From: "=?utf-8?q?Dan_Napier=2C_MS=2C_CIH=2C_CAC?=" <ecs-isp@2rosenthals.com>
Content-Type: multipart/mixed; boundary="----=_=-_OpenGroupware_org_NGMime-3535701-1723831185.444501-1------"
Reply-To: dan@cihcsp.com
Date: Fri, 16 Aug 2024 10:59:45 -0700
To: "eCS ISP Mailing List" <ecs-isp@2rosenthals.com>
MIME-Version: 1.0
Message-ID: <35f355-66bf9380-1-1adb7180@72572691>
Subject: =?utf-8?q?Re=3A?= [eCS-ISP] Apache HTTPS
User-Agent: SOGoMail 5.10.0

------=_=-_OpenGroupware_org_NGMime-3535701-1723831185.444501-1------
Content-Type: multipart/alternative; boundary="----=_=-_OpenGroupware_org_NGMime-3535701-1723831185.444260-0------"

------=_=-_OpenGroupware_org_NGMime-3535701-1723831185.444260-0------
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Content-Length: 6942


Steven

Here is as far as I get,=C2=A0 I is asking for a TXT line in the dns se=
rver?
=C2=A0uacme.exe: challenge https://acme-v02.api.letsencrypt.org/acme/ch=
all-v3/38943333
6946/-1Wx1w failed with status invalid
uacme.exe: the server reported the following error:
{
    "type": "urn:ietf:params:acme:error:dns",
    "detail": "DNS problem: NXDOMAIN looking up TXT for =5Facme-challen=
ge.ns1.dnac
ih.com - check that a DNS record exists for this domain",
    "status": 400
}
uacme.exe: failed to authorize order at https://acme-v02.api.letsencryp=
t.org/acm
e/order/1887586636/295703974986




On Tuesday, July 23, 2024 04:30 PDT, "Massimo S." <ecs-isp@2rosenthals.=
com> wrote:
=C2=A0Now the apache httpd.conf part:


this rewrite http requests to the https vhost:

<VirtualHost *:80>
ServerAdmin webmaster@yourwebsite.com
ServerName www.yourwebsite.com
ServerAlias yourwebsite.com
RewriteEngine on
RewriteCond %{HTTP=5FHOST} ^(www\.)?yourwebsite\.com [NC]
RewriteCond %{HTTPS} off
RewriteRule ^/(.*)$ https://www.yourwebsite.com/$1 [R,L]
</VirtualHost>


now the https vhost:

<VirtualHost *:443>
ServerAdmin webmaster@yourwebsite.com
DocumentRoot d:/apache/htdocs/yourwebsite
ServerName www.yourwebsite.com
ServerAlias yourwebsite.com

SSLEngine on
SSLCertificateFile c:/mptn/etc/ssl/uacme/www.yourwebsite.com/cert.pem
SSLCertificateKeyFile c:/mptn/etc/ssl/uacme/private/www.yourwebsite.com=
/key.pem

</VirtualHost>


you don't need the chain certificate since UACME create automatically a=
 certificate with also the chain
certificate inside it


to verify your certificate you can use this web tool:

