Is there a letsencrypt work around for Synchronet Web serve? I've uninstalled letsencrypt and certbot. I would like to have synchronets web server handle all web requests including https. Currently I'm still getting a warning that the certificate is unsigned. How can I get a signed certicate just using synchronets web server? No Apache or any other server software. Just the default Synchronet Web server. Eg. point my browser to https://havens.synchronetbbs.org without any warnings or errors. Is that possible?

H A V E N S B B S havens.synchro.net:23

---
þ Synchronet þ Havens BBS havens.synchro.net
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Re: Letsencrypt work around?
By: HusTler to All on Wed Dec 11 2019 12:14 pm

Is there a letsencrypt work around for Synchronet Web serve?

Work around for *what*?

I've
uninstalled letsencrypt and certbot. I would like to have synchronets web server handle all web requests including https. Currently I'm still getting a warning that the certificate is unsigned.

Did you delete the ssl.cert file like I previously suggested?

How can I get a signed certicate
just using synchronets web server?

By running letsencrypt.js as previously suggested.

No Apache or any other server software.
Just the default Synchronet Web server. Eg. point my browser to https://havens.synchronetbbs.org without any warnings or errors. Is that possible?

Yes, of course.

digital man

This Is Spinal Tap quote #40:
Morty the Mime: Come on, don't talk back, mime is money, come on, move it. Norco, CA WX: 54.6øF, 69.0% humidity, 1 mph SSW wind, 0.00 inches rain/24hrs --- SBBSecho 3.10-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

HusTler wrote to All <=-

Is there a letsencrypt work around for Synchronet Web serve?
I've uninstalled letsencrypt and certbot. I would like to have
synchronets web server handle all web requests including https.
Currently I'm still getting a warning that the certificate is
unsigned. How can I get a signed certicate just using synchronets
web server? No Apache or any other server software. Just the
default Synchronet Web server. Eg. point my browser to https://havens.synchronetbbs.org without any warnings or errors.
Is that possible?

There is no "workaround" required.

It only requires correct configuration.

You've been given MULTIPLE suggestions by MULTIPLE people, and
don't even bother responding that you received them, much less
tried them, and whether they worked or not. You don't even
respond to specific requests for specific information.

Why would anyone want to bother trying to help you at this point?



... So easy, a child could do it. Child sold separately.
--- MultiMail/Linux v0.52
þ Synchronet þ Palantir BBS * palantirbbs.ddns.net * Pensacola, FL
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Re: Re: Letsencrypt work around?
By: Gamgee to HusTler on Thu Dec 12 2019 07:57 am

There is no "workaround" required.

It only requires correct configuration.

You've been given MULTIPLE suggestions by MULTIPLE people, and
don't even bother responding that you received them, much less
tried them, and whether they worked or not. You don't even

I didn't reply because none of the suggestions worked. When something works I'll let everyone know it worked. I've followed everyone's instructions to the tee. My site is still insecure.

H A V E N S B B S havens.synchro.net:23

---
þ Synchronet þ Havens BBS havens.synchro.net
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Re: Re: Letsencrypt work around?
By: HusTler to Gamgee on Fri Dec 13 2019 08:30 am

Re: Re: Letsencrypt work around?
By: Gamgee to HusTler on Thu Dec 12 2019 07:57 am

There is no "workaround" required.

It only requires correct configuration.

You've been given MULTIPLE suggestions by MULTIPLE people, and
don't even bother responding that you received them, much less
tried them, and whether they worked or not. You don't even

I didn't reply because none of the suggestions worked. When something

works

I'll let everyone know it worked. I've followed everyone's instructions to the tee. My site is still insecure.

I've seen you post a bunch of steps you've perform that *I* never told you to perform, so I'm not sure who's instructions you've followed "to the tee", but they weren't mine.

digital man

Synchronet "Real Fact" #31:
The Synchronet IRC server (ircd) was written in JS by Randy Sommerfeld (Cyan). Norco, CA WX: 64.3øF, 64.0% humidity, 0 mph SW wind, 0.00 inches rain/24hrs
--- SBBSecho 3.10-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Re: Re: Letsencrypt work around?
By: HusTler to Gamgee on Fri Dec 13 2019 08:30:50

I didn't reply because none of the suggestions worked. When something

works I'll let everyone know

Please let us know when you try our suggestions, even if they don't work.

Failure can be informative; if steps that *should* fix a problem *don't*, maybe something in there needs to be fixed.

Lack of response makes it seem like you didn't see the message or follow its advice. We might keep asking "Did you try x?" because until we know it didn't work, it seems like the next step. We might stop trying to help you because it looks like you ask questions but ignore answers.

