Forum: The Horizon BBS

Re: Letsencrypt work around?

From Altere@VERT/ATHEL to Mortifis on Sat Dec 14 15:28:30 2019

Re: Re: Letsencrypt work around?
By: Mortifis to Digital Man on Sat Dec 14 2019 05:30 pm

Woohoo, I finally got it working, on my Linuxbox, anyway, my windowsbox
runs sbbs WE ON 81/4443 but my test SBBS is running on 80/443.

1) shutdown the BBS
2) deleted the letsyncrypt.key and sll.cert files.
3) restarted sbsb
4) Deleted the entries in letsyncrypt.ini [Key_id] and [State]
5) re-ran jsexec letsyncrypt.js --force

... though it was showing as TLS error same as before it actually completed the script and created /sbbs/web/root/.well_known/acme-challenge and letsyncrypt.key, now when I connet via https it gives a secure connection!

I know the wiki says "Do not modify the [Key_id] and [State] sections, but the letsyncrypt.ini file I grabbed a while ago had the [Key_id] already filled in ... please consider adding a note that if the [Key_id] and
[State] is defined it will Error 400 JWS.

I followed the wiki, ended up still getting an unsigned cert but I had listed a second domain which came up with a valid cert. Clearing browser cache resolved the primary domain problem.

-altere

---
� Synchronet � Athelstan BBS � athelstan.org � telnet:23 | ssh:2222

From Altere@VERT/ATHEL to HusTler on Sat Dec 14 15:41:11 2019

Re: Re: Letsencrypt work around?
By: HusTler to Gamgee on Fri Dec 13 2019 08:30 am

There is no "workaround" required.
It only requires correct configuration.
You've been given MULTIPLE suggestions by MULTIPLE people, and
don't even bother responding that you received them, much less
tried them, and whether they worked or not. You don't even

I didn't reply because none of the suggestions worked. When something works I'll let everyone know it worked. I've followed everyone's instructions to the tee. My site is still insecure.

What's in your letsyncrypt.ini file?

Do you have a letsyncrypt.key and ssl.cert file in your ctrl dir?

-altere

---
� Synchronet � Athelstan BBS � athelstan.org � telnet:23 | ssh:2222

From Razor@VERT/SILENT to Mortifis on Sat Dec 14 12:56:00 2019

Re: Re: Letsencrypt work around?
By: Mortifis to Digital Man on Sat Dec 14 2019 05:30 pm

Woohoo, I finally got it working, on my Linuxbox, anyway, my windowsbox runs sbbs WE ON 81/4443 but my test SBBS is running on 80/443.
1) shutdown the BBS
2) deleted the letsyncrypt.key and sll.cert files.
3) restarted sbsb
4) Deleted the entries in letsyncrypt.ini [Key_id] and [State]
5) re-ran jsexec letsyncrypt.js --force

Does this now show as a real signed cert, not self-signed? Something that the documentation doesn't make clear is whether you should end up with a CA-signed cert. Mine is still showing self-signed at the moment.

Razor

---
� Synchronet � The Silent Strike - bbs.thesilentstrike.com

From Digital Man@VERT to Razor on Sun Dec 15 00:24:12 2019

Re: Re: Letsencrypt work around?
By: Razor to Mortifis on Sat Dec 14 2019 12:56 pm

Re: Re: Letsencrypt work around?
By: Mortifis to Digital Man on Sat Dec 14 2019 05:30 pm

Woohoo, I finally got it working, on my Linuxbox, anyway, my windowsbox runs sbbs WE ON 81/4443 but my test SBBS is running on 80/443.
1) shutdown the BBS
2) deleted the letsyncrypt.key and sll.cert files.
3) restarted sbsb
4) Deleted the entries in letsyncrypt.ini [Key_id] and [State]
5) re-ran jsexec letsyncrypt.js --force

Does this now show as a real signed cert, not self-signed? Something that the documentation doesn't make clear is whether you should end up with a CA-signed cert. Mine is still showing self-signed at the moment.

