1. Forum
  2. FidoNet
  3. SYNC SYSOPS

  • letsencrypt

    From Mortifis@1:103/705 to All on Wed Feb 20 20:16:31 2019
    I must be missing some with letsyncrypt.ini

    I have a test site emphram.synchro.net on port 83 and port 443 open as well

    /sbbs/crtl/letsyncrypt.ini:

    [Domains]
    ephram.synchro.net=/sbbs/web/root
    Host=acme-v02.api.letsencrypt.org
    Directory=/directory
    TOSAgreed=true


    SCFG->Timed Events->SYNCRYPT identical to wiki

    error I am getting:

    2-20 08:08:18p SYNCRYPT Web root for Host is not a directory (acme-v02.api.letsencrypt.org)
    2-20 08:08:18p SYNCRYPT Web root for Directory is not a directory (/directory)
    2-20 08:08:18p SYNCRYPT Web root for TOSAgreed is not a directory (true)
    2-20 08:08:20p SYNCRYPT Creating account without agreeing to ToS failed.
    2-20 08:08:20p SYNCRYPT Please visit https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf and review the ToS
    2-20 08:08:20p SYNCRYPT Then set TOSAgreed=true in C:\sbbs\ctrl\letsyncrypt.ini
    2-20 08:08:20p SYNCRYPT !JavaScript : uncaught exception: newAccount returned 400, not a 200 or 201 status!

    Am I missing something?



    2 wrongs don't make a right, but 3 left turns will get you back on the freeway!

    ---
    þ Synchronet þ AlleyCat! BBS - http://alleycat.synchro.net:81
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Digital Man@1:103/705 to Mortifis on Wed Feb 20 16:48:44 2019
    Re: letsencrypt
    By: Mortifis to All on Wed Feb 20 2019 08:16 pm

    I must be missing some with letsyncrypt.ini

    I have a test site emphram.synchro.net on port 83 and port 443 open as well

    /sbbs/crtl/letsyncrypt.ini:

    [Domains]
    ephram.synchro.net=/sbbs/web/root
    Host=acme-v02.api.letsencrypt.org
    Directory=/directory
    TOSAgreed=true

    The Host, Directory, and TOSAgreed keys belong in the root section of the .ini file (not under "[Domains]", but before).

    digital man

    Synchronet "Real Fact" #88:
    SBBSecho v3.00 was first committed to cvs.synchro.net on Apr-11-2016.
    Norco, CA WX: 48.9øF, 65.0% humidity, 5 mph E wind, 0.00 inches rain/24hrs
    --- SBBSecho 3.06-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Mortifis@1:103/705 to Digital Man on Wed Feb 20 21:13:49 2019
    Re: letsencrypt
    By: Mortifis to All on Wed Feb 20 2019 08:16 pm

    I must be missing some with letsyncrypt.ini

    I have a test site emphram.synchro.net on port 83 and port 443 open as well

    /sbbs/crtl/letsyncrypt.ini:

    [Domains]
    ephram.synchro.net=/sbbs/web/root
    Host=acme-v02.api.letsencrypt.org
    Directory=/directory
    TOSAgreed=true

    The Host, Directory, and TOSAgreed keys belong in the root section of the .ini file (not under "[Domains]", but before).


    ok now I have
    [ROOT]
    Host=acme-v02.api.letsencrypt.org
    Directory=/directory
    TOSAgreed=true

    [Domains]
    ephram.synchro.net=/sbbs/web/root
    and get:

    2-20 09:08:37p SYNCRYPT Creating account without agreeing to ToS failed.
    2-20 09:08:37p SYNCRYPT Please visit https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf and review the ToS
    2-20 09:08:37p SYNCRYPT Then set TOSAgreed=true in C:\sbbs\ctrl\letsyncrypt.ini
    2-20 09:08:37p SYNCRYPT !JavaScript : uncaught exception: newAccount returned 400, not a 200 or 201 status!


    should I have
    Directory=/sbbs/web/root
    2 wrongs don't make a right, but 3 left turns will get you back on the freeway!