---
echicken
electronic chicken bbs - bbs.electronicchicken.com
þ Synchronet þ electronic chicken bbs - bbs.electronicchicken.com
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

I always get this when I run letsyncrypt:

Reading script from /sbbs/exec/letsyncrypt.js
/sbbs/exec/letsyncrypt.js compiled in 0.00 seconds
Getting directory.
Calling newOrder.
0008 TLS ERROR 'No data was read because the remote system closed the connection (recv() == 0)' (-1) popping data
0008 TLS ERROR 'No data was read because the remote system closed the connection (recv() == 0)' (-1) popping data
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
{
"type": "urn:ietf:params:acme:error:malformed",
"detail": "JWS verification error",
"status": 400
}
!JavaScript : uncaught exception: newOrder responded with 400 not 201 /sbbs/exec/letsyncrypt.js executed in 1.54 seconds
!Module (letsyncrypt) set exit_code: 1

JavaScript: Destroying context
JavaScript: Destroying runtime


I have SBBS running on Port 80/443

My letsyncrpt.ini:
Host = acme-v02.api.letsencrypt.org
Directory = /directory
TOSAgreed = true
GroupReadableKeyFile = false

[Domains]
alleycat.synchro.net=/sbbs/web/root

[key_id]
acme-v02.api.letsencrypt.org=https://acme- v02.api.letsencrypt.org/acme/acct/51915535
[State]

---
þ Synchronet þ AlleyCat! BBS - http://alleycat.synchro.net:81
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Re: Re: Letsencrypt work around?
By: HusTler to Gamgee on Fri Dec 13 2019 08:30:50

You've been given MULTIPLE suggestions by MULTIPLE people, and
don't even bother responding that you received them, much less
tried them, and whether they worked or not. You don't even

I didn't reply because none of the suggestions worked.

you really should tell us this, then... don't leave us hanging like that if it doesn't work... the normal understanding is that it did work if no reply... we cannot see over your shoulder so you have to tell us everything and respond to suggestions and questions...

When something works I'll let everyone know it worked. I've followed

everyone's instructions to the tee. My site is still insecure.

it really isn't this hard, though... i had a self-signed sbbs cert and then ran the sbbs letsyncrypt script once or twice and it was done... no muss no fuss... i messed it up when i tried to do multiple domains so i dropped that for now but it really is easy as 1,2,3... why you have so many problems is not understandable by me :(


)\/(ark

---
þ Synchronet þ The SouthEast Star Mail HUB - SESTAR
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Woohoo, I finally got it working, on my Linuxbox, anyway, my windowsbox
runs sbbs WE ON 81/4443 but my test SBBS is running on 80/443.

1) shutdown the BBS
2) deleted the letsyncrypt.key and sll.cert files.
3) restarted sbsb
4) Deleted the entries in letsyncrypt.ini [Key_id] and [State]
5) re-ran jsexec letsyncrypt.js --force

... though it was showing as TLS error same as before it actually completed
the script and created /sbbs/web/root/.well_known/acme-challenge and letsyncrypt.key, now when I connet via https it gives a secure connection!

I know the wiki says "Do not modify the [Key_id] and [State] sections, but
the letsyncrypt.ini file I grabbed a while ago had the [Key_id] already
filled in ... please consider adding a note that if the [Key_id] and
[State] is defined it will Error 400 JWS.

---
þ Synchronet þ AlleyCat! BBS - http://alleycat.synchro.net:81
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Re: Re: Letsencrypt work around?
By: Mortifis to Digital Man on Sat Dec 14 2019 03:26 pm

I always get this when I run letsyncrypt:

Reading script from /sbbs/exec/letsyncrypt.js
/sbbs/exec/letsyncrypt.js compiled in 0.00 seconds
Getting directory.
Calling newOrder.
0008 TLS ERROR 'No data was read because the remote system closed the connection (recv() == 0)' (-1) popping data
0008 TLS ERROR 'No data was read because the remote system closed the connection (recv() == 0)' (-1) popping data
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
{
"type": "urn:ietf:params:acme:error:malformed",
"detail": "JWS verification error",
"status": 400
}
!JavaScript : uncaught exception: newOrder responded with 400 not 201 /sbbs/exec/letsyncrypt.js executed in 1.54 seconds
!Module (letsyncrypt) set exit_code: 1

JavaScript: Destroying context
JavaScript: Destroying runtime

I have SBBS running on Port 80/443

My letsyncrpt.ini:
Host = acme-v02.api.letsencrypt.org
Directory = /directory
TOSAgreed = true
GroupReadableKeyFile = false

