From: "Paul Smedley" <ecs-isp@2rosenthals.com>
Received: from [192.168.100.201] (HELO mail.2rosenthals.com)
  by 2rosenthals.com (CommuniGate Pro SMTP 5.4.10)
  with ESMTP id 11070631 for ecs-isp@2rosenthals.com; Mon, 07 Oct 2024 15:21:49 -0400
Received: from secmgr-va.2rosenthals.com ([50.73.8.217]:43152 helo=mail2.2rosenthals.com)
	by mail.2rosenthals.com with esmtps  (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.97.1)
	(envelope-from <paul@smedley.id.au>)
	id 1sxtIh-000000007Lm-0gi6
	for ecs-isp@2rosenthals.com;
	Mon, 07 Oct 2024 15:21:47 -0400
Received: from rusty.tulip.relay.mailchannels.net ([23.83.218.252]:63927)
	by mail2.2rosenthals.com with esmtps  (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.97.1)
	(envelope-from <paul@smedley.id.au>)
	id 1sxtIe-000000001nY-1Qcw
	for ecs-isp@2rosenthals.com;
	Mon, 07 Oct 2024 15:21:44 -0400
X-Sender-Id: perthwebhosting|x-authuser|paul@smedley.id.au
Received: from relay.mailchannels.net (localhost [127.0.0.1])
	by relay.mailchannels.net (Postfix) with ESMTP id 89CCB8A5148
	for <ecs-isp@2rosenthals.com>; Mon,  7 Oct 2024 19:21:43 +0000 (UTC)
Received: from colossiansvm.perthwebhosting.net.au (100-101-177-1.trex-nlb.outbound.svc.cluster.local [100.101.177.1])
	(Authenticated sender: perthwebhosting)
	by relay.mailchannels.net (Postfix) with ESMTPA id 03B498A366F
	for <ecs-isp@2rosenthals.com>; Mon,  7 Oct 2024 19:21:41 +0000 (UTC)
ARC-Seal: i=1; s=arc-2022; d=mailchannels.net; t=1728328902; a=rsa-sha256;
	cv=none;
	b=JomEI5WhIzGskuAzYSKiplSNPSY5q71Df1K//oW8p8EwSpW11ugTg5jGlOScIfbkmTgmFq
	xAwOVHqS59PtcogZ5EqYKBs9pgre5RAcv8mGFa1ICe/RpFOhOStV2D56Y7We3IT2ykn5hW
	5AuUIZ+AhSN43w0WIIM98cXTU9fmF+01jhzIByqr7mTqu1xqVmOR/1v4vSrbVauNyN91Q4
	BU9b2f3TzLmz5rmTQjJ8MESb24CHRkZhlKyR5wF/MPmGnAGMFEMnukveb0R7fNRh810pso
	eurUKpPsYzEmFCtPA89WGYUPRCoKsQKpScdEIxGl8UYFKWZET5YSC+E3/9iybA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed;
 d=mailchannels.net;
	s=arc-2022; t=1728328902;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=r+KWzBoIjbugTpZYh09i/4r2Bb1cxPO1BmUUfKWghxg=;
	b=MdZM8T2AjpfUY7oOWvmY7KgY9scWSM9JZLQvPJrD49pZHlKgcKoaZBaaszn9e7IyApaOfO
	JQ25jjIOLpAPL3P7ZpnhKBdFZS8qjCBbKfHefZIN3BD2MkmCQlhOyGbA4uQi1BO2N6CyE5
	V1rawKTlo+Jn4NhT4FiDnaADvPBN4b9jqvIO6dcP6gd4CQLTX9wxchofVTmON3v/F8cB5U
	Zqq/b7l3PN7UnU8mQlQKC9CPRbKwedNudFr6r9ARwJiRFsOST6Ju+Z1d2brkX2sNrzdw5J
	5jMVYM00V3lv8HdEB69JlCPirSW6pCAyLo/2Jn/ijj6g1LaPt4dnce4ZH8pOzQ==
ARC-Authentication-Results: i=1;
	rspamd-54f99b5bc4-fddtb;
	auth=pass smtp.auth=perthwebhosting smtp.mailfrom=paul@smedley.id.au
X-Sender-Id: perthwebhosting|x-authuser|paul@smedley.id.au
X-MC-Relay: Neutral
X-MailChannels-SenderId: perthwebhosting|x-authuser|paul@smedley.id.au
X-MailChannels-Auth-Id: perthwebhosting
X-Vacuous-Illegal: 2dd1093a31eb14a8_1728328903083_1958537608
X-MC-Loop-Signature: 1728328903083:3529265438
X-MC-Ingress-Time: 1728328903083
Received: from colossiansvm.perthwebhosting.net.au
 (colossiansvm.perthwebhosting.net.au [103.13.84.198])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384)
	by 100.101.177.1 (trex/7.0.2);
	Mon, 07 Oct 2024 19:21:43 +0000
