From: "Massimo S." Received: from [192.168.100.201] (HELO mail.2rosenthals.com) by 2rosenthals.com (CommuniGate Pro SMTP 5.4.10) with ESMTP id 11140336 for ecs-isp@2rosenthals.com; Thu, 24 Oct 2024 12:47:29 -0400 Received: from secmgr-va.2rosenthals.com ([50.73.8.217]:38221 helo=mail2.2rosenthals.com) by mail.2rosenthals.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.97.1) (envelope-from ) id 1t40zY-000000000J5-23uE for ecs-isp@2rosenthals.com; Thu, 24 Oct 2024 12:47:21 -0400 Received: from mail2.quasarbbs.net ([80.86.52.115]:10070) by mail2.2rosenthals.com with esmtp (Exim 4.97.1) (envelope-from ) id 1t40zO-000000004mQ-1eqb for ecs-isp@2rosenthals.com; Thu, 24 Oct 2024 12:47:11 -0400 X-SASI-Hits: BODY_SIZE_4000_4999 0.000000, BODY_SIZE_5000_LESS 0.000000, BODY_SIZE_7000_LESS 0.000000, CTE_7BIT 0.000000, HTML_00_01 0.050000, HTML_00_10 0.050000, IN_REP_TO 0.000000, LEGITIMATE_SIGNS 0.000000, MSGID_SAMEAS_FROM_HEX_844412 0.100000, MSG_THREAD 0.000000, REFERENCES 0.000000, REPLYTO_SAMEAS_FROM 0.000000, SENDER_NO_AUTH 0.000000, SUSP_DH_NEG 0.000000, TO_IN_SUBJECT 0.500000, USER_AGENT 0.000000, __ANY_URI 0.000000, __BODY_NO_MAILTO 0.000000, __BODY_VOICEMAIL 0.000000, __BOUNCE_CHALLENGE_SUBJ 0.000000, __BOUNCE_NDR_SUBJ_EXEMPT 0.000000, __CP_URI_IN_BODY 0.000000, __CT 0.000000, __CTE 0.000000, __CT_TEXT_PLAIN 0.000000, __DQ_NEG_DOMAIN 0.000000, __DQ_NEG_HEUR 0.000000, __DQ_NEG_IP 0.000000, __FORWARDED_MSG 0.000000, __FROM_DOMAIN_NOT_IN_BODY 0.000000, __FROM_NAME_NOT_IN_ADDR 0.000000, __FROM_NAME_NOT_IN_BODY 0.000000, __FUR_HEADER 0.000000, __HAS_FROM 0.000000, __HAS_MSGID 0.000000, __HAS_REFERENCES 0.000000, __HAS_REPLYTO 0.000000, __HEADER_ORDER_FROM 0.000000, __HTTPS_URI 0.000000, __INVOICE_MULTILINGUAL 0.000000, __IN_REP_TO 0.000000, __MAIL_CHAIN 0.000000, __MIME_BOUND_CHARSET 0.000000, __MIME_TEXT_ONLY 0.000000, __MIME_TEXT_P 0.000000, __MIME_TEXT_P1 0.000000, __MIME_VERSION 0.000000, __MOZILLA_USER_AGENT 0.000000, __MSGID_HEX_844412 0.000000, __MULTIPLE_URI_TEXT 0.000000, __NO_HTML_TAG_RAW 0.000000, __PHISH_SPEAR_SUBJ_ALERT 0.000000, __REFERENCES 0.000000, __REPLYTO_SAMEAS_FROM_ACC 0.000000, __REPLYTO_SAMEAS_FROM_ADDY 0.000000, __REPLYTO_SAMEAS_FROM_DOMAIN 0.000000, __SANE_MSGID 0.000000, __SCAN_D_NEG 0.000000, __SCAN_D_NEG2 0.000000, __SCAN_D_NEG_HEUR 0.000000, __SCAN_D_NEG_HEUR2 0.000000, __SUBJ_ALPHA_END 0.000000, __SUBJ_ALPHA_NEGATE 0.000000, __SUBJ_REPLY 0.000000, __TO_IN_SUBJECT 0.000000, __TO_MALFORMED_2 0.000000, __TO_NAME 0.000000, __TO_NAME_DIFF_FROM_ACC 0.000000, __TO_REAL_NAMES 0.000000, __URI_HAS_HYPHEN_USC 0.000000, __URI_IN_BODY 0.000000, __URI_IN_BODY_HTTP_X10 0.000000, __URI_MAILTO 0.000000, __URI_NOT_IMG 0.000000, __URI_NS 0.000000, __URI_WITHOUT_PATH 0.000000, __URI_WITH_PATH 0.000000, __USER_AGENT 0.000000 X-SASI-Probability: 10% X-SASI-RCODE: 200 X-SASI-Version: Antispam-Engine: 5.1.4, AntispamData: 2024.10.24.162115 X-SASI-Hits: BODY_SIZE_4000_4999 0.000000, BODY_SIZE_5000_LESS 0.000000, BODY_SIZE_7000_LESS 0.000000, CTE_7BIT 0.000000, HTML_00_01 0.050000, HTML_00_10 0.050000, IN_REP_TO 0.000000, LEGITIMATE_SIGNS 0.000000, MSGID_SAMEAS_FROM_HEX_844412 0.100000, MSG_THREAD 0.000000, REFERENCES 0.000000, REPLYTO_SAMEAS_FROM 0.000000, SUSP_DH_NEG 0.000000, TO_IN_SUBJECT 0.500000, USER_AGENT 0.000000, __ANY_URI 