This is an old revision of the document!
Table of Contents
LetSyncrypt
LetSyncrypt is a Let's Encrypt client for Synchronet which uses the ACMEv2 protocol.
Setup
LetSyncrypt should be added as a timed event.
Add the Timed Event in SCFG->External Programs->Timed Events:
Internal Code SYNCRYPT Start-up Directory Command Line ?letsyncrypt.js Enabled Yes Execution Node 1 Execution Months Any Execution Days of Month Any Execution Days of Week All Execution Frequency 1 times a day Requires Exclusive Execution No Force Users Off-line For Event No Native Executable No Use Shell to Execute No Background Execution No Always Run After Init/Re-init Yes
If you have multiple domain names, you can have LetSyncrypt put them all in a single certificate, even if you have virtual hosts. Edit the ctrl/letsyncrypt.ini
file and add a [Domains] section where the key is the hostname, and the value is the web root for that domain:
[Domains] nix.synchro.net=/sbbs/web/root home.bbsdev.net=/sbbs/web/root gallery.bbsdev.net=/sbbs/web/root/gallery.bbsdev.net pics.bbsdev.net=/sbbs/web/root/pics.bbsdev.net
This example has four domains (nix.synchro.net, home.bbsdev.net, gallery.bbsdev.net, and pics.bbsdev.net). The last two are virtual hosts, so have their web root as a subdirectory of the main web root.
You can specify the ACMEv2 endpoint using the Host
and Directory
global keys. Host
is the domain name of the ACMEv2 endpoint, and Directory
is appended to it to generate the URL that is fetched for the Directory object. You can also indicate that you agree to the Terms of Service by setting TOSAgreed to true.
Host=acme-staging-v02.api.letsencrypt.org Directory=/directory TOSAgreed=true
Note that without the TOSAgreed=true line, you will likely never get a certificate, but the first few words in this file at present are “This Subscriber Agreement (“Agreement”) is a legally binding contract”
Do not modify the State
or key_id
sections of this file.
Running Manually
You can also run the script using jsexec. It accepts a number of arguments:
--new-key
Changes the account key
--force
Forces a certificate renewal, ignoring the expiration date of the current certificate.
--revoke
Revokes the current certificate, then obtains a new one.
--tos
Prints the URL for the Terms of Service.
Important Caveat
At present (February 27, 2018), Let's Encrypt does not support ACMEv2 for trusted certificates. The server was expected to go live on February 27, 2018, but it was delayed. Once it goes live, letsyncrypt.js will be updated to use the newly announced server (likely acme-v02.api.letsencrypt.org). Until then, installed certificates will not be trusted, being issued by the staging server, signed by “Fake LE Intermediate X1”.