 21:58:22 +0000 (UTC)
ARC-Seal: i=1; s=arc-2022; d=mailchannels.net; t=1723759103; a=rsa-sha256;
	cv=none;
	b=Lv8JRqDCAMigoHbqwR1/kYptgA6tV6sjC7gkwvySO14gRZJeFTtCRPYHOZOxPQ8TRPrGMw
	zizqjSyrwXj66llqOwZvD7n+ntdMDk/N8xromMNEebrHEUqNDASdCJhtnf7/Gn8iPADe/i
	oW5e92PdLIqDRMbcR/wBxYOnhNMQb5RUuBvK8RTALGHv7w8Q/sGhPcQKWnGuJG4rDbi23P
	PNS9muCdjWi0HTNVsBYln/Oj1xCc+Q+/dDTCGyY8RDD+gG9lfVM3eC4vGTaYbwZOC5ZwHc
	ucJ9/1bt19kXMISVDwnMjtxcm229ji3gVP87BZnbKcP6Oun6NWDUKRj/fXEfcQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed;
 d=mailchannels.net;
	s=arc-2022; t=1723759103;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=DW8tWI/M1Yu4xeENwQrY22IGnq+U3ivHzzuQJP9g9LQ=;
	b=UDGo8WbjIyyWXj/BDO7K/uk31DSdIJW0lo3hyxepMKhDzjKj5sucVYAJadj93v+9HAMckm
	V6LOVjnXr11XD0gIPXB3BqWeKtthJk4AoHHp1XTH7vZbqQvGo4AV2xQFr96Ifx8cf1EEGv
	E6sxVrVO7RHTNuqkck5LYYySpYChNMeR2Ae+n5GMUqUYPn3GgmCPZB4/4P4zHa8jw6ivkr
	MrdlWH1n1gx+8kuTdq1d5S1gx5TgI4N0eo+dwOgv4l69P41EbbeqRE7lzf9+1WnRoSWSPB
	DKrbtsZc+QjNOEB5PUPWHzd9BvjkSwECCj+b5N5I/Gu0RTzO6vIxp6ZNUieIrQ==
ARC-Authentication-Results: i=1;
	rspamd-c4b59d8dc-5r95d;
	auth=pass smtp.auth=perthwebhosting smtp.mailfrom=paul@smedley.id.au
X-Sender-Id: perthwebhosting|x-authuser|paul@smedley.id.au
X-MC-Relay: Neutral
X-MailChannels-SenderId: perthwebhosting|x-authuser|paul@smedley.id.au
X-MailChannels-Auth-Id: perthwebhosting
X-Coil-Tank: 19cfce854d53f587_1723759103272_404405714
X-MC-Loop-Signature: 1723759103272:155235134
X-MC-Ingress-Time: 1723759103272
Received: from colossiansvm.perthwebhosting.net.au
 (colossiansvm.perthwebhosting.net.au [103.13.84.198])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384)
	by 100.103.82.141 (trex/7.0.2);
	Thu, 15 Aug 2024 21:58:23 +0000
Received: from smedley.org ([45.249.117.21]:52324 helo=[192.168.1.159])
	by colossiansvm.perthwebhosting.net.au with esmtpsa  (TLS1.3) tls TLS_AES_128_GCM_SHA256
	(Exim 4.97.1)
	(envelope-from <paul@smedley.id.au>)
	id 1seiU7-0000000Ar0j-11iV
	for ecs-isp@2rosenthals.com;
	Fri, 16 Aug 2024 05:58:18 +0800
Message-ID: <6e6819b7-e747-4caf-a869-4155b209aca1@smedley.id.au>
Date: Fri, 16 Aug 2024 07:28:17 +0930
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Subject: Re: [eCS-ISP] Apache HTTPS
To: eCS ISP Mailing List <ecs-isp@2rosenthals.com>
References: <list-10601905@2rosenthals.com>
Content-Language: en-AU
In-Reply-To: <list-10601905@2rosenthals.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-AuthUser: paul@smedley.id.au

Hi Steven

On 16/8/24 06:56, Steven Levine wrote:
> In <list-10601870@2rosenthals.com>, on 08/16/24
>     at 06:26 AM, "Paul Smedley" <ecs-isp@2rosenthals.com> said:
>
> Hi Paul,
>
>> https://smedley.id.au/tmp/uacme-1.0.19-os2-20240816.zip is there now.
> This one understands @unixroot.  Thanks.
>
>> Additional change is that it uses symlink() rather than link().
> I don't think this is going to work for use in practice.  When updating a
> certificate what uacme does is
>
>    create a new-crt.pem and new-key.pem
>    hardlink the existing key.pem to timestamped-key.pem
>    hardlink the existing crt.pem to timestamped-crt.pem
>    unlink key.pem
>    unlink crt.pem
>    rename new-crt.pem to crt.pem
>    rename new-key.pem to key.pem
>
> With a symlink timestamped-key.pem will not contain the the content of
> key.pem, so there will be no useful backup.  The is why is suggested that
> the link needed to be replaced with a copy operation.

OK... there is no copy() function in klibc - so I guess I'll find an 
implementation, the alternate option being to rely on the user having 
cp.exe available in path and calling that.

Cheers,

Paul