[Domains]
alleycat.synchro.net=/sbbs/web/root

[key_id]
acme-v02.api.letsencrypt.org=https://acme- v02.api.letsencrypt.org/acme/acct/51915535
[State]

Did you change somthing after first running it? That JWS error looks like an authentication error. Perhaps try deleting the [key_id] section from your letsyncrpt.ini file and re-run the event.

digital man

This Is Spinal Tap quote #13:
Nigel Tufnel: You can't really dust for vomit.
Norco, CA WX: 61.6øF, 74.0% humidity, 3 mph SE wind, 0.00 inches rain/24hrs
--- SBBSecho 3.10-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Re: Re: Letsencrypt work around?
By: Mortifis to Digital Man on Sat Dec 14 2019 05:30 pm

Woohoo, I finally got it working, on my Linuxbox, anyway, my windowsbox
runs sbbs WE ON 81/4443 but my test SBBS is running on 80/443.

1) shutdown the BBS
2) deleted the letsyncrypt.key and sll.cert files.
3) restarted sbsb
4) Deleted the entries in letsyncrypt.ini [Key_id] and [State]
5) re-ran jsexec letsyncrypt.js --force

... though it was showing as TLS error same as before it actually completed the script and created /sbbs/web/root/.well_known/acme-challenge and letsyncrypt.key, now when I connet via https it gives a secure connection!

I know the wiki says "Do not modify the [Key_id] and [State] sections, but the letsyncrypt.ini file I grabbed a while ago had the [Key_id] already filled in ...

Grabbed from where? The letsyncrypt.ini in CVS (http://cvs.synchro.net/cgi-bin/viewcvs.cgi/ctrl/letsyncrypt.ini) has never had those values.

please consider adding a note that if the [Key_id] and
[State] is defined it will Error 400 JWS.

Normally, the first time you run the event, the script will fill those value in the .ini file for you. You *need* them. It sounds like you got your letsyncrypt.ini file from some who knows where, but not from CVS.

digital man

This Is Spinal Tap quote #14:
The Boston gig has been cancelled. [Don't] worry, it's not a big college town. Norco, CA WX: 61.2øF, 76.0% humidity, 5 mph ESE wind, 0.00 inches rain/24hrs --- SBBSecho 3.10-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Re: Re: Letsencrypt work around?
By: Mortifis to Digital Man on Sat Dec 14 2019 05:30 pm

Woohoo, I finally got it working, on my Linuxbox, anyway, my windowsbox
runs sbbs WE ON 81/4443 but my test SBBS is running on 80/443.

1) shutdown the BBS
2) deleted the letsyncrypt.key and sll.cert files.
3) restarted sbsb
4) Deleted the entries in letsyncrypt.ini [Key_id] and [State]
5) re-ran jsexec letsyncrypt.js --force

... though it was showing as TLS error same as before it actually completed the script and created /sbbs/web/root/.well_known/acme-challenge and letsyncrypt.key, now when I connet via https it gives a secure connection!

I know the wiki says "Do not modify the [Key_id] and [State] sections, but the letsyncrypt.ini file I grabbed a while ago had the [Key_id] already filled in ... please consider adding a note that if the [Key_id] and
[State] is defined it will Error 400 JWS.

I followed the wiki, ended up still getting an unsigned cert but I had listed a second domain which came up with a valid cert. Clearing browser cache resolved the primary domain problem.

-altere

---
þ Synchronet þ Athelstan BBS þ athelstan.org þ telnet:23 | ssh:2222
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Re: Re: Letsencrypt work around?
By: HusTler to Gamgee on Fri Dec 13 2019 08:30 am

There is no "workaround" required.
It only requires correct configuration.
You've been given MULTIPLE suggestions by MULTIPLE people, and
don't even bother responding that you received them, much less
tried them, and whether they worked or not. You don't even

I didn't reply because none of the suggestions worked. When something

works

I'll let everyone know it worked. I've followed everyone's instructions to the tee. My site is still insecure.

What's in your letsyncrypt.ini file?

Do you have a letsyncrypt.key and ssl.cert file in your ctrl dir?

