1. Forum
  2. FidoNet
  3. SYNC SYSOPS

  • Lets Encrypt Certificate

    From Mark May@1:103/705 to All on Thu Feb 11 13:07:21 2021
    I've looked at the documentation and must be misunderstanding something. Can someone help me out with a few details. (this is on an ubuntu linux server)

    I have a letsencrypt certificate that supports a normal apache web server on ports80/443. The certifcate is in the normal /etc/letsencrypt/live/domain directory with cert.pem, chain.pem, fullchain.pem, and privkey.pem files.
    SBBS uses port 8080 for its web server. (Eventually, the main web site will have a folder redirect to port 8080)

    I used openssl pkcs12 -export -out cert.p12 -inkey privkey.pem -in fullchain.pem to create the p12 version of the certificate.

    after moving the file to make it accessible,

    I used jsexec certtool.js --import-pkcs12 cert.p12

    No errors, but I'm still getting unrecognized certificate authority errors when accessing via a wss connection.

    Any suggestions or clues to what I'm missing.

    Thanks
    Mark

    ---
    þ Synchronet þ Mythical Kingdom BBS
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Digital Man@1:103/705 to Mark May on Thu Feb 11 20:35:23 2021
    Re: Lets Encrypt Certificate
    By: Mark May to All on Thu Feb 11 2021 01:07 pm

    I used jsexec certtool.js --import-pkcs12 cert.p12

    No errors, but I'm still getting unrecognized certificate authority errors when accessing via a wss connection.

    See my previous post about Deuce at irc.synchro.net.
    --
    digital man

    Synchronet "Real Fact" #24:
    1584 Synchronet BBS Software registrations were sold between 1992 and 1996. Norco, CA WX: 53.3øF, 88.0% humidity, 2 mph ESE wind, 0.00 inches rain/24hrs --- SBBSecho 3.12-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Mark May@1:103/705 to Digital Man on Fri Feb 12 16:13:20 2021
    Re: Lets Encrypt Certificate
    By: Digital Man to Mark May on Thu Feb 11 2021 08:35 pm

    Re: Lets Encrypt Certificate
    By: Mark May to All on Thu Feb 11 2021 01:07 pm

    I used jsexec certtool.js --import-pkcs12 cert.p12

    No errors, but I'm still getting unrecognized certificate authority error when accessing via a wss connection.

    See my previous post about Deuce at irc.synchro.net.

    Thanks for the reply. I checked more closely and tried another approach (answer here, just in case anyone needs it), though. I found that the --import-pkcs12 option didn't exist in my version 3.18. Since it is on github, looks like it will be in the next release.

    Have to admit, I'm largely unfamiliar with the details of how certificates work

    What I ended up doing, was creating a symbolic link:

    ln -s /sbbs/web/root/.well-known /var/www/html/.wellknown

    After this the letsencrypt.js file successfully obtained and installed the certificate.

    ---
    þ Synchronet þ Mythical Kingdom BBS
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Tracker1@1:103/705 to Mark May on Sat Feb 13 18:53:48 2021
    On 2/11/2021 11:07 AM, Mark May wrote:
    I used jsexec certtool.js --import-pkcs12 cert.p12

    No errors, but I'm still getting unrecognized certificate authority errors when
    accessing via a wss connection.

    Any suggestions or clues to what I'm missing.

    Hadn't tried it yet myself... but Deuce was prety responsive on being
    able to import certs in JS, but not much testing...

    If you manage to get it working, should add an article to the wiki.
    --
    Michael J. Ryan (tracker1)
    +o roughneckbbs.com
    ---
    ï¿­ Synchronet ï¿­ Roughneck BBS - roughneckbbs.com
    --- SBBSecho 3.12-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)