https://decoder.link/sslchecker/www.yourwebsite.com/443

that's all

massimo


Il 23/07/2024 12:20, Massimo S. ha scritto:
> I use Paul's port of UACME, it can renew the www.yourwebsite.com (3rd=
 level) cert and both the 2nd level
> yourwebsite.com at the same time too.
>
>
> This is a simple reissue of just www.yourwebsite.. certificate.
> I run uacme in a separate tree, not under the apache tree, i don't su=
ggest
> you to run it under \apache tree.
> You need port 80 (HTTP) open on your webserver for this operation.
> You need to create all these paths you can see down here.
> You don't need Let's Encrypt chain certificates files, since uacme al=
ready by it's own
> create a certificate with the chain certificate inside of the .cert, =
so
> you have always the latest chain certificate from Let's Encrypt autom=
atically.
>
> I run the scripts scheduled once each 2 months (LE Certs only last 3 =
months),
> so in case of issues i still have 1 month to fix them.
> **don't forget** to add a Call SysSleep of about 10 seconds between a=
 reissue
> and another (if you runs tenths of renewals like me) or you can get p=
roblems,
> i mean renewal that fails.
> In your script after the renewal/s you can place the code to restart =
apache.
>
>
>
> renewal (issue) script:
>
> @attrib c:\mptn\etc\ssl\uacme\private\www.youwebsite.com\key.pem -R
> @copy c:\mptn\etc\ssl\uacme\private\www.youwebsite.com\key=5Fold.pem
> c:\mptn\etc\ssl\uacme\private\www.youwebsite.com\key=5Fold2.pem
> @copy c:\mptn\etc\ssl\uacme\private\www.youwebsite.com\key.pem
> c:\mptn\etc\ssl\uacme\private\www.youwebsite.com\key=5Fold.pem
> @del c:\mptn\etc\ssl\uacme\private\www.youwebsite.com\key.pem /N
> @attrib c:\mptn\etc\ssl\uacme\www.youwebsite.com\cert.pem -R
> @copy c:\mptn\etc\ssl\uacme\www.youwebsite.com\cert=5Fold.pem
> c:\mptn\etc\ssl\uacme\www.youwebsite.com\cert=5Fold2.pem
> @copy c:\mptn\etc\ssl\uacme\www.youwebsite.com\cert.pem c:\mptn\etc\s=
sl\uacme\www.youwebsite.com\cert=5Fold.pem
> @del c:\mptn\etc\ssl\uacme\www.youwebsite.com\cert.pem /N
> uacme issue www.youwebsite.com -h hook=5Fyourwebsite=5Fcom.cmd 2>>d:\=
services\uacme\re.log
>
>
>
> hook script:
>
> parse arg var1 var2 var3 var4 var5
> myfile =3D 'X:\apache\htdocs\yourwebsite\.well-known\acme-challenge\'=
||var4
> call SysFileDelete 'X:\apache\htdocs\yourwebsite\.well-known\acme-cha=
llenge\'||var4
> rc=3D LINEOUT(myfile,var5)
>
>
>
> i'm keeping 2 bkup of private keys + certs (you can see all those cop=
ies)
> hope it's all explained well
>
> massimo
>
>
> Il 22/07/2024 15:33, Dan Napier ha scritto:
>> Has anyone installed let=E2=80=99s Encrypt Certbot on OS2 .=C2=A0 Wh=
at did you use ?
>>
>> HTTPS is needed.=C2=A0 Or how are you installing the certs?
>>
>> Dan Napier, MS, CIH
>>
>> DNA Industrial Hygiene
>>
>> 2520 Artesia Boulevard
>>
>> Redondo Beach, CA 90278-3210
>>
>> 310-644-1924 X 103
>>
>> CSLB #773462
>>
>> DNA Industrial Hygiene 800-644-1924
>>
>
> =3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D=
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D
> This message is sent to you because you are subscribed to
> =C2=A0the mailing list <ecs-isp@2rosenthals.com>.
> To unsubscribe, E-mail to: <ecs-isp-off@2rosenthals.com>
> To switch to the DIGEST mode, E-mail to <ecs-isp-digest@2rosenthals.c=
om>
> To switch to the INDEX mode, E-mail to <ecs-isp-index@2rosenthals.com=
>
> Send administrative queries to=C2=A0 <ecs-isp-request@2rosenthals.com=
>
> To subscribe (new addresses), E-mail to: <ecs-isp-on@2rosenthals.com>=
 and reply to the confirmation email.
> Web archives are publicly available at: http://lists.2rosenthals.com
>
> This list is hosted by Rosenthal & Rosenthal, LLC
> P.O. Box 281, Deer Park, NY 11729-0281. Non-
> electronic communications related to content
> contained in these messages should be directed
> to the above address. (CAN-SPAM Act of 2003)
>
> =3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D=
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D
>

=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D=
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D
This message is sent to you because you are subscribed to
the mailing list <ecs-isp@2rosenthals.com>.
To unsubscribe, E-mail to: <ecs-isp-off@2rosenthals.com>
To switch to the DIGEST mode, E-mail to <ecs-isp-digest@2rosenthals.com=
>
To switch to the INDEX mode, E-mail to <ecs-isp-index@2rosenthals.com>
Send administrative queries to <ecs-isp-request@2rosenthals.com>
To subscribe (new addresses), E-mail to: <ecs-isp-on@2rosenthals.com> a=
nd reply to the confirmation email.
Web archives are publicly available at: http://lists.2rosenthals.com

