Synchronet v3.17b-Win32 (install) has been released (Jan-2019).

New Synchronet YouTube channel

You can donate to the Synchronet project using PayPal.

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
module:letsyncrypt [2018/02/26 15:58]
deuce Document --revoke.
module:letsyncrypt [2019/12/07 15:12] (current)
digital man Added more clarifications regarding letsyncrypt.ini and moved stuff around.
Line 3: Line 3:
 LetSyncrypt is a [[https://​letsencrypt.org/​|Let'​s Encrypt]] client for Synchronet which uses the ACMEv2 protocol. LetSyncrypt is a [[https://​letsencrypt.org/​|Let'​s Encrypt]] client for Synchronet which uses the ACMEv2 protocol.
  
-===== Setup =====+===== Install ​=====
  
 LetSyncrypt should be added as a timed event. LetSyncrypt should be added as a timed event.
Line 26: Line 26:
 </​file>​ </​file>​
  
-If you have multiple domain names, you can have LetSyncrypt put them all in a single certificate,​ even if you have virtual hosts. ​ Edit the ''​[[dir:​ctrl]]/​letsyncrypt.ini''​ file and add a [Domains] section where the key is the hostname, and the value is the web root for that domain:+===== Configure =====
  
-<​file>​ +LetSyncrypt is configured via the ''​[[dir:ctrl]]/[[http://cvs.synchro.net/cgi-bin/viewcvs.cgi/ctrl/​letsyncrypt.ini|letsyncrypt.ini]]''​ file. 
-[Domains] + 
-nix.synchro.net=/sbbs/web/root +You must indicate that you agree to the Let's Encrypt Terms of Service by setting ''​TOSAgreed ​true''​ in this file. 
-home.bbsdev.net=/sbbs/web/root + 
-gallery.bbsdev.net=/sbbs/web/root/gallery.bbsdev.net +You can specify the ACMEv2 endpoint using the ''​Host''​ and ''​Directory''​ keys in the [[config:​ini_files#​root_section|root section]] of this file ''​Host''​ is the domain name of the ACMEv2 endpoint, and ''​Directory''​ is appended to it to generate the URL that is fetched for the Directory object  
-pics.bbsdev.net=/sbbs/​web/​root/​pics.bbsdev.net+ 
 +<file ini> 
 +Host = acme-v02.api.letsencrypt.org 
 +Directory ​= /directory 
 +TOSAgreed = true 
 +GroupReadableKeyFile = false
 </​file>​ </​file>​
  
-This example has four domains ​(nix.synchro.net,​ home.bbsdev.net,​ gallery.bbsdev.net,​ and pics.bbsdev.net).  The last two are virtual hosts, so have their web root as subdirectory of the main web root.+Note that without setting ''​TOSAgreed = true'',​ you will likely never get a certificate,​ but the first few words in this file at present are "This Subscriber Agreement ​(“Agreement”is legally binding contract"​.
  
-You can specify the ACMEv2 endpoint using the ''​Host'' ​and ''​Directory'' ​global keys.  ''​Host''​ is the domain name of the ACMEv2 endpoint, and ''​Directory''​ is appended to it to generate the URL that is fetched for the Directory object.+Do not modify ​the ''​[State]'' ​or ''​[key_id]'' ​sections ​of this file.
  
-<​file>​ +==== Domains ==== 
-Host=acme-staging-v02.api.letsencrypt.org + 
-Directory=/directory+If you have multiple domain names, you can have LetSyncrypt put them all in a single certificate,​ even if you have virtual hosts. ​ Edit the ''​[[dir:​ctrl]]/​letsyncrypt.ini''​ file and add a ''​[Domains]''​ section (if it doesn'​t already exist) and a key for each hostname with the value of the web root for that domain: 
 + 
 +<​file ​ini
 +[Domains] 
 +nix.synchro.net ​/​sbbs/​web/​root 
 +home.bbsdev.net = /​sbbs/​web/​root 
 +gallery.bbsdev.net = /​sbbs/​web/​root/​gallery.bbsdev.net 
 +pics.bbsdev.net ​= /sbbs/​web/​root/​pics.bbsdev.net
 </​file>​ </​file>​
  
-Do not modify the ''​State''​ or ''​key_id''​ sections ​of this file.+This example has four domains (nix.synchro.net,​ home.bbsdev.net,​ gallery.bbsdev.net,​ and pics.bbsdev.net). ​ The last two are virtual hosts, so have their web root as a subdirectory ​of the main [[server:​web]] root.
  
 ===== Running Manually ===== ===== Running Manually =====
  
-You can also run the script using jsexec. ​ It accepts a number of arguments:+You can also run the LetSyncrypt ​script using [[util:jsexec]].  It accepts a number of arguments:
  
 ''​%%--new-key%%''​ Changes the account key ''​%%--new-key%%''​ Changes the account key
Line 57: Line 69:
 ''​%%--revoke%%''​ Revokes the current certificate,​ then obtains a new one. ''​%%--revoke%%''​ Revokes the current certificate,​ then obtains a new one.
  
- +''%%--tos%%''​ Prints the URL for the Terms of Service.
-===== Important Caveat ===== +
- +
-At present (February 24, 2018), Let's Encrypt does not support ACMEv2 for trusted certificates. ​ The server is expected to go live on February 27, 2018.  On that date, letsyncrypt.js will be updated to use the newly announced server (likely acme-v02.api.letsencrypt.org). ​ Until then, installed certificates will not be trusted, being issued by the staging server, signed by “Fake LE Intermediate X1”.+
  
 ===== See Also ===== ===== See Also =====
-  * [[:module:|module index]]+  * [[:module:|Modules]]
  
-{{tag>}}+{{tag>tls ssl cert https crypt}}
  

In Other Languages