Received: from 45.249.116.192.sa.leaptel.network ([45.249.116.192]:24229 helo=[127.0.0.1])
	by colossiansvm.perthwebhosting.net.au with esmtpsa  (TLS1.3) tls TLS_AES_128_GCM_SHA256
	(Exim 4.97.1)
	(envelope-from <paul@smedley.id.au>)
	id 1sxtIZ-0000000Dffo-0FOq
	for ecs-isp@2rosenthals.com;
	Tue, 08 Oct 2024 03:21:37 +0800
Date: Tue, 08 Oct 2024 05:51:37 +1030
To: eCS ISP Mailing List <ecs-isp@2rosenthals.com>
Subject: Re: [eCS-ISP] HTTPS-Misery
User-Agent: K-9 Mail for Android
In-Reply-To: <list-11070243@2rosenthals.com>
References: <list-10591961@2rosenthals.com> <list-11070025@2rosenthals.com> <list-11070243@2rosenthals.com>
Message-ID: <52302242-5D55-4476-BEFF-7D36B34009A9@smedley.id.au>
MIME-Version: 1.0
Content-Type: multipart/alternative;
 boundary=----X6H35VWCI03H95VWQSGVLGY4DZHE2Z
Content-Transfer-Encoding: 7bit
X-AuthUser: paul@smedley.id.au

------X6H35VWCI03H95VWQSGVLGY4DZHE2Z
Content-Type: text/plain;
 charset=utf-8
Content-Transfer-Encoding: quoted-printable

Is there any reason we can't just use uacme=2Esh ? We have multiple shells =
built for os/2=2E

On 8 October 2024 12:40:15=E2=80=AFam ACDT, "Massimo S=2E" <ecs-isp@2rosen=
thals=2Ecom> wrote:
>the point is this:
>
>"Yes, as I said, somewhere in the recent past Let's Encrypt randomises th=
e order of the challenges in the autz=2E So you've got =E2=85=93 chance of =
getting http-01 as the first one=2E
>
>Your script needs to check which challenge is being processed by it and o=
nly respond if it's the http-01 challenge, just like how the sh script does=
 it=2E I know you can't use it directly, but you should use the sh script a=
s an example how the workflow needs to be=2E"
>
>so we need a script that understand if LE is serving an HTTP-01 challenge=
 or not
>if not just exit and retry
>
>but i've asked also to Nicola Dilieto a solution for this issue=2E
>
>https://github=2Ecom/ndilieto/uacme/issues/88
>
>or with have to make as script (eg=2E rexx) that do something like this
>
>https://github=2Ecom/ndilieto/uacme/blob/master/uacme=2Esh
>
>
>massimo
>
>
>Il 07/10/2024 11:53, Massimo S=2E ha scritto:
>> Hi Dan,
>>=20
>> i'm facing a strange issue these days with LE=2E
>>=20
>> If you are interested follow this topic:
>>=20
>> https://community=2Eletsencrypt=2Eorg/t/renew-of-certificates-fails-ran=
domly-in-the-last-month/227025
>>=20
>> massimo
>>=20
>> Il 12/08/2024 21:54, Dan Napier, MS, CIH, CAC ha scritto:
>>> Here is where I am now?
>>>=20
>>> uacme=2Eexe: challenge https://acme-v02=2Eapi=2Eletsencrypt=2Eorg/acme=
/chall-v3/38943333
>>> 6946/-1Wx1w failed with status invalid
>>> uacme=2Eexe: the server reported the following error:
>>> {
>>> =C2=A0=C2=A0=C2=A0=C2=A0 "type": "urn:ietf:params:acme:error:dns",
>>> =C2=A0=C2=A0=C2=A0=C2=A0 "detail": "DNS problem: NXDOMAIN looking up T=
XT for _acme-challenge=2Ens1=2Ednac
>>> ih=2Ecom - check that a DNS record exists for this domain",
>>> =C2=A0=C2=A0=C2=A0=C2=A0 "status": 400
>>> }
>>> uacme=2Eexe: failed to authorize order at https://acme-v02=2Eapi=2Elet=
sencrypt=2Eorg/acm
>>> e/order/1887586636/295703974986
>>>=20
>>> Any Idea what the DNS txt line should look like?