    ---
    þ Synchronet þ AlleyCat! BBS - http://alleycat.synchro.net:81
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Digital Man@1:103/705 to Mortifis on Wed Feb 20 18:14:55 2019
    Re: Re: letsencrypt
    By: Mortifis to Digital Man on Wed Feb 20 2019 09:13 pm

    Re: letsencrypt
    By: Mortifis to All on Wed Feb 20 2019 08:16 pm

    I must be missing some with letsyncrypt.ini

    I have a test site emphram.synchro.net on port 83 and port 443 open
    as
    well

    /sbbs/crtl/letsyncrypt.ini:

    [Domains]
    ephram.synchro.net=/sbbs/web/root
    Host=acme-v02.api.letsencrypt.org
    Directory=/directory
    TOSAgreed=true

    The Host, Directory, and TOSAgreed keys belong in the root section of
    the
    .ini file (not under "[Domains]", but before).


    ok now I have
    [ROOT]
    Host=acme-v02.api.letsencrypt.org
    Directory=/directory
    TOSAgreed=true

    Remove "[ROOT]". See http://wiki.synchro.net/config:ini_files#root_section for details.

    should I have
    Directory=/sbbs/web/root

    No.

    digital man

    Synchronet "Real Fact" #102:
    Synchronet added PETSCII (e.g. C64/C128) terminal support in October of 2018. Norco, CA WX: 47.8øF, 72.0% humidity, 0 mph SW wind, 0.00 inches rain/24hrs
    --- SBBSecho 3.06-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From mark lewis@1:3634/12.73 to Digital Man on Thu Feb 21 10:38:50 2019

    On 2019 Feb 20 16:48:44, you wrote to Mortifis:

    [Domains]
    ephram.synchro.net=/sbbs/web/root
    Host=acme-v02.api.letsencrypt.org
    Directory=/directory
    TOSAgreed=true

    The Host, Directory, and TOSAgreed keys belong in the root section of the .ini file (not under "[Domains]", but before).

    that's what i thought and so i moved them and broke mine... i had also added a blank line between each of the sections...

    when i first started, i had run the SYNCRYPT event with no letsyncrypt.ini file... after the event, there was a zero byte ini file and the log notice about the TOSagree line so i added only that line to the ini file...

    ----- snip -----
    TOSAgreed=true
    ----- snip -----

    then i reran the SYNCRYPT event... that got me my key and filled out the ini file to look like this (edited for security)...

    ----- snip -----
    TOSAgreed=true
    [key_id] acme-v02.api.letsencrypt.org=https://acme-v02.api.letsencrypt.org/acme/acct/xxx xxxxx
    [State]
    DomainHash=xxxxxxxxxxxxxxxxxxxxxx==
    Host=acme-v02.api.letsencrypt.org
    ----- snip -----

    then i edited the file to look like this...

    ----- snip -----
    TOSAgreed=true
    Directory=/sbbs/web/root
    Host=acme-v02.api.letsencrypt.org

    [Domains]
    sestar.synchro.net=/sbbs/web/root

    [key_id] acme-v02.api.letsencrypt.org=https://acme-v02.api.letsencrypt.org/acme/acct/xxx xxxxx

    [State]
    DomainHash=xxxxxxxxxxxxxxxxxxxxxx==
    ----- snip -----

    and that broke everything and caused the error messages i posted in my other post just now... i don't know why it didn't like the manual change i made... the goal was to make the file appear more like you and the wiki seem to describe how it should look but there it is...

    )\/(ark

    Always Mount a Scratch Monkey
    Do you manage your own servers? If you are not running an IDS/IPS yer doin' it wrong...
    ... Mary had a little RAM -- only about a MEG or so.
    ---
    * Origin: (1:3634/12.73)
  • From Geo@1:103/705 to All on Tue Apr 14 11:20:56 2020
    Hi All,

    My https on the classic syncronet web interface has suddenly stopped working.

    I am getting the following when the web server starts up.

    web ERROR 'Couldn't import the session key used to protect the pr
    ivate key' (-22) getting private key

    and yet I ave not touched anoything that is associated with it?

