• Letsyncrypt error 44?

    From Android8675@1:103/705 to All on Mon Sep 21 15:09:27 2020
    I watched Rob's view on 3.18b (awesome work btw) and the part about changing the system password to get rid of the ssh error 22 hit home because I was getting said error (even though everything was working for the most part).

    So I changed my system password (was overdue anyways), and now my ssh connection to web isn't working? (I have HSTS_SAFE set so it won't even try an unsecure connection (intended). I tried running letsyncrypt and trying the --new-key, --force or --revoke option, but it failed eash time with:

    !JavaScript /home/sbbs/sbbs/exec/letsyncrypt.js line 279: Error: Error -44 calling cryptAddPrivateKey()

    Thoughts? Did I muck something up? Am I looking at the wrong place? Also, i'm using certbot for my foundryvtt server, same web domain, but a different port. can I point sbbs to that cert or point foundry to the letsyncrypt certs/keys?

    --
    Android8675@ShodansCore

    ---
    þ Synchronet þ Shodan's Core @ ShodansCore.com
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Digital Man@1:103/705 to Android8675 on Mon Sep 21 17:35:16 2020
    Re: Letsyncrypt error 44?
    By: Android8675 to All on Mon Sep 21 2020 03:09 pm

    I watched Rob's view on 3.18b (awesome work btw) and the part about
    changing
    the system password to get rid of the ssh error 22 hit home because I was getting said error (even though everything was working for the most part).

    SSH was working?

    So I changed my system password (was overdue anyways), and now my ssh connection to web isn't working? (I have HSTS_SAFE set so it won't even try an unsecure connection (intended).

    Did you try without setting HSTS_SAFE?

    I tried running letsyncrypt and trying
    the --new-key, --force or --revoke option, but it failed eash time with:

    !JavaScript /home/sbbs/sbbs/exec/letsyncrypt.js line 279: Error: Error -44 calling cryptAddPrivateKey()

    Thoughts?

    Here's the cryptlib description of that error:
    #define CRYPT_ERROR_DUPLICATE ( -44 ) /* Item already present in object */

    Did I muck something up? Am I looking at the wrong place? Also,
    i'm using certbot for my foundryvtt server, same web domain, but a
    different
    port. can I point sbbs to that cert or point foundry to the letsyncrypt certs/keys?

    Doubt it. The cert and key have to be in the cryptlib format.

    You can try just deleting the 2 files again and let sbbs recreate them: http://wiki.synchro.net/faq:tcpip#ssh_session_key

    digital man

    This Is Spinal Tap quote #4:
    David St. Hubbins: He died in a bizarre gardening accident...
    Norco, CA WX: 82.1øF, 47.0% humidity, 4 mph ENE wind, 0.00 inches rain/24hrs --- SBBSecho 3.11-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Android8675@1:103/705 to Digital Man on Tue Sep 22 09:50:09 2020
    Re: Letsyncrypt error 44?
    By: Digital Man to Android8675 on Mon Sep 21 2020 05:35 pm

    Re: Letsyncrypt error 44?
    By: Android8675 to All on Mon Sep 21 2020 03:09 pm

    I watched Rob's view on 3.18b (awesome work btw) and the part about changing the system password to get rid of the ssh error 22 hit home because I was getting said error (even though everything was working for the most part).

    SSH was working?

    Yes, not certain what I changed that caused it to stop. like i said, changed my syspass and cleared the existing key/cert, and I'm pretty sure that's all I did...

    letsyncrypt.js is running without error:
    9/22 09:36:33 evnt SYNCRYPT Timed event: SYNCRYPT returned 0.

    Did you try without setting HSTS_SAFE?


    I'll do it now, I suspect it'll work and let me connect without https. I have to recycle the web service, and it doesn't seem to want too without me logging off telnet.

    You can try just deleting the 2 files again and let sbbs recreate them: http://wiki.synchro.net/faq:tcpip#ssh_session_key

    I'll try that as well and report back.

    Thanks.

    --
    Android8675@ShodansCore

    ---
    þ Synchronet þ Shodan's Core @ ShodansCore.com
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Android8675@1:103/705 to Digital Man on Tue Sep 22 11:02:35 2020
    Re: Letsyncrypt error 44?
    By: Android8675 to Digital Man on Tue Sep 22 2020 09:50 am

    Did you try without setting HSTS_SAFE?

    I'll do it now, I suspect it'll work and let me connect without https. I have to recycle the web service, and it doesn't seem to want too without me logging off telnet.

    You can try just deleting the 2 files again and let sbbs recreate them: http://wiki.synchro.net/faq:tcpip#ssh_session_key

    I'll try that as well and report back.


    removed hsts_safe and I can connect to http://shodanscore.com, but going to https://shodanscore.com gives me the "connection not private" routine. (NET::ERR_CERT_AUTHORITY_INVALID)

    if I try to touch letsyncrypt after removing the ssl cert/key files I get:

    9/22 10:56:38 evnt SYNCRYPT !JavaScript /sbbs/exec/letsyncrypt.js line 279: Error: Error -44 calling cryptAddPrivateKey()

    I commented out the lines under [State] and [key_id] in letsyncryt.ini. I figured they'd need to be recreated, but same errors.

    *whap* (hitting ball to your court dm)

    --
    Android8675@ShodansCore

    ---
    þ Synchronet þ Shodan's Core @ ShodansCore.com
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Digital Man@1:103/705 to Android8675 on Tue Sep 22 15:40:31 2020
    Re: Letsyncrypt error 44?
    By: Android8675 to Digital Man on Tue Sep 22 2020 11:02 am

    Re: Letsyncrypt error 44?
    By: Android8675 to Digital Man on Tue Sep 22 2020 09:50 am

    Did you try without setting HSTS_SAFE?