>>> In the correct place of course--Context is everything ain't it!
>>>=20
>>> _acme-challenge=C2=A0=C2=A0=C2=A0=C2=A0 TXT =3D "WTF goe Here?"
>>>=20
>>> Looking as some of the discussion changes bi monthly?
>>>=20
>>>=20
>>> --=20
>>> Certified Industrial Hygienist
>>> Certified Asbestos Consultant
>>>=20
>>> Dan Napier, MS, CIH, CAC
>>> 92-0614 8/24/24
>>> 2520 Artesia Boulevard
>>> Redondo Beach, CA 90278-3210
>>> 310-644-1924 x 103
>>> CSLB 773462
>>>=20
>>> =3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=
=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D
>>> This message is sent to you because you are subscribed to
>>> =C2=A0=C2=A0 the mailing list <ecs-isp@2rosenthals=2Ecom>=2E
>>> To unsubscribe, E-mail to: <ecs-isp-off@2rosenthals=2Ecom>
>>> To switch to the DIGEST mode, E-mail to <ecs-isp-digest@2rosenthals=2E=
com>
>>> To switch to the INDEX mode, E-mail to <ecs-isp-index@2rosenthals=2Eco=
m>
>>> Send administrative queries to=C2=A0 <ecs-isp-request@2rosenthals=2Eco=
m>
>>> To subscribe (new addresses), E-mail to: <ecs-isp-on@2rosenthals=2Ecom=
> and reply to the confirmation email=2E
>>> Web archives are publicly available at: http://lists=2E2rosenthals=2Ec=
om
>>>=20
>>> This list is hosted by Rosenthal & Rosenthal, LLC
>>> P=2EO=2E Box 281, Deer Park, NY 11729-0281=2E Non-
>>> electronic communications related to content
>>> contained in these messages should be directed
>>> to the above address=2E (CAN-SPAM Act of 2003)
>>>=20
>>> =3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=
=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D
>>>=20
>>=20
>> =3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D=
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D
>> This message is sent to you because you are subscribed to
>>  =C2=A0the mailing list <ecs-isp@2rosenthals=2Ecom>=2E
>> To unsubscribe, E-mail to: <ecs-isp-off@2rosenthals=2Ecom>
>> To switch to the DIGEST mode, E-mail to <ecs-isp-digest@2rosenthals=2Ec=
om>
>> To switch to the INDEX mode, E-mail to <ecs-isp-index@2rosenthals=2Ecom=
>
>> Send administrative queries to=C2=A0 <ecs-isp-request@2rosenthals=2Ecom=
>
>> To subscribe (new addresses), E-mail to: <ecs-isp-on@2rosenthals=2Ecom>=
 and reply to the confirmation email=2E
>> Web archives are publicly available at: http://lists=2E2rosenthals=2Eco=
m
>>=20
>> This list is hosted by Rosenthal & Rosenthal, LLC
>> P=2EO=2E Box 281, Deer Park, NY 11729-0281=2E Non-
>> electronic communications related to content
>> contained in these messages should be directed
>> to the above address=2E (CAN-SPAM Act of 2003)
>>=20
>> =3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D=
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D
>>=20
>
>=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=
=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D
>This message is sent to you because you are subscribed to
> the mailing list <ecs-isp@2rosenthals=2Ecom>=2E
>To unsubscribe, E-mail to: <ecs-isp-off@2rosenthals=2Ecom>
>To switch to the DIGEST mode, E-mail to <ecs-isp-digest@2rosenthals=2Ecom=
>
>To switch to the INDEX mode, E-mail to <ecs-isp-index@2rosenthals=2Ecom>
>Send administrative queries to  <ecs-isp-request@2rosenthals=2Ecom>
>To subscribe (new addresses), E-mail to: <ecs-isp-on@2rosenthals=2Ecom> a=
nd reply to the confirmation email=2E
>Web archives are publicly available at: http://lists=2E2rosenthals=2Ecom
>
>This list is hosted by Rosenthal & Rosenthal, LLC
>P=2EO=2E Box 281, Deer Park, NY 11729-0281=2E Non-
>electronic communications related to content