0.000000, __AUTH_RES_PASS 0.000000, __BODY_NO_MAILTO 0.000000, __BODY_VOICEMAIL 0.000000, __BOUNCE_CHALLENGE_SUBJ 0.000000, __BOUNCE_NDR_SUBJ_EXEMPT 0.000000, __CP_URI_IN_BODY 0.000000, __CT 0.000000, __CTE 0.000000, __CT_TEXT_PLAIN 0.000000, __DQ_NEG_DOMAIN 0.000000, __DQ_NEG_HEUR 0.000000, __DQ_NEG_IP 0.000000, __FORWARDED_MSG 0.000000, __FROM_DOMAIN_NOT_IN_BODY 0.000000, __FROM_NAME_NOT_IN_ADDR 0.000000, __FROM_NAME_NOT_IN_BODY 0.000000, __FUR_HEADER 0.000000, __HAS_FROM 0.000000, __HAS_MSGID 0.000000, __HAS_REFERENCES 0.000000, __HAS_REPLYTO 0.000000, __HEADER_ORDER_FROM 0.000000, __HTTPS_URI 0.000000, __INVOICE_MULTILINGUAL 0.000000, __IN_REP_TO 0.000000, __MAIL_CHAIN 0.000000, __MIME_BOUND_CHARSET 0.000000, __MIME_TEXT_ONLY 0.000000, __MIME_TEXT_P 0.000000, __MIME_TEXT_P1 0.000000, __MIME_VERSION 0.000000, __MOZILLA_USER_AGENT 0.000000, __MSGID_HEX_844412 0.000000, __MULTIPLE_URI_TEXT 0.000000, __NO_HTML_TAG_RAW 0.000000, __PHISH_SPEAR_SUBJ_ALERT 0.000000, __REFERENCES 0.000000, __REPLYTO_SAMEAS_FROM_ACC 0.000000, __REPLYTO_SAMEAS_FROM_ADDY 0.000000, __REPLYTO_SAMEAS_FROM_DOMAIN 0.000000, __SANE_MSGID 0.000000, __SCAN_D_NEG 0.000000, __SCAN_D_NEG2 0.000000, __SCAN_D_NEG_HEUR 0.000000, __SCAN_D_NEG_HEUR2 0.000000, __SUBJ_ALPHA_END 0.000000, __SUBJ_ALPHA_NEGATE 0.000000, __SUBJ_REPLY 0.000000, __TO_IN_SUBJECT 0.000000, __TO_MALFORMED_2 0.000000, __TO_NAME 0.000000, __TO_NAME_DIFF_FROM_ACC 0.000000, __TO_REAL_NAMES 0.000000, __URI_HAS_HYPHEN_USC 0.000000, __URI_IN_BODY 0.000000, __URI_IN_BODY_HTTP_X10 0.000000, __URI_MAILTO 0.000000, __URI_NOT_IMG 0.000000, __URI_NS 0.000000, __URI_WITHOUT_PATH 0.000000, __URI_WITH_PATH 0.000000, __USER_AGENT 0.000000 X-SASI-Probability: 10% X-SASI-RCODE: 200 X-SASI-Version: Antispam-Engine: 5.1.4, AntispamData: 2024.10.24.162115 Received: from [192.168.10.199] (dtp [192.168.10.199]) by srv2 (Weasel v2.9-0001 ) for ; Thu, 24 Oct 2024 18:35:33 -0000 Reply-To: ml@ecomstation.it Subject: Re: [eCS-ISP] uacme 1.2.4 curl issue To: eCS ISP Mailing List References: Organization: Massimo S. Message-ID: <0be51c91-6268-7ae0-5216-04a50c0a5e36@ecomstation.it> Date: Thu, 24 Oct 2024 18:41:06 +0200 User-Agent: Mozilla/5.0 (OS/2; U; Warp 4.5; it-IT; rv:1.7.13) Gecko/20060424 Thunderbird/1.0.8 Mnenhy/0.7.4.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=iso-8859-15; format=flowed Content-Language: it-IT Content-Transfer-Encoding: 7bit Il 22/10/2024 23:45, Steven Levine ha scritto: > In , on 10/22/24 > at 05:24 PM, "Massimo S." said: > > Hi Massimo, > >> uacme -v issue www.mydomain.it -c c:/mptn/etc/ssl/uacme -h >> hook_www_mydomain_it.cmd > >> and i got > > uacme: c:/mptn/etc/ssl/uacme/private/www.mydomain.it/key.pem not found * > > This is normal. Uacme is checking if the domain private key exists, so it > knows what to do next. > > uacme: checking existence and expiration of > c:/mptn/etc/ssl/uacme/www.mydomain.it/cert.pem uacme: > c:/mptn/etc/ssl/uacme/www.mydomain.it/cert.pem does not exist ** uacme: > fetching directory at https://acme-v02.api.letsencrypt.org/directory > > This is normal. Uacme is checking if the cert exists so it knows what to > do next. > > uacme: curl_get: GET https://acme-v02.api.letsencrypt.org/directory > failed: SSL peer certificate or SSH remote key was not OK uacme: > curl_get: waiting 5 