From: "Steven Levine" Received: from [192.168.100.201] (HELO mail.2rosenthals.com) by 2rosenthals.com (CommuniGate Pro SMTP 5.4.10) with ESMTP id 11070761 for ecs-isp@2rosenthals.com; Mon, 07 Oct 2024 16:37:30 -0400 Received: from secmgr-va.2rosenthals.com ([50.73.8.217]:43600 helo=mail2.2rosenthals.com) by mail.2rosenthals.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.97.1) (envelope-from ) id 1sxuTo-000000001MS-1RwY for ecs-isp@2rosenthals.com; Mon, 07 Oct 2024 16:37:20 -0400 Received: from mta-101a.earthlink-vadesecure.net ([51.81.61.60]:46107) by mail2.2rosenthals.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.97.1) (envelope-from ) id 1sxuTh-0000000030W-1i3h for ecs-isp@2rosenthals.com; Mon, 07 Oct 2024 16:37:13 -0400 DKIM-Signature: v=1; a=rsa-sha256; bh=S7sfAzOR3N9nLs105q6gS3mwE4IPxFg8FOSh2e NymmE=; c=relaxed/relaxed; d=earthlink.net; h=from:reply-to:subject: date:to:cc:resent-date:resent-from:resent-to:resent-cc:in-reply-to: references:list-id:list-help:list-unsubscribe:list-unsubscribe-post: list-subscribe:list-post:list-owner:list-archive; q=dns/txt; s=dk12062016; t=1728333433; x=1728938233; b=G6bSWCuHTVV3Snkt4eeUJb8+9H4 T4vaf/MmWlyKw4sxKXy4iLk8oX6U7XkYQ8gA7kmxllrQgC797Tf5pE2HXQ2ajQU+eVpEk4W aZikJP1z1ftxt9KTu1Db+KffGynkiMKx5pWDn63xZdItQHrxVFt7Jrnc9LIVPvUKX+En4d2 /Jq50WMLZNFEWZ6SvwHNqYByfUcOfDgjq1FyHjVRqMgq0iJhgfeugKKt8ztQKwzsTZoKWbl hbsQ+ZS47BEeWoze3RYaJvgPhbEZdgrjUh4M7XGcJ5fPPiA2pq37WMBUwAg7zPcyTHWJz3V Faehb9YjJ3rZnO8NokQgPo1lhnEAweA== Received: from slamain ([172.58.119.108]) by vsel1nmtao01p.internal.vadesecure.com with ngmta id f1672157-17fc46199c258a73; Mon, 07 Oct 2024 20:37:13 +0000 Message-ID: <67044ff8.28.mr2ice.fgrirsq@earthlink.net> Date: Mon, 07 Oct 2024 13:17:44 -0800 To: "eCS ISP Mailing List" In-Reply-To: Subject: Re: [eCS-ISP] HTTPS-Misery X-Mailer: MR/2 Internet Cruiser Edition for OS/2 v3.00.11.24/60 In , on 10/07/24 at 09:58 PM, "Massimo S." said: Hi Massimo, >i've seen the script, it's quite complicated Complicated is in the mind of the beholder. I find your method overly complicated because every change requires a change to each per domain script. I write generic, self-adapting code when possible. In this case one script that handles all the domains. If the script requires changes, the change will apply to all domains handled by the script. >please could you post a call? >a script that calls for a renewal of a certificate >an example Did you ignore the example at line 5 of the script? Typical usage is uacme -v -h uacme-hook.cmd issue example.com Certificate backups are handled by another (IMO generic) solution. cd \etc\ssl\uacme rsync_to_bkup -i ts which creates a timestamped \etc\ssl\uacme-yyyy-mm-dd-hh-mm-ss directory and does an rsync of the content of \etc\ssl\uacme. There's a minor downside to this method. Every 6 months or so, we need to run a script to prune the stale backup directories. The upside is if a problem is not discovered for several months, there's a good chance that copies of the archived files are there if needed. Steven -- ---------------------------------------------------------------------- "Steven Levine" Warp/DIY/BlueLion etc. www.scoug.com www.arcanoae.com www.warpcave.com ----------------------------------------------------------------------