This list is hosted by Rosenthal & Rosenthal, LLC
P.O. Box 281, Deer Park, NY 11729-0281. Non-
electronic communications related to content
contained in these messages should be directed
to the above address. (CAN-SPAM Act of 2003)

=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D=
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D
=C2=A0

--=C2=A0
Certified Industrial Hygienist
Certified Asbestos Consultant

Dan Napier, MS, CIH, CAC
92-0614 8/24/24
2520 Artesia Boulevard
Redondo Beach, CA 90278-3210
310-644-1924 x 103
CSLB 773462

------=_=-_OpenGroupware_org_NGMime-3535701-1723831185.444260-0------
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Content-Length: 8596

<html>Steven<br /><br />Here is as far as I get,&nbsp; I is asking for =
a TXT line in the dns server?<br />&nbsp;<pre>uacme.exe: challenge http=
s://acme-v02.api.letsencrypt.org/acme/chall-v3/38943333
6946/-1Wx1w failed with status invalid
uacme.exe: the server reported the following error:
{
    "type": "urn:ietf:params:acme:error:dns",
    "detail": "DNS problem: NXDOMAIN looking up TXT for =5Facme-challen=
ge.ns1.dnac
ih.com - check that a DNS record exists for this domain",
    "status": 400
}
uacme.exe: failed to authorize order at https://acme-v02.api.letsencryp=
t.org/acm
e/order/1887586636/295703974986
</pre><br /><br /><br /><br />On Tuesday, July 23, 2024 04:30 PDT, "Mas=
simo S." &lt;ecs-isp@2rosenthals.com&gt; wrote:<br />&nbsp;<blockquote =
type=3D"cite" cite=3D"list-10353078@2rosenthals.com">Now the apache htt=
pd.conf part:<br /><br /><br />this rewrite http requests to the https =
vhost:<br /><br />&lt;VirtualHost *:80&gt;<br />ServerAdmin webmaster@y=
ourwebsite.com<br />ServerName www.yourwebsite.com<br />ServerAlias you=
rwebsite.com<br />RewriteEngine on<br />RewriteCond %{HTTP=5FHOST} ^(ww=
w\.)?yourwebsite\.com [NC]<br />RewriteCond %{HTTPS} off<br />RewriteRu=
le ^/(.*)$ https://www.yourwebsite.com/$1 [R,L]<br />&lt;/VirtualHost&g=
t;<br /><br /><br />now the https vhost:<br /><br />&lt;VirtualHost *:4=
43&gt;<br />ServerAdmin webmaster@yourwebsite.com<br />DocumentRoot d:/=
apache/htdocs/yourwebsite<br />ServerName www.yourwebsite.com<br />Serv=
erAlias yourwebsite.com<br /><br />SSLEngine on<br />SSLCertificateFile=
 c:/mptn/etc/ssl/uacme/www.yourwebsite.com/cert.pem<br />SSLCertificate=
KeyFile c:/mptn/etc/ssl/uacme/private/www.yourwebsite.com/key.pem<br />=
<br />&lt;/VirtualHost&gt;<br /><br /><br />you don't need the chain ce=
rtificate since UACME create automatically a certificate with also the =
chain<br />certificate inside it<br /><br /><br />to verify your certif=
icate you can use this web tool:<br /><br />https://decoder.link/sslche=
cker/www.yourwebsite.com/443<br /><br />that's all<br /><br />massimo<b=
r /><br /><br />Il 23/07/2024 12:20, Massimo S. ha scritto:<br />&gt; I=
 use Paul's port of UACME, it can renew the www.yourwebsite.com (3rd le=
vel) cert and both the 2nd level<br />&gt; yourwebsite.com at the same =
time too.<br />&gt;<br />&gt;<br />&gt; This is a simple reissue of jus=
t www.yourwebsite.. certificate.<br />&gt; I run uacme in a separate tr=
ee, not under the apache tree, i don't suggest<br />&gt; you to run it =
under \apache tree.<br />&gt; You need port 80 (HTTP) open on your webs=
erver for this operation.<br />&gt; You need to create all these paths =