-altere

---
þ Synchronet þ Athelstan BBS þ athelstan.org þ telnet:23 | ssh:2222
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Re: Re: Letsencrypt work around?
By: Mortifis to Digital Man on Sat Dec 14 2019 05:30 pm

Woohoo, I finally got it working, on my Linuxbox, anyway, my windowsbox runs sbbs WE ON 81/4443 but my test SBBS is running on 80/443.
1) shutdown the BBS
2) deleted the letsyncrypt.key and sll.cert files.
3) restarted sbsb
4) Deleted the entries in letsyncrypt.ini [Key_id] and [State]
5) re-ran jsexec letsyncrypt.js --force

Does this now show as a real signed cert, not self-signed? Something that the documentation doesn't make clear is whether you should end up with a CA-signed cert. Mine is still showing self-signed at the moment.

Razor

---
þ Synchronet þ The Silent Strike - bbs.thesilentstrike.com
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Re: Re: Letsencrypt work around?
By: Razor to Mortifis on Sat Dec 14 2019 12:56 pm

Re: Re: Letsencrypt work around?
By: Mortifis to Digital Man on Sat Dec 14 2019 05:30 pm

Woohoo, I finally got it working, on my Linuxbox, anyway, my

windowsbox

runs sbbs WE ON 81/4443 but my test SBBS is running on 80/443.
1) shutdown the BBS
2) deleted the letsyncrypt.key and sll.cert files.
3) restarted sbsb
4) Deleted the entries in letsyncrypt.ini [Key_id] and [State]
5) re-ran jsexec letsyncrypt.js --force

Does this now show as a real signed cert, not self-signed? Something that the documentation doesn't make clear is whether you should end up with a CA-signed cert. Mine is still showing self-signed at the moment.

Let's Encrypt is a CA (certificate authority). The entire point of using letsyncrypt.js is get a certificate that is signed by Let's Encrypt. Without using Let's Encrypt (and letsyncrypt.js), you get an automatically generated self-signed certificate.

digital man

This Is Spinal Tap quote #16:
David St. Hubbins: I believe virtually everything I read...
Norco, CA WX: 50.1øF, 95.0% humidity, 0 mph SW wind, 0.00 inches rain/24hrs
--- SBBSecho 3.10-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Re: Re: Letsencrypt work around?
By: Mortifis to Digital Man on Sat Dec 14 2019 05:30 pm

Woohoo, I finally got it working, on my Linuxbox, anyway, my

windowsbox

runs sbbs WE ON 81/4443 but my test SBBS is running on 80/443.
1) shutdown the BBS
2) deleted the letsyncrypt.key and sll.cert files.
3) restarted sbsb
4) Deleted the entries in letsyncrypt.ini [Key_id] and [State]
5) re-ran jsexec letsyncrypt.js --force

Does this now show as a real signed cert, not self-signed? Something

that

the documentation doesn't make clear is whether you should end up with

a

CA-signed cert. Mine is still showing self-signed at the moment.

Razor

The CA I received showed it was signed by letsyncrypt.org. I cannot get
a valid certificate on my production SBBS server because it is not
running on port 80/443, I ran that test on my production web server
system. I have since shutdown sbbs on my linuxbox so
alleycat.synchro.net has an invalid certificate again.

---
þ Synchronet þ AlleyCat! BBS - http://alleycat.synchro.net:81
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

That makes sense. I've figured out that my issue with not getting a cert that's signed by Let's Encrypt is likely related to my system not listening on port 80.
Here's the log that Let's Encrypt generated https://acme-v02.api.letsencrypt.org/acme/authz-v3/1823799891
It looks like it may be possible to tell the API to connect on an alternate port, possibly 9999 https://www.virtualmin.com/node/53385

Razor

---
þ Synchronet þ The Silent Strike - bbs.thesilentstrike.com
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Re: Re: Letsencrypt work around?
By: Razor to Digital Man on Fri Dec 20 2019 04:49 pm

That makes sense. I've figured out that my issue with not getting a cert that's signed by Let's Encrypt is likely related to my system not listening on port 80.
Here's the log that Let's Encrypt generated https://acme-v02.api.letsencrypt.org/acme/authz-v3/1823799891
It looks like it may be possible to tell the API to connect on an alternate port, possibly 9999 https://www.virtualmin.com/node/53385

Looks to me like they're just using a proxy. Unless you actually control the server already running on port 80, you can't do that. And if you do control the server on port 80, then can either change it to a different port temporarily so the Synchronet server can run on port 80 or better yet, just create a symlink to your Synchronet web server root dir where the challenge/response for Let's Encrypt will be placed.

If you don't control the web server running on port 80, I don't know that there is any work-around.

digital man

Synchronet/BBS Terminology Definition #20:
DOS = Disk Operating System (as in PC-DOS and MS-DOS)
Norco, CA WX: 63.3øF, 26.0% humidity, 0 mph W wind, 0.00 inches rain/24hrs
--- SBBSecho 3.10-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)