seconds before retrying > > I've seen this recently too. It appears that Let's Encrypt is somewhat > overloaded recently. There's nothing you can do other than retry until it > works. > > It might be instructive to open > > https://acme-v02.api.letsencrypt.org/directory > > in a browser. The file contains a list of the actions that that LE > supports. > >> while if i don't delete key.pem and cert.pem >> i get > > All normal, best I can tell > >> while if i delete only cert.pem >> i get the same > > Again. All normal other than the LE busy issue. > >> so i don't understand if uacme 1.2.4 is working correctly or not :-( > > uacme is working correctly. The problem is wih the LE server which > hopefully will not persist. > > Steven Hi Steven, sorry, no it's uacme 1.2.4 that have issues i've just retried some minute ago and i got: uacme: version 1.2.4 starting on Thu, 24 Oct 2024 18:26:52 uacme: loading key from c:/mptn/etc/ssl/uacme/private/key.pem uacme: loading key from c:/mptn/etc/ssl/uacme/private/www.mydomain.it/key.pem uacme: checking existence and expiration of c:/mptn/etc/ssl/uacme/www.mydomain.it/cert.pem uacme: c:/mptn/etc/ssl/uacme/www.mydomain.it/cert.pem does not exist uacme: fetching directory at https://acme-v02.api.letsencrypt.org/directory uacme: curl_get: GET https://acme-v02.api.letsencrypt.org/directory failed: SSL peer certificate or SSH remote key was not OK uacme: curl_get: waiting 5 seconds before retrying uacme: curl_get: GET https://acme-v02.api.letsencrypt.org/directory failed: SSL peer certificate or SSH remote key was not OK uacme: curl_get: waiting 5 seconds before retrying uacme: curl_get: GET https://acme-v02.api.letsencrypt.org/directory failed: SSL peer certificate or SSH remote key was not OK uacme: curl_get: waiting 5 seconds before retrying uacme: acme_get: curl_get failed uacme: failed to fetch directory at https://acme-v02.api.letsencrypt.org/directory while with 1.0.9 it's successful: uacme: version 1.0.19 starting on Thu, 24 Oct 2024 18:29:46 uacme: loading key from c:/mptn/etc/ssl/uacme/private/key.pem uacme: loading key from c:/mptn/etc/ssl/uacme/private/www.mydomain.it/key.pem uacme: checking existence and expiration of c:/mptn/etc/ssl/uacme/www.mydomain.it/cert.pem uacme: c:/mptn/etc/ssl/uacme/www.mydomain.it/cert.pem does not exist uacme: fetching directory at https://acme-v02.api.letsencrypt.org/directory uacme: retrieving account at https://acme-v02.api.letsencrypt.org/acme/new-acct uacme: account location: https://acme-v02.api.letsencrypt.org/acme/acct/68817448 uacme: creating new order for www.mydomain.it at https://acme-v02.api.letsencrypt.org/acme/new-order uacme: order URL: https://acme-v02.api.letsencrypt.org/acme/order/68817448/316670748157 uacme: generating certificate request uacme: finalizing order at https://acme-v02.api.letsencrypt.org/acme/finalize/68817448/316670748157 uacme: polling order status at https://acme-v02.api.letsencrypt.org/acme/order/68817448/316670748157 uacme: retrieving certificate at https://acme-v02.api.letsencrypt.org/acme/cert/04034ebd345d25544f216c79a4100e633ccc uacme: saving certificate to c:/mptn/etc/ssl/uacme/www.mydomain.it/cert.pem.tmp uacme: renaming c:/mptn/etc/ssl/uacme/www.mydomain.it/cert.pem.tmp to c:/mptn/etc/ssl/uacme/www.mydomain.it/cert.pem massimo