Let's Encrypt is a CA (certificate authority). The entire point of using letsyncrypt.js is get a certificate that is signed by Let's Encrypt. Without using Let's Encrypt (and letsyncrypt.js), you get an automatically generated self-signed certificate.

digital man

This Is Spinal Tap quote #16:
David St. Hubbins: I believe virtually everything I read...
Norco, CA WX: 50.1�F, 95.0% humidity, 0 mph SW wind, 0.00 inches rain/24hrs

---
� Synchronet � Vertrauen � Home of Synchronet � [vert/cvs/bbs].synchro.net

From Mortifis@VERT/ALLEYCAT to Razor on Mon Dec 16 11:39:15 2019

Re: Re: Letsencrypt work around?
By: Mortifis to Digital Man on Sat Dec 14 2019 05:30 pm

Woohoo, I finally got it working, on my Linuxbox, anyway, my

windowsbox

runs sbbs WE ON 81/4443 but my test SBBS is running on 80/443.
1) shutdown the BBS
2) deleted the letsyncrypt.key and sll.cert files.
3) restarted sbsb
4) Deleted the entries in letsyncrypt.ini [Key_id] and [State]
5) re-ran jsexec letsyncrypt.js --force

Does this now show as a real signed cert, not self-signed? Something

that

the documentation doesn't make clear is whether you should end up with

a

CA-signed cert. Mine is still showing self-signed at the moment.

Razor

The CA I received showed it was signed by letsyncrypt.org. I cannot get
a valid certificate on my production SBBS server because it is not
running on port 80/443, I ran that test on my production web server
system. I have since shutdown sbbs on my linuxbox so
alleycat.synchro.net has an invalid certificate again.

---
� Synchronet � AlleyCat! BBS - http://alleycat.synchro.net:81

From Razor@VERT/SILENT to Digital Man on Fri Dec 20 16:49:55 2019

That makes sense. I've figured out that my issue with not getting a cert that's signed by Let's Encrypt is likely related to my system not listening on port 80.
Here's the log that Let's Encrypt generated https://acme-v02.api.letsencrypt.org/acme/authz-v3/1823799891
It looks like it may be possible to tell the API to connect on an alternate port, possibly 9999 https://www.virtualmin.com/node/53385

Razor

---
� Synchronet � The Silent Strike - bbs.thesilentstrike.com

From Digital Man@VERT to Razor on Fri Dec 20 18:01:46 2019

Re: Re: Letsencrypt work around?
By: Razor to Digital Man on Fri Dec 20 2019 04:49 pm

That makes sense. I've figured out that my issue with not getting a cert that's signed by Let's Encrypt is likely related to my system not listening on port 80.
Here's the log that Let's Encrypt generated https://acme-v02.api.letsencrypt.org/acme/authz-v3/1823799891
It looks like it may be possible to tell the API to connect on an alternate port, possibly 9999 https://www.virtualmin.com/node/53385

Looks to me like they're just using a proxy. Unless you actually control the server already running on port 80, you can't do that. And if you do control the server on port 80, then can either change it to a different port temporarily so the Synchronet server can run on port 80 or better yet, just create a symlink to your Synchronet web server root dir where the challenge/response for Let's Encrypt will be placed.

If you don't control the web server running on port 80, I don't know that there is any work-around.

digital man

Synchronet/BBS Terminology Definition #20:
DOS = Disk Operating System (as in PC-DOS and MS-DOS)
Norco, CA WX: 63.3�F, 26.0% humidity, 0 mph W wind, 0.00 inches rain/24hrs

---
� Synchronet � Vertrauen � Home of Synchronet � [vert/cvs/bbs].synchro.net

Who's Online
Recent Visitors
- Chewbacca
  Thu May 8 19:11:35 2025
  from Bhc, Az via Telnet
- Chewbacca
  Thu May 8 18:27:46 2025
  from Bhc, Az via Telnet
- NJMCdirect
  Thu May 8 04:46:43 2025
  from florida via HTTPS
- STD267562
  Thu May 8 03:26:17 2025
  from Manchester via HTTPS

System Info

Sysop:	Chris Crash
Location:	Huntington Beach, CA.
Users:	611
Nodes:	8 (0 / 8)
Uptime:	32:46:45
Calls:	10,849
Files:	5
Messages:	505,095