you can see down here.<br />&gt; You don't need Let's Encrypt chain cer=
tificates files, since uacme already by it's own<br />&gt; create a cer=
tificate with the chain certificate inside of the .cert, so<br />&gt; y=
ou have always the latest chain certificate from Let's Encrypt automati=
cally.<br />&gt;<br />&gt; I run the scripts scheduled once each 2 mont=
hs (LE Certs only last 3 months),<br />&gt; so in case of issues i stil=
l have 1 month to fix them.<br />&gt; **don't forget** to add a Call Sy=
sSleep of about 10 seconds between a reissue<br />&gt; and another (if =
you runs tenths of renewals like me) or you can get problems,<br />&gt;=
 i mean renewal that fails.<br />&gt; In your script after the renewal/=
s you can place the code to restart apache.<br />&gt;<br />&gt;<br />&g=
t;<br />&gt; renewal (issue) script:<br />&gt;<br />&gt; @attrib c:\mpt=
n\etc\ssl\uacme\private\www.youwebsite.com\key.pem -R<br />&gt; @copy c=
:\mptn\etc\ssl\uacme\private\www.youwebsite.com\key=5Fold.pem<br />&gt;=
 c:\mptn\etc\ssl\uacme\private\www.youwebsite.com\key=5Fold2.pem<br />&=
gt; @copy c:\mptn\etc\ssl\uacme\private\www.youwebsite.com\key.pem<br /=
>&gt; c:\mptn\etc\ssl\uacme\private\www.youwebsite.com\key=5Fold.pem<br=
 />&gt; @del c:\mptn\etc\ssl\uacme\private\www.youwebsite.com\key.pem /=
N<br />&gt; @attrib c:\mptn\etc\ssl\uacme\www.youwebsite.com\cert.pem -=
R<br />&gt; @copy c:\mptn\etc\ssl\uacme\www.youwebsite.com\cert=5Fold.p=
em<br />&gt; c:\mptn\etc\ssl\uacme\www.youwebsite.com\cert=5Fold2.pem<b=
r />&gt; @copy c:\mptn\etc\ssl\uacme\www.youwebsite.com\cert.pem c:\mpt=
n\etc\ssl\uacme\www.youwebsite.com\cert=5Fold.pem<br />&gt; @del c:\mpt=
n\etc\ssl\uacme\www.youwebsite.com\cert.pem /N<br />&gt; uacme issue ww=
w.youwebsite.com -h hook=5Fyourwebsite=5Fcom.cmd 2&gt;&gt;d:\services\u=
acme\re.log<br />&gt;<br />&gt;<br />&gt;<br />&gt; hook script:<br />&=
gt;<br />&gt; parse arg var1 var2 var3 var4 var5<br />&gt; myfile =3D '=
X:\apache\htdocs\yourwebsite\.well-known\acme-challenge\'||var4<br />&g=
t; call SysFileDelete 'X:\apache\htdocs\yourwebsite\.well-known\acme-ch=
allenge\'||var4<br />&gt; rc=3D LINEOUT(myfile,var5)<br />&gt;<br />&gt=
;<br />&gt;<br />&gt; i'm keeping 2 bkup of private keys + certs (you c=
an see all those copies)<br />&gt; hope it's all explained well<br />&g=
t;<br />&gt; massimo<br />&gt;<br />&gt;<br />&gt; Il 22/07/2024 15:33,=
 Dan Napier ha scritto:<br />&gt;&gt; Has anyone installed let=E2=80=99=
s Encrypt Certbot on OS2 .&nbsp; What did you use ?<br />&gt;&gt;<br />=
&gt;&gt; HTTPS is needed.&nbsp; Or how are you installing the certs?<br=
 />&gt;&gt;<br />&gt;&gt; Dan Napier, MS, CIH<br />&gt;&gt;<br />&gt;&g=
t; DNA Industrial Hygiene<br />&gt;&gt;<br />&gt;&gt; 2520 Artesia Boul=
evard<br />&gt;&gt;<br />&gt;&gt; Redondo Beach, CA 90278-3210<br />&gt=
;&gt;<br />&gt;&gt; 310-644-1924 X 103<br />&gt;&gt;<br />&gt;&gt; CSLB=
 #773462<br />&gt;&gt;<br />&gt;&gt; DNA Industrial Hygiene 800-644-192=
4<br />&gt;&gt;<br />&gt;<br />&gt; =3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D=
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D=
-=3D-=3D-=3D-=3D-=3D-=3D<br />&gt; This message is sent to you because =
you are subscribed to<br />&gt; &nbsp;the mailing list &lt;ecs-isp@2ros=