    Can anyone tell me more about what this error means?

    My Syncrypt timed even runs as normal with return code of 0

    So I don't see what changed.

    Thanks for any help. 8-)
    Regards..Geo
    ooooOOOOoooo

    ---
    þ Synchronet þ The Dungeon BBS - Risen from the Ashes! - Canberra, Australia. http://bbs.barnab
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Digital Man@1:103/705 to Geo on Tue Apr 14 19:59:32 2020
    Re: letsencrypt
    By: Geo to All on Tue Apr 14 2020 11:20 am

    Hi All,

    My https on the classic syncronet web interface has suddenly stopped working.

    I am getting the following when the web server starts up.

    web ERROR 'Couldn't import the session key used to protect the pr
    ivate key' (-22) getting private key

    and yet I ave not touched anoything that is associated with it?

    Can anyone tell me more about what this error means?

    My Syncrypt timed even runs as normal with return code of 0

    So I don't see what changed.

    Change your system password maybe?

    http://wiki.synchro.net/faq:tcpip#ssh_session_key

    Sounds like the same issue.

    digital man

    Synchronet/BBS Terminology Definition #88:
    XSDK = Synchronet External Program Software Development Kit for C/C++
    Norco, CA WX: 69.8øF, 31.0% humidity, 2 mph ESE wind, 0.00 inches rain/24hrs --- SBBSecho 3.10-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Geo@1:103/705 to Digital Man on Thu Apr 16 19:55:07 2020
    Hi DM,

    Thanks for that, I moved the files and restarted.

    Now slightly different issue 8-)

    Now I get SSL errors because the certificates it creates when it booted back up
    are self signed.

    Running letsyncrypt.js does not seem to fix it.

    Any further thoughts on how to get back to using letsyncrypt to apply real certificates.

    I hate SSL stuff it just messes with my mind.

    8-/




    Re: letsencrypt
    By: Geo to All on Tue Apr 14 2020 11:20 am

    Hi All,

    My https on the classic syncronet web interface has suddenly stopped working.

    I am getting the following when the web server starts up.

    web ERROR 'Couldn't import the session key used to protect the pr
    ivate key' (-22) getting private key

    and yet I ave not touched anoything that is associated with it?

    Can anyone tell me more about what this error means?

    My Syncrypt timed even runs as normal with return code of 0

    So I don't see what changed.

    Change your system password maybe?

    http://wiki.synchro.net/faq:tcpip#ssh_session_key

    Sounds like the same issue.

    digital man

    Synchronet/BBS Terminology Definition #88:
    XSDK = Synchronet External Program Software Development Kit for C/C++
    Norco, CA WX: 69.8øF, 31.0% humidity, 2 mph ESE wind, 0.00 inches
    rain/24hrs

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
    Regards..Geo
    ooooOOOOoooo

    ---
    þ Synchronet þ The Dungeon BBS - Risen from the Ashes! - Canberra, Australia. http://bbs.barnab
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From mark lewis@1:3634/12 to Geo on Fri Apr 17 07:14:44 2020
    Re: Re: letsencrypt
    By: Geo to Digital Man on Thu Apr 16 2020 19:55:07


    Thanks for that, I moved the files and restarted.

    Now slightly different issue 8-)

    Now I get SSL errors because the certificates it creates when
    it booted back up are self signed.

    you need to have the letsyncrypt certs in place, first or sbbs will generate self-signed certs...

    Running letsyncrypt.js does not seem to fix it.

    1. how are you running letsyncrypt.js?

    2. is your sbbs web server running on the standard port 80?

    3. are you trying to get a cert for one domain or more than one?

    4. are you starting with a clean letsyncrypt.ini file? i started mine with a single line in it...

    TOSAgreed=true

    without the leading spaces i have here for clarity... i had nothing else in the file at all...

    5. what output are you seeing when you run letsyncrypt.js?

    6. what output are you seeing then the letsyncrypt event runs?


