From: "Massimo S." <ecs-isp@2rosenthals.com>
Reply-To: ml@ecomstation.it
Subject: Re: [eCS-ISP] HTTPS-Misery (for Steven)
To: eCS ISP Mailing List <ecs-isp@2rosenthals.com>
References: <list-11070656@2rosenthals.com> <list-11072207@2rosenthals.com>
 <list-11072204@2rosenthals.com>
Organization: Massimo S.
Message-ID: <7e46978b-877b-ceac-eace-556c6f4d27b0@ecomstation.it>
Date: Fri, 11 Oct 2024 10:36:59 +0200
User-Agent: Mozilla/5.0 (OS/2; U; Warp 4.5; it-IT; rv:1.7.13) Gecko/20060424
 Thunderbird/1.0.8 Mnenhy/0.7.4.0
MIME-Version: 1.0
In-Reply-To: <list-11072204@2rosenthals.com>
Content-Type: text/plain; charset=iso-8859-15; format=flowed
Content-Language: it-IT
Content-Transfer-Encoding: 8bit

Hi Steven,

i hope to have permissions to modify the script to adapt to my environment/paths

i've removed this part of the code:



   /* Find docs directory for server */
   docsdir = left(directory(), 1) || ':\www\docs\'
   if gTesting then
     docsdir = left(directory(), 1) || ':\Internet\apache24-data\htdocs'

   if \ IsDir(docsdir) then
     call Die 'Cannot access' docsdir 'directory'

   /* Map domain to VirtualHost docroot directory */
   ndx = lastpos('.', gIdent)
   if ndx = 0 then do
     domain = gIdent
     suffix = ''
   end
   else do
     suffix = substr(gIdent, ndx + 1)	/* Without dot */
     domain = left(gIdent, ndx - 1)
     ndx = lastpos('.', domain)
     if ndx > 0 then
       domain = substr(domain, ndx + 1)
   end

   docroot = MakePath( docsdir, domain)
   if \ IsDir(docroot) then
     docroot = MakePath( docsdir, domain || suffix)	/* cih.bz -> cihbz */




and added just

   docroot = 'X:\apache\htdocs\mywebsite\.well-known\acme-challenge'


of course like before i have to create an hook script for each domain,
but this is not a problem

now the scripts works well also here

i've another question

in the \acme-challenge dir with my script i was used to find
a lot of token files

eg. zGaQTb6CdwEeuLNOm4-DK8zBxCSlql-oCxXl2V3t9Q0

now the dir remains empty
i already reissued 2 times a certificate with success
but i still find the \acme-challenge dir empy
and i didn't find in the code something that
clear the token file

is this ok?


i also added a say gType
before

   if gType \== 'http-01' then

at line 114
but i don't find any output to the screen


thanks

massimo



Il 09/10/2024 10:28, Massimo S. ha scritto:
> i'm reading the code it expect that virtual hosts directories
> to have a specific name/path
> 
> but here it's not the same, they have different path names
> some is abbreviated etc.
> 
> so i can't use this script
> it requires too many modification to all my environment
> i've too much stuff (scripts, bkups, etc. that expect these paths)
> 
> i've not the sufficient skill to fully modify your script
> i'm sorry
> even to understand it completely it could take months
> 
> i'm asking you an help
> 
> it should be possible only to add the "check http-01 method"
> to this simpler (or naive :-) script?
> 
> so that i can keep on using all my infrastructure scripts and paths
> 
> maybe it should look like this:
> 
> 
> /* comando di hook per client uacme */
> 
> parse arg var1 var2 var3 var4 var5
> 
> if var2 \== 'http-01' then call "issues"
> 
> myfile = 'X:\apache\htdocs\mywebsite\.well-known\acme-challenge\'||var4
> call SysFileDelete 'X:\apache\htdocs\mywebsite\.well-known\acme-challenge\'||var4
> rc= LINEOUT(myfile,var5)
> 
> issues:
> 
> "send a notify"
> "and try again"
> exit
> 
> return
> 
> i've some tents of domains, but it's not a problem to create a new hook script
> for a new domain, since normally there is only a new website per year
> 
> thanks
> 
> massimo
> 
> Il 09/10/2024 09:43, Massimo S. ha scritto:
>> Hi Steven,
>>
>> is there a place to download the script?
>> or could you send a zip?
>>
>> thanks
>>
>> massimo
>>
>>
>> Il 07/10/2024 21:58, Steven Levine ha scritto:
>>> In <list-11070551@2rosenthals.com>, on 10/07/24
>>>     at 08:22 PM, "Massimo S." <ecs-isp@2rosenthals.com> said:
>>>
>>>> i'm trying to catch that challenge value to verify when they accept
>>>> HTTP-01 to improve the script
>>>
>>> I have appended a copy of the uacme-hook.cmd that Dan and I use.
>>>
>>> The interesting code is above the
>>>
>>>    /*==============================================================================*/
>>>    /*=== SkelRexxFunc standards - Delete unused - Move modified above this
>>> mark ===*/
>>>    /*==============================================================================*/
>>>
>>> separator.  Everything below is boilerplate code that is maintained by my
>>> tools.
>>>
>>> You may notice that the script is almost 100% generic.  Since our mapping
>>> of domain names to document roots is consistent, I saw no need to parse
>>> the httpd conf files or read the mappings from an external file.
>>>
>>> The relevant mapping code follows the
>>>
>>>    /* Map domain to VirtualHost docroot directory */
>>>
>>> comment.
>>>
>>> To handle possible uacme.exe failures, we back up the certificates before
>>> the uacme.exe runs and configure httpd to use the certificates as created
>>> by uacme.
>>>
>>> Steven
>>>
> 
> =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
> This message is sent to you because you are subscribed to
>   the mailing list <ecs-isp@2rosenthals.com>.
> To unsubscribe, E-mail to: <ecs-isp-off@2rosenthals.com>
> To switch to the DIGEST mode, E-mail to <ecs-isp-digest@2rosenthals.com>
> To switch to the INDEX mode, E-mail to <ecs-isp-index@2rosenthals.com>
> Send administrative queries to  <ecs-isp-request@2rosenthals.com>
> To subscribe (new addresses), E-mail to: <ecs-isp-on@2rosenthals.com> and reply to the confirmation email.
> Web archives are publicly available at: http://lists.2rosenthals.com
> 
> This list is hosted by Rosenthal & Rosenthal, LLC
> P.O. Box 281, Deer Park, NY 11729-0281. Non-
> electronic communications related to content
> contained in these messages should be directed
> to the above address. (CAN-SPAM Act of 2003)
> 
> =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
>