enthals.com&gt;.<br />&gt; To unsubscribe, E-mail to: &lt;ecs-isp-off@2=
rosenthals.com&gt;<br />&gt; To switch to the DIGEST mode, E-mail to &l=
t;ecs-isp-digest@2rosenthals.com&gt;<br />&gt; To switch to the INDEX m=
ode, E-mail to &lt;ecs-isp-index@2rosenthals.com&gt;<br />&gt; Send adm=
inistrative queries to&nbsp; &lt;ecs-isp-request@2rosenthals.com&gt;<br=
 />&gt; To subscribe (new addresses), E-mail to: &lt;ecs-isp-on@2rosent=
hals.com&gt; and reply to the confirmation email.<br />&gt; Web archive=
s are publicly available at: http://lists.2rosenthals.com<br />&gt;<br =
/>&gt; This list is hosted by Rosenthal &amp; Rosenthal, LLC<br />&gt; =
P.O. Box 281, Deer Park, NY 11729-0281. Non-<br />&gt; electronic commu=
nications related to content<br />&gt; contained in these messages shou=
ld be directed<br />&gt; to the above address. (CAN-SPAM Act of 2003)<b=
r />&gt;<br />&gt; =3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=
=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D=
-=3D-=3D<br />&gt;<br /><br />=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D=
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D=
-=3D-=3D-=3D-=3D<br />This message is sent to you because you are subsc=
ribed to<br />the mailing list &lt;ecs-isp@2rosenthals.com&gt;.<br />To=
 unsubscribe, E-mail to: &lt;ecs-isp-off@2rosenthals.com&gt;<br />To sw=
itch to the DIGEST mode, E-mail to &lt;ecs-isp-digest@2rosenthals.com&g=
t;<br />To switch to the INDEX mode, E-mail to &lt;ecs-isp-index@2rosen=
thals.com&gt;<br />Send administrative queries to &lt;ecs-isp-request@2=
rosenthals.com&gt;<br />To subscribe (new addresses), E-mail to: &lt;ec=
s-isp-on@2rosenthals.com&gt; and reply to the confirmation email.<br />=
Web archives are publicly available at: http://lists.2rosenthals.com<br=
 /><br />This list is hosted by Rosenthal &amp; Rosenthal, LLC<br />P.O=
. Box 281, Deer Park, NY 11729-0281. Non-<br />electronic communication=
s related to content<br />contained in these messages should be directe=
d<br />to the above address. (CAN-SPAM Act of 2003)<br /><br />=3D-=3D-=
=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D=
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D<br />&nbsp;</block=
quote><br /><br />--&nbsp;<br />Certified Industrial Hygienist<br />Cer=
tified Asbestos Consultant<br /><br />Dan Napier, MS, CIH, CAC<br />92-=
0614 8/24/24<br />2520 Artesia Boulevard<br />Redondo Beach, CA 90278-3=
210<br />310-644-1924 x 103<br />CSLB 773462</html>

------=_=-_OpenGroupware_org_NGMime-3535701-1723831185.444260-0--------

------=_=-_OpenGroupware_org_NGMime-3535701-1723831185.444501-1------
Content-Type: text/plain
Content-Disposition: attachment; filename="prob1.txt"
Content-Transfer-Encoding: quoted-printable
Content-Length: 504

uacme.exe: challenge https://acme-v02.api.letsencrypt.org/acme/chall-v3=
/38943333
6946/-1Wx1w failed with status invalid
uacme.exe: the server reported the following error:
{
    "type": "urn:ietf:params:acme:error:dns",
    "detail": "DNS problem: NXDOMAIN looking up TXT for =5Facme-challen=
ge.ns1.dnac
ih.com - check that a DNS record exists for this domain",
    "status": 400
}
uacme.exe: failed to authorize order at https://acme-v02.api.letsencryp=
t.org/acm
e/order/1887586636/295703974986



------=_=-_OpenGroupware_org_NGMime-3535701-1723831185.444501-1--------