    )\/(ark
    --- SBBSecho 3.10-Linux
    * Origin: SouthEast Star Mail HUB - SESTAR (1:3634/12)
  • From Geo@1:103/705 to mark lewis on Mon Apr 20 12:45:00 2020
    Hi Mark,

    Thanks heaps for those hints 8-)

    I removed the lot and just had the 1 line ini file and that got me working for 1
    domain.

    The I added the other domains to the file and re-ran letsyncrypt, now they all work
    again 8-)

    Thanks Heaps. 8-)


    Re: Re: letsencrypt
    By: Geo to Digital Man on Thu Apr 16 2020 19:55:07


    Thanks for that, I moved the files and restarted.

    Now slightly different issue 8-)

    Now I get SSL errors because the certificates it creates when
    it booted back up are self signed.

    you need to have the letsyncrypt certs in place, first or sbbs will
    generate
    self-signed certs...

    Running letsyncrypt.js does not seem to fix it.

    1. how are you running letsyncrypt.js?

    2. is your sbbs web server running on the standard port 80?

    3. are you trying to get a cert for one domain or more than one?

    4. are you starting with a clean letsyncrypt.ini file? i started mine with single line in it...

    TOSAgreed=true

    without the leading spaces i have here for clarity... i had nothing else in the
    file at all...

    5. what output are you seeing when you run letsyncrypt.js?

    6. what output are you seeing then the letsyncrypt event runs?


    )\/(ark
    --- SBBSecho 3.10-Linux
    * Origin: SouthEast Star Mail HUB - SESTAR (1:3634/12)
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
    Regards..Geo
    ooooOOOOoooo

    ---
    þ Synchronet þ The Dungeon BBS - Risen from the Ashes! - Canberra, Australia. http://bbs.barnab
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Rampage@1:103/705 to Geo on Tue Apr 21 08:37:42 2020
    Re: Re: letsencrypt
    By: Geo to mark lewis on Mon Apr 20 2020 12:45:00


    Thanks heaps for those hints 8-)

    you're quite welcome :)

    I removed the lot and just had the 1 line ini file and that got me
    working for 1
    domain.

    excellent...

    The I added the other domains to the file and re-ran letsyncrypt, now
    they all
    work again 8-)

    noice!

    i'm curious how you added them... at one time i had several domains but i had to drop them for various reasons... i've been considering to run them again but... i do have a wildcard domain set up so i can easily run subdomains but there's a few things i'm still mulling over...

    Thanks Heaps. 8-)

    i'm glad to have been of assistance :)


    )\/(ark

    ---
    þ Synchronet þ The SouthEast Star Mail HUB - SESTAR
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Geo@1:103/705 to Rampage on Sat Apr 25 11:15:25 2020
    Re: Re: letsencrypt
    By: Rampage to Geo on Tue Apr 21 2020 08:37:42

    Hiya

    i'm curious how you added them... at one time i had several domains but i
    had to drop them for various
    reasons... i've been considering to run them again but... i do have a
    wildcard domain set up so i can easily
    run subdomains but there's a few things i'm still mulling over...

    Thanks Heaps. 8-)

    i'm glad to have been of assistance :)


    )\/(ark


    I just added the 3 lines for the varios domain names of my bbs, with the same doc root. It added them to the cert so now https to any of them doesn't throw an error.

    8-)


    Regards..Geo
    ooooOOOOoooo

    ---
    þ Synchronet þ The Dungeon BBS - Risen from the Ashes! - Canberra, Australia. http://bbs.barnab
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Geo@1:103/705 to All on Thu Dec 23 11:05:08 2021
    Hi Gang,

    I'm looking for a bit of advice.

    Whilst I was away, my letsencrypt sert expired and I don't seem to be able to get hold of a replacement.