    I'll do it now, I suspect it'll work and let me connect without https. I have to recycle the web service, and it doesn't seem to want too without me logging off telnet.

    You can try just deleting the 2 files again and let sbbs recreate them: http://wiki.synchro.net/faq:tcpip#ssh_session_key

    I'll try that as well and report back.


    removed hsts_safe and I can connect to http://shodanscore.com, but going
    to
    https://shodanscore.com gives me the "connection not private" routine. (NET::ERR_CERT_AUTHORITY_INVALID)

    if I try to touch letsyncrypt after removing the ssl cert/key files I get:

    9/22 10:56:38 evnt SYNCRYPT !JavaScript /sbbs/exec/letsyncrypt.js line
    279:
    Error: Error -44 calling cryptAddPrivateKey()

    I commented out the lines under [State] and [key_id] in letsyncryt.ini. I figured they'd need to be recreated, but same errors.

    *whap* (hitting ball to your court dm)

    I think you need Deuce's help now (in #synchronet, irc.synchro.net).

    digital man

    Synchronet "Real Fact" #58:
    The last version of Synchronet to run on MS-DOS and OS/2 was v2.30c (1999). Norco, CA WX: 87.4øF, 42.0% humidity, 6 mph NNW wind, 0.00 inches rain/24hrs --- SBBSecho 3.11-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Android8675@1:103/705 to Digital Man on Tue Sep 29 12:27:56 2020
    Re: Letsyncrypt error 44?
    By: Digital Man to Android8675 on Tue Sep 22 2020 03:40 pm

    I think you need Deuce's help now (in #synchronet, irc.synchro.net).

    I somehow got it all going. Had to do some... things... restarted everything and it's working.

    What's weird is it's saying not secure (chrome) but I'm pretty sure that's because the openweather sidebar module links to an unsecured site or something,
    but the letsyncrypt certificate is valid, so might have to bug eChicken about that one.


    --
    Android8675@ShodansCore

    ---
    þ Synchronet þ Shodan's Core @ ShodansCore.com
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From echicken@1:103/705 to Android8675 on Tue Sep 29 20:18:43 2020
    Re: Letsyncrypt error 44?
    By: Android8675 to Digital Man on Tue Sep 29 2020 12:27:56

    What's weird is it's saying not secure (chrome) but I'm pretty sure
    that's because the openweather
    sidebar module links to an unsecured site or something, but the
    letsyncrypt certificate is valid, so
    might have to bug eChicken about that one.

    I killed the openweathermap sidebar module, so consider it unsupported.

    It's unlikely to be the problem, though. That module executes on the server and dumps the HTML response to the client. The HTTP request goes from your server to theirs, so the client shouldn't have anything to complain about.

    I'll take a peek at your site later and see if anything jumps out at me.

    ---
    echicken
    electronic chicken bbs - bbs.electronicchicken.com
    þ Synchronet þ electronic chicken bbs - bbs.electronicchicken.com
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From echicken@1:103/705 to Android8675 on Tue Sep 29 20:23:34 2020
    Re: Letsyncrypt error 44?
    By: echicken to Android8675 on Tue Sep 29 2020 20:18:43

    What's weird is it's saying not secure (chrome) but I'm pretty sure that's because the
    openweather sidebar module links to an unsecured site or something, but the letsyncrypt
    certificate is valid, so might have to bug eChicken about that one.

    So you are correct, that module is the problem.

    The HTML that's being fetched (server side) and rendered on the client contains an image which is being loaded via plain HTTP, thus mixed secure/insecure content.

    If you would try something for me, make a copy of exec/load/openweathermap.js in your mods/ directory. On line 74 of that file (in mods/) change http:// to https://. See if it works and resolves the problem.

    I'm not sure if there's some reason I didn't use HTTPS to begin with, which I normally would. It's possible that they don't allow it on their free tier or something. We'll see.

    ---
    echicken
    electronic chicken bbs - bbs.electronicchicken.com
    þ Synchronet þ electronic chicken bbs - bbs.electronicchicken.com
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Android8675@1:103/705 to echicken on Thu Oct 15 13:35:41 2020
    Re: Letsyncrypt error 44?
    By: echicken to Android8675 on Tue Sep 29 2020 08:23 pm

    What's weird is it's saying not secure (chrome) but I'm pretty sure
    that's because the
    openweather sidebar module links to an unsecured site or something,
    but the letsyncrypt
    certificate is valid, so might have to bug eChicken about that one.

    So you are correct, that module is the problem.

    If you would try something for me, make a copy of
    exec/load/openweathermap.js in your mods/ directory. On line 74 of that file
    (in mods/) change http:// to https://. See if it works and resolves the
    problem.


    I put the file in mods, changed line 74. seems to be working, no security errors, but the problem went away when I added the
    HSTS_SAFE option to [web] section of sbbs.ini which tells the web server to just use https:// I dunno. The change is in place,
    seems to be working.

    --
    Android8675@ShodansCore

    ---
    þ Synchronet þ Shodan's Core @ ShodansCore.com
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From echicken@1:103/705 to Android8675 on Thu Oct 15 23:43:45 2020
    Re: Letsyncrypt error 44?
    By: Android8675 to echicken on Thu Oct 15 2020 13:35:41

    directory. On line 74 of that file (in mods/) change http:// to https://. See if it works and

    I put the file in mods, changed line 74. seems to be working, no security
    errors, but the problem

    Thanks, I'll see about updating that.

    ---
    echicken
    electronic chicken bbs - bbs.electronicchicken.com
    þ Synchronet þ electronic chicken bbs - bbs.electronicchicken.com
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)