This is an old revision of the document!


LetSyncrypt

LetSyncrypt is a Let's Encrypt client for Synchronet which uses the ACMEv2 protocol.

Setup

LetSyncrypt should be added as a timed event.

Add the Timed Event in SCFG->External Programs->Timed Events:

Internal Code                   SYNCRYPT
Start-up Directory
Command Line                    ?letsyncrypt.js
Enabled                         Yes
Execution Node                  1
Execution Months                Any
Execution Days of Month         Any
Execution Days of Week          All
Execution Frequency             1 times a day
Requires Exclusive Execution    No
Force Users Off-line For Event  No
Native Executable               No
Use Shell to Execute            No
Background Execution            No
Always Run After Init/Re-init   Yes

If you have multiple domain names, you can have LetSyncrypt put them all in a single certificate, even if you have virtual hosts. Edit the ctrl/letsyncrypt.ini file and add a [Domains] section where the key is the hostname, and the value is the web root for that domain:

[Domains]
nix.synchro.net=/sbbs/web/root
home.bbsdev.net=/sbbs/web/root
gallery.bbsdev.net=/sbbs/web/root/gallery.bbsdev.net
pics.bbsdev.net=/sbbs/web/root/pics.bbsdev.net

This example has four domains (nix.synchro.net, home.bbsdev.net, gallery.bbsdev.net, and pics.bbsdev.net). The last two are virtual hosts, so have their web root as a subdirectory of the main web root.

You can specify the ACMEv2 endpoint using the Host and Directory global keys. Host is the domain name of the ACMEv2 endpoint, and Directory is appended to it to generate the URL that is fetched for the Directory object.

Host=acme-staging-v02.api.letsencrypt.org
Directory=/directory

Do not modify the State or key_id sections of this file.

Running Manually

You can also run the script using jsexec. It accepts a number of arguments:

--new-key Changes the account key

--force Forces a certificate renewal, ignoring the expiration date of the current certificate.

--revoke Revokes the current certificate, then obtains a new one.

Important Caveat

At present (February 27, 2018), Let's Encrypt does not support ACMEv2 for trusted certificates. The server was expected to go live on February 27, 2018, but it was delayed. Once it goes live, letsyncrypt.js will be updated to use the newly announced server (likely acme-v02.api.letsencrypt.org). Until then, installed certificates will not be trusted, being issued by the staging server, signed by “Fake LE Intermediate X1”.

See Also

module/letsyncrypt.1519712470.txt · Last modified: 2018/02/26 22:21 by deuce
Back to top
CC Attribution 4.0 International
Driven by DokuWiki Recent changes RSS feed Valid CSS Valid XHTML 1.0