    I get the following error.

    sbbs@Manifold3:~$ jsexec ../exec/letsyncrypt.js

    JSexec v3.19a-Linux dungeon1/aac64b9 Debug - Execute Synchronet JavaScript Module
    Compiled Sep 10 2021 15:45:10 with GCC 4.8.5

    Loading configuration files from /sbbs/ctrl/
    JavaScript-C 1.8.5 2011-03-31
    JavaScript: Creating runtime: 16777216 bytes

    Reading script from /sbbs/mods/../exec/letsyncrypt.js /sbbs/mods/../exec/letsyncrypt.js compiled in 0.01 seconds
    !JavaScript : uncaught exception: Authorization failed... https://acme-v02.api.letsencrypt.org/acme/authz-v3/61080835020
    /sbbs/mods/../exec/letsyncrypt.js executed in 6.98 seconds
    !Module (../exec/letsyncrypt.js) set exit_code: 1

    JavaScript: Destroying context
    JavaScript: Destroying runtime

    Returning error code: 1

    I've tried -force and -revoke. Event tried putting the .ini back to "as if it had not run first time" and still get errors.

    Can anyone give me some pointers on how to get it working again?


    Thanks heaps 8-)

    ---
    þ Synchronet þ The Dungeon BBS - Risen from the Ashes! - Canberra, Australia. http://bbs.barnab
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Digital Man@1:103/705 to Geo on Wed Dec 22 20:16:39 2021
    Re: letsencrypt
    By: Geo to All on Thu Dec 23 2021 11:05 am

    Hi Gang,

    I'm looking for a bit of advice.

    Whilst I was away, my letsencrypt sert expired and I don't seem to be able to get hold of a replacement.


    I get the following error.

    sbbs@Manifold3:~$ jsexec ../exec/letsyncrypt.js

    JSexec v3.19a-Linux dungeon1/aac64b9 Debug - Execute Synchronet JavaScript Module
    Compiled Sep 10 2021 15:45:10 with GCC 4.8.5

    Loading configuration files from /sbbs/ctrl/
    JavaScript-C 1.8.5 2011-03-31
    JavaScript: Creating runtime: 16777216 bytes

    Reading script from /sbbs/mods/../exec/letsyncrypt.js /sbbs/mods/../exec/letsyncrypt.js compiled in 0.01 seconds
    !JavaScript : uncaught exception: Authorization failed... https://acme-v02.api.letsencrypt.org/acme/authz-v3/61080835020

    If you look at the link, you'll see a detailed error:

    "detail": "Invalid response from http://dungeon.barnabasmusic.com/.well-known/acme-challenge/EVnOq82qksnvhLAnYSRkQnSgf7Xwh9-fAy5HOlEAE9s [59.167.142.49]: \"\u003chtml\u003e\\n\u003chead\u003e\\n\u003c!-- $Id: 404.html,v 1.4 2010/02/22 23:03:25 rswindell Exp $ --\u003e\\n\u003ctitle\u003e404 File not found!\u003c/title\u003e\\n\u003cbody\u003e\\nNo reso\"",

    /sbbs/mods/../exec/letsyncrypt.js executed in 6.98 seconds
    !Module (../exec/letsyncrypt.js) set exit_code: 1

    JavaScript: Destroying context
    JavaScript: Destroying runtime

    Returning error code: 1

    I've tried -force and -revoke. Event tried putting the .ini back to "as if it had not run first time" and still get errors.

    Can anyone give me some pointers on how to get it working again?

    Sounds like the [Domains] section of your ctrl/letsyncrpt.ini file has missing or incorrect paths to your web/root dir.
    --
    digital man (rob)

    Synchronet/BBS Terminology Definition #72:
    SMTP = Simple Message Transfer Protocol
    Norco, CA WX: 58.2øF, 51.0% humidity, 3 mph ENE wind, 0.00 inches rain/24hrs --- SBBSecho 3.14-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Geo@1:103/705 to Digital Man on Fri Dec 31 13:39:51 2021
    Re: letsencrypt
    By: Digital Man to Geo on Wed Dec 22 2021 20:16:39

    Hi DM,

    Yep That fixed it. Thx heaps.

    I have no idea why it had reverted to pointing to the old web dir. I had it running from webv4 for months now.

    Thanks again.

    8-)





    Sounds like the [Domains] section of your ctrl/letsyncrpt.ini file has missing or incorrect paths to your
    web/root dir.

    ---
    þ Synchronet þ The Dungeon BBS - Risen from the Ashes! - Canberra, Australia. http://bbs.barnab
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)