| Both sides previous revisionPrevious revisionNext revision | Previous revision |
| module:letsyncrypt [2024/05/24 13:14] – [Configure] Fix the link text (back to how it was) digital man | module:letsyncrypt [2026/03/13 19:42] (current) – [LetSyncrypt - Let's Encrypt Client] Clarify that working HTTP over TCP port 80 is a prereq digital man |
|---|
| If you don't want to use the default generated and self-signed SSL/TLS certificate (''ctrl/ssl.cert''), use of this module is the solution. | If you don't want to use the default generated and self-signed SSL/TLS certificate (''ctrl/ssl.cert''), use of this module is the solution. |
| |
| **NOTE:** This method of auto-certificate generation/renewal requires inbound TCP Port 80 to be open to the internet to allow Let's Encrypt servers to verify keys via ACMEv2 protocol. | You **do not** need to create an account with Let's Encrypt to use this module and get a valid/signed certificate. |
| | |
| | **NOTE:** |
| | The Synchronet [[server:Web]] Server must be enabled and operational (e.g. publicly reachable via **HTTP on TCP port 80**) for this module to work. |
| | This method of auto-certificate generation/renewal requires inbound TCP Port 80 to be open to the internet to allow Let's Encrypt servers to verify keys via ACMEv2 protocol. |
| |
| ===== Install ===== | ===== Install ===== |
| Background Execution No | Background Execution No |
| Always Run After Init/Re-init Yes | Always Run After Init/Re-init Yes |
| | Error Log Level Error |
| </file> | </file> |
| |
| LetSyncrypt is configured via the ''[[dir:ctrl]]/[[https://gitlab.synchro.net/main/sbbs/-/blob/master/ctrl/letsyncrypt.ini?ref_type=heads|letsyncrypt.ini]]'' file. | LetSyncrypt is configured via the ''[[dir:ctrl]]/[[https://gitlab.synchro.net/main/sbbs/-/blob/master/ctrl/letsyncrypt.ini?ref_type=heads|letsyncrypt.ini]]'' file. |
| |
| You must indicate that you agree to the Let's Encrypt Terms of Service by setting ''TOSAgreed = true'' in this file. | You must indicate that you agree to the Let's Encrypt Terms of Service by setting ''TOSAgreed = true'' in this file. For most installations, this will be the **only** change needed to this file. |
| |
| You can specify the ACMEv2 endpoint using the ''Host'' and ''Directory'' keys in the [[config:ini_files#root_section|root section]] of this file. ''Host'' is the domain name of the ACMEv2 endpoint, and ''Directory'' is appended to it to generate the URL that is fetched for the Directory object. | You can specify the ACMEv2 endpoint using the ''Host'' and ''Directory'' keys in the [[config:ini_files#root_section|root section]] of this file. ''Host'' is the domain name of the ACMEv2 endpoint, and ''Directory'' is appended to it to generate the URL that is fetched for the Directory object. |
| |
| This example has five domains (yourbbs.synchro.net, nix.synchro.net, home.bbsdev.net, gallery.bbsdev.net, and pics.bbsdev.net). The last two are virtual hosts, so have their web root as a subdirectory of the main [[server:web]] root. | This example has five domains (yourbbs.synchro.net, nix.synchro.net, home.bbsdev.net, gallery.bbsdev.net, and pics.bbsdev.net). The last two are virtual hosts, so have their web root as a subdirectory of the main [[server:web]] root. |
| | |
| | If you only have one domain and it's configured correctly either in [[util:SCFG]]->Network->Internet E-mail and/or your ''[[dir:ctrl]]/[[config:sbbs.ini]]'' file, then you don't need the ''[Domains]'' section. |
| |
| ===== Running Manually ===== | ===== Running Manually ===== |
