Differences

This shows you the differences between two versions of the page.

--- module:letsyncrypt [2018/12/24 17:15] – [Setup] Don't use the staging server by default (thanks, Nelgin!) digital man
+++ module:letsyncrypt [2026/03/13 19:42] (current) – [LetSyncrypt - Let's Encrypt Client] Clarify that working HTTP over TCP port 80 is a prereq digital man
@@ Line 1: / Line 1: @@
-====== LetSyncrypt ======
+====== LetSyncrypt - Let's Encrypt Client ======
 LetSyncrypt is a [[https://letsencrypt.org/|Let's Encrypt]] client for Synchronet which uses the ACMEv2 protocol.
-===== Setup =====
+//Let's Encrypt// is an Internet Certificate Authority that issues **free** certificates that may be used with Synchronet TLS (e.g. HTTPS).
+If you don't want to use the default generated and self-signed SSL/TLS certificate (''ctrl/ssl.cert''), use of this module is the solution.
+You **do not** need to create an account with Let's Encrypt to use this module and get a valid/signed certificate.
+**NOTE:**
+The Synchronet [[server:Web]] Server must be enabled and operational (e.g. publicly reachable via **HTTP on TCP port 80**) for this module to work.
+This method of auto-certificate generation/renewal requires inbound TCP Port 80 to be open to the internet to allow Let's Encrypt servers to verify keys via ACMEv2 protocol.
+===== Install =====
 LetSyncrypt should be added as a timed event.
@@ Line 24: / Line 34: @@
 Background Execution            No
 Always Run After Init/Re-init   Yes
+Error Log Level                 Error
 </file>
-If you have multiple domain names, you can have LetSyncrypt put them all in a single certificate, even if you have virtual hosts.  Edit the ''[[dir:ctrl]]/letsyncrypt.ini'' file and add a [Domains] section where the key is the hostname, and the value is the web root for that domain:
+===== Configure =====
-<file>
+LetSyncrypt is configured via the ''[[dir:ctrl]]/[[https://gitlab.synchro.net/main/sbbs/-/blob/master/ctrl/letsyncrypt.ini?ref_type=heads|letsyncrypt.ini]]'' file.
-[Domains]
-nix.synchro.net=/sbbs/web/root
+You must indicate that you agree to the Let's Encrypt Terms of Service by setting ''TOSAgreed = true'' in this file. For most installations, this will be the **only** change needed to this file.
-home.bbsdev.net=/sbbs/web/root
-gallery.bbsdev.net=/sbbs/web/root/gallery.bbsdev.net
+You can specify the ACMEv2 endpoint using the ''Host'' and ''Directory'' keys in the [[config:ini_files#root_section|root section]] of this file.  ''Host'' is the domain name of the ACMEv2 endpoint, and ''Directory'' is appended to it to generate the URL that is fetched for the Directory object.
-pics.bbsdev.net=/sbbs/web/root/pics.bbsdev.net
+You may change the email address used for the account with the SysopEmail key (defaults to to the sysop email address on the BBS)
+<file ini>
+Host = acme-v02.api.letsencrypt.org
+Directory = /directory
+TOSAgreed = true
+GroupReadableKeyFile = false
+SysopEmail = sysop@example.com
 </file>
-This example has four domains (nix.synchro.net, home.bbsdev.net, gallery.bbsdev.net, and pics.bbsdev.net).  The last two are virtual hosts, so have their web root as a subdirectory of the main web root.
+Note that without setting ''TOSAgreed = true'', you will likely never get a certificate, but the first few words in this file at present are "This Subscriber Agreement (“Agreement”) is a legally binding contract".
-You can specify the ACMEv2 endpoint using the ''Host'' and ''Directory'' keys in the [[config:ini_files#root_section|root section]].  ''Host'' is the domain name of the ACMEv2 endpoint, and ''Directory'' is appended to it to generate the URL that is fetched for the Directory object.  You can also indicate that you agree to the Terms of Service by setting TOSAgreed to true.
+Do not modify the ''[State]'' or ''[key_id]'' sections of this file.
-<file>
+==== Domains ====
-Host=acme-v02.api.letsencrypt.org
-Directory=/directory
+If you have multiple domain names, you can have LetSyncrypt put them all in a single certificate, even if you have virtual hosts.  Edit the ''[[dir:ctrl]]/letsyncrypt.ini'' file and add a ''[Domains]'' section (if it doesn't already exist) and a key for each hostname with the value of the web root for that domain:
-TOSAgreed=true
+<file ini>
+[Domains]
+yourbbs.synchro.net = /sbbs/webv4/root
+nix.synchro.net = /sbbs/web/root
+home.bbsdev.net = /sbbs/web/root
+gallery.bbsdev.net = /sbbs/web/root/gallery.bbsdev.net
+pics.bbsdev.net = /sbbs/web/root/pics.bbsdev.net
 </file>
-Note that without the TOSAgreed=true line, you will likely never get a certificate, but the first few words in this file at present are "This Subscriber Agreement (“Agreement”) is a legally binding contract"
+This example has five domains (yourbbs.synchro.net, nix.synchro.net, home.bbsdev.net, gallery.bbsdev.net, and pics.bbsdev.net).  The last two are virtual hosts, so have their web root as a subdirectory of the main [[server:web]] root.
-Do not modify the ''State'' or ''key_id'' sections of this file.
+If you only have one domain and it's configured correctly either in [[util:SCFG]]->Network->Internet E-mail and/or your ''[[dir:ctrl]]/[[config:sbbs.ini]]'' file, then you don't need the ''[Domains]'' section.
 ===== Running Manually =====
-You can also run the script using jsexec.  It accepts a number of arguments:
+You can also run the LetSyncrypt script using [[util:jsexec]].  It accepts a number of arguments:
 ''%%--new-key%%'' Changes the account key
@@ Line 63: / Line 89: @@
 ===== See Also =====
-  * [[:module:|module index]]
+  * [[:module:|Modules]]
+  * [[certtool|Synchronet Certificate Tool]]
-{{tag>}}
+{{tag>tls ssl cert https crypt jsutil}}

Trace: • LetSyncrypt - Let's Encrypt Client

Differences

Navigation

Search

Toolbox