>contained in these messages should be directed
>to the above address=2E (CAN-SPAM Act of 2003)
>
>=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=
=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D
>

------X6H35VWCI03H95VWQSGVLGY4DZHE2Z
Content-Type: text/html;
 charset=utf-8
Content-Transfer-Encoding: quoted-printable

<html><head></head><body><div dir=3D"auto">Is there any reason we can't jus=
t use uacme=2Esh ? We have multiple shells built for os/2=2E</div><br><br><=
div class=3D"gmail_quote"><div dir=3D"auto">On 8 October 2024 12:40:15=E2=
=80=AFam ACDT, "Massimo S=2E" &lt;ecs-isp@2rosenthals=2Ecom&gt; wrote:</div=
><blockquote class=3D"gmail_quote" style=3D"margin: 0pt 0pt 0pt 0=2E8ex; bo=
rder-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
<pre class=3D"k9mail"><div dir=3D"auto">the point is this:<br><br>"Yes, as=
 I said, somewhere in the recent past Let's Encrypt randomises the order of=
 the challenges in the autz=2E So you've got =E2=85=93 chance of getting ht=
tp-01 as the first one=2E<br><br>Your script needs to check which challenge=
 is being processed by it and only respond if it's the http-01 challenge, j=
ust like how the sh script does it=2E I know you can't use it directly, but=
 you should use the sh script as an example how the workflow needs to be=2E=
"<br><br>so we need a script that understand if LE is serving an HTTP-01 ch=
allenge or not<br>if not just exit and retry<br><br>but i've asked also to =
Nicola Dilieto a solution for this issue=2E<br><br><a href=3D"https://githu=
b=2Ecom/ndilieto/uacme/issues/88">https://github=2Ecom/ndilieto/uacme/issue=
s/88</a><br><br>or with have to make as script (eg=2E rexx) that do somethi=
ng like this<br><br><a href=3D"https://github=2Ecom/ndilieto/uacme/blob/mas=
ter/uacme=2Esh">https://github=2Ecom/ndilieto/uacme/blob/master/uacme=2Esh<=
/a><br><br><br>massimo<br><br><br>Il 07/10/2024 11:53, Massimo S=2E ha scri=
tto:<br></div><blockquote class=3D"gmail_quote" style=3D"margin: 0pt 0pt 1e=
x 0=2E8ex; border-left: 1px solid #729fcf; padding-left: 1ex;"><div dir=3D"=
auto">Hi Dan,<br><br>i'm facing a strange issue these days with LE=2E<br><b=
r>If you are interested follow this topic:<br><br><a href=3D"https://commun=
ity=2Eletsencrypt=2Eorg/t/renew-of-certificates-fails-randomly-in-the-last-=
month/227025">https://community=2Eletsencrypt=2Eorg/t/renew-of-certificates=
-fails-randomly-in-the-last-month/227025</a><br><br>massimo<br><br>Il 12/08=
/2024 21:54, Dan Napier, MS, CIH, CAC ha scritto:<br></div><blockquote clas=
s=3D"gmail_quote" style=3D"margin: 0pt 0pt 1ex 0=2E8ex; border-left: 1px so=
lid #ad7fa8; padding-left: 1ex;"><div dir=3D"auto">Here is where I am now?<=
br><br>uacme=2Eexe: challenge <a href=3D"https://acme-v02=2Eapi=2Eletsencry=
pt=2Eorg/acme/chall-v3/38943333">https://acme-v02=2Eapi=2Eletsencrypt=2Eorg=
/acme/chall-v3/38943333</a><br>6946/-1Wx1w failed with status invalid<br>ua=
cme=2Eexe: the server reported the following error:<br>{<br>&nbsp;&nbsp;&nb=
sp;&nbsp; "type": "urn:ietf:params:acme:error:dns",<br>&nbsp;&nbsp;&nbsp;&n=
bsp; "detail": "DNS problem: NXDOMAIN looking up TXT for _acme-challenge=2E=
ns1=2Ednac<br>ih=2Ecom - check that a DNS record exists for this domain",<b=
r>&nbsp;&nbsp;&nbsp;&nbsp; "status": 400<br>}<br>uacme=2Eexe: failed to aut=
horize order at <a href=3D"https://acme-v02=2Eapi=2Eletsencrypt=2Eorg/acm">=
https://acme-v02=2Eapi=2Eletsencrypt=2Eorg/acm</a><br>e/order/1887586636/29=
5703974986<br><br>Any Idea what the DNS txt line should look like?<br>In th=
e correct place of course--Context is everything ain't it!<br><br>_acme-cha=
llenge&nbsp;&nbsp;&nbsp;&nbsp; TXT =3D "WTF goe Here?"<br><br>Looking as so=
me of the discussion changes bi monthly?<br><br><br><div class=3D"k9mail-si=
gnature">-- <br>Certified Industrial Hygienist<br>Certified Asbestos Consul=
tant<br><br>Dan Napier, MS, CIH, CAC<br>92-0614 8/24/24<br>2520 Artesia Bou=
levard<br>Redondo Beach, CA 90278-3210<br>310-644-1924 x 103<br>CSLB 773462=
<hr>This message is sent to you because you are subscribed to<br>&nbsp;&nbs=
p; the mailing list &lt;ecs-isp@2rosenthals=2Ecom&gt;=2E<br>To unsubscribe,=
 E-mail to: &lt;ecs-isp-off@2rosenthals=2Ecom&gt;<br>To switch to the DIGES=
T mode, E-mail to &lt;ecs-isp-digest@2rosenthals=2Ecom&gt;<br>To switch to =
the INDEX mode, E-mail to &lt;ecs-isp-index@2rosenthals=2Ecom&gt;<br>Send a=
dministrative queries to&nbsp; &lt;ecs-isp-request@2rosenthals=2Ecom&gt;<br=
>To subscribe (new addresses), E-mail to: &lt;ecs-isp-on@2rosenthals=2Ecom&=
gt; and reply to the confirmation email=2E<br>Web archives are publicly ava=
ilable at: <a href=3D"http://lists=2E2rosenthals=2Ecom">http://lists=2E2ros=
enthals=2Ecom</a><br><br>This list is hosted by Rosenthal &amp; Rosenthal, =
LLC<br>P=2EO=2E Box 281, Deer Park, NY 11729-0281=2E Non-<br>electronic com=
munications related to content<br>contained in these messages should be dir=
ected<br>to the above address=2E (CAN-SPAM Act of 2003)<hr></div></div></bl=
ockquote><div dir=3D"auto"><hr>This message is sent to you because you are =
subscribed to<br> &nbsp;the mailing list &lt;ecs-isp@2rosenthals=2Ecom&gt;=
=2E<br>To unsubscribe, E-mail to: &lt;ecs-isp-off@2rosenthals=2Ecom&gt;<br>=
To switch to the DIGEST mode, E-mail to &lt;ecs-isp-digest@2rosenthals=2Eco=
m&gt;<br>To switch to the INDEX mode, E-mail to &lt;ecs-isp-index@2rosentha=
ls=2Ecom&gt;<br>Send administrative queries to&nbsp; &lt;ecs-isp-request@2r=
osenthals=2Ecom&gt;<br>To subscribe (new addresses), E-mail to: &lt;ecs-isp=
-on@2rosenthals=2Ecom&gt; and reply to the confirmation email=2E<br>Web arc=
hives are publicly available at: <a href=3D"http://lists=2E2rosenthals=2Eco=
m">http://lists=2E2rosenthals=2Ecom</a><br><br>This list is hosted by Rosen=
thal &amp; Rosenthal, LLC<br>P=2EO=2E Box 281, Deer Park, NY 11729-0281=2E =
Non-<br>electronic communications related to content<br>contained in these =
messages should be directed<br>to the above address=2E (CAN-SPAM Act of 200=
3)<hr></div></blockquote><div dir=3D"auto"><hr>This message is sent to you =
because you are subscribed to<br> the mailing list &lt;ecs-isp@2rosenthals=
=2Ecom&gt;=2E<br>To unsubscribe, E-mail to: &lt;ecs-isp-off@2rosenthals=2Ec=
om&gt;<br>To switch to the DIGEST mode, E-mail to &lt;ecs-isp-digest@2rosen=
thals=2Ecom&gt;<br>To switch to the INDEX mode, E-mail to &lt;ecs-isp-index=
@2rosenthals=2Ecom&gt;<br>Send administrative queries to  &lt;ecs-isp-reque=
st@2rosenthals=2Ecom&gt;<br>To subscribe (new addresses), E-mail to: &lt;ec=
s-isp-on@2rosenthals=2Ecom&gt; and reply to the confirmation email=2E<br>We=
b archives are publicly available at: <a href=3D"http://lists=2E2rosenthals=
=2Ecom">http://lists=2E2rosenthals=2Ecom</a><br><br>This list is hosted by =
Rosenthal &amp; Rosenthal, LLC<br>P=2EO=2E Box 281, Deer Park, NY 11729-028=
1=2E Non-<br>electronic communications related to content<br>contained in t=
hese messages should be directed<br>to the above address=2E (CAN-SPAM Act o=
f 2003)<hr></div></pre></blockquote></div></body></html>
------X6H35VWCI03H95VWQSGVLGY4DZHE2Z--