TZUTC: -0700   
   MSGID: 53882.sync@1:103/705 2c4bd510   
   PID: Synchronet 3.20e-Linux master/e5927b5a3 Mar 25 2025 GCC 12.2.0   
   TID: SBBSecho 3.24-Linux master/ad9ab307f Mar 18 2025 GCC 12.2.0   
   COLS: 80   
   BBSID: MYSTRELM   
   CHRS: CP437 2   
   NOTE: FSEditor.js v1.105   
   Hello everyone. It feels a little nostalgic being here right now and composing   
   a message like this--that is NOT an email or FB messenger or texting, lol!   
      
   I used to run a Spitfire BBS back in the 80s and 90s called the Mystical Realm   
   BBS with a secondary "Adults Only" node/board called "After Hours BBS" and a   
   collaborative BBS called The Road House. I had Fido-Net and Circuit-Net setup   
   and had a lot of fun running these along with all the doors, etc. Here I am   
   almost 40 years later wanting to get back into it. Sadly I am not able to get   
   my Spitfire board up and running unless I want to rock it like 2010, lol! Some   
   Turbo Pascal bug I imagine? Not to mention my Colorado Tape Backup of my BBS   
   is hosed. So, I've set up Sync 3.20e on an old Ubiquiti NVR appliance PC   
   running Debian 12.9 headless.   
      
   I've gotten so far as to have set myself up as the Sysop and a guest user in   
   this 2025 redux of Mystical Realm BBS, I still have a lot of configuring to   
   do, ANSI screens to build, Doors to install, etc. I think I have Dove-Net set   
   up properly? What I had been struggling with was setting up my SSL certificate   
   so that traffic to mysticalrealmbbs.com whould be wrapped in an encrypted   
   session. I could connect to port 80 just fine and telnet in just fine. I moved   
   Sync SSH to port 2222 for now, (though I am thinking about moving it back to   
   22 and moving my "admin the box" port to 2222 for normal ssh sessions). I   
   tried to follow the documentation at:   
      
   https://wiki.synchro.net/module:letsyncrypt   
      
   ...but could not get Let's Encrypt to work either. So I then attempted to get   
   a SSL cert installed like I would normally do when I set up a regular website,   
   but I had issues there as well. I tried to follow the documentation found at:   
      
   https://wiki.synchro.net/module:certtool   
      
   ...so, through some trial and error I was able to get my cert installed, but I   
   want to confirm whether or not this was proper or if there was a better way to   
   set this up? So I came up with the following documation for myself in case I   
   need to redo my setup at any time:   
      
   -------------------------------------------------------------------------   
   Synchronet BBS: Setting Up SSL with a PositiveSSL Certificate (Namecheap)   
      
   This guide documents the steps I took to generate and install a PositiveSSL   
   certificate (from Namecheap) on a Synchronet BBS instance, bypassing some   
   limitations and/or issues (or my inexperience) that I was encountering with   
   certtool.js and therefore arrived at this working manual alternative. I had   
   looked over the documentation at https://wiki.synchro.net/module:certtool   
      
   I was unable to get the LetSyncrypt client (documented at https:   
   /wiki.synchro.net/module:letsyncrypt) working so undid/removed my timed event   
   setup based on those instructions and proceeded with the steps below.   
      
   Step 1: Generate a Certificate Signing Request (CSR)   
      
   I ran the following command to generate a CSR and private key using   
   Synchronet's certtool.js:   
      
   /sbbs/exec/jsexec /sbbs/exec/certtool.js --csr --domain mysticalrealmbbs.com   
   --domain www.mysticalrealmbbs.com > /sbbs/csr.pem   
      
   - This created a CSR at /sbbs/csr.pem. (perhaps I should have stuck it in   
   /sbbs/ctrl/csr.pem?)   
   - It also generated a private key saved as /sbbs/ctrl/cryptlib.key.   
      
   Step 2: Submit CSR to Namecheap   
      
   1. I then went into my Namecheap account, activated my SSL.   
   2. I was prompted to submit the contents of /sbbs/csr.pem to generate my   
   PositiveSSL certificate.   
   3. After verification (using the cname method), Namecheap provided two files:   
       - mysticalrealmbbs_com.crt (your SSL certificate)   
       - mysticalrealmbbs_com.ca-bundle (intermediate certificate chain)   
      
   Step 3: Combine Certificate and CA Bundle   
      
   I combined my certificate and bundle into a single file:   
      
   cat mysticalrealmbbs_com.crt mysticalrealmbbs_com.ca-bundle > /s   
   bs/ctrl/bbs.crt   
      
   This is the full certificate chain that I surmise Synchronet is expecting.   
      
   Step 4: Prepare the Private Key   
      
   Since I generated the CSR with certtool.js, my private key was already located   
   at:   
      
   /sbbs/ctrl/cryptlib.key   
      
   I copied it for use with the new cert:   
      
   cp /sbbs/ctrl/cryptlib.key /sbbs/ctrl/bbs.key   
      
   Step 5: Update Synchronet Configuration (sbbs.ini)   
      
   I manually edited sbbs.ini (i.e. nano /sbbs/ctrl/sbbs.ini) and configured SSL   
   (adding) for the appropriate services. For example, for HTTPS:   
      
   [web]   
   Secure = true   
   CertificateFile = bbs.crt   
   KeyFile = bbs.key   
      
   Repeat this block for [ftp], [telnet], etc. if desired.   
      
   Step 6: Set File Permissions   
      
   Make sure the certificate and key are only readable by the Synchronet user:   
      
   chmod 600 /sbbs/ctrl/bbs.*   
   chown sbbs:sbbs /sbbs/ctrl/bbs.*   
      
   Step 7: Restart Synchronet   
      
   Restart your BBS to apply the changes:   
      
   sudo systemctl restart sbbs   
      
   Notes and Troubleshooting   
      
   - Why not use certtool.js --import?   
     - This method failed to create expected .crt or .cert files during testing.   
     - The key format generated by Cryptlib may be incompatible with OpenSSL   
   tools, but is accepted by Synchronet directly.   
      
   - Verifying key and cert match (optional):   
     If needed, you can check that your private key and cert match using OpenSSL   
   (only works with compatible key formats):   
      
     openssl rsa -in /sbbs/ctrl/bbs.key -modulus -noout | sha256sum   
     openssl x509 -in /sbbs/ctrl/bbs.crt -modulus -noout | sha256sum   
      
     If the hashes match, the key and cert pair correctly. But I beleve that   
   certtool.js is using a different format to generte the key.   
      
   TL;DR / Summary   
      
   This document outlines a full working process for integrating a third-party   
   SSL certificate with Synchronet BBS, including fallback steps when the   
   built-in certtool.js import process does not succeed.   
      
   Submitted for review and feedback by Digital Man and the Synchronet community.   
      
   ---   
    þ Synchronet þ Mystical Realm BBS - mysticalrealmbbs.com   
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)   
   SEEN-BY: 10/0 1 102/401 103/1 17 705 105/81 106/201 124/5016 128/187   
   SEEN-BY: 153/7715 154/110 218/0 1 215 601 700 840 860 880 226/30 227/114   
   SEEN-BY: 229/110 114 206 317 400 426 428 470 550 700 705 266/512 280/464   
   SEEN-BY: 291/111 301/1 320/219 322/757 342/200 396/45 460/58 633/280   
   SEEN-BY: 712/848 902/26 5075/35   
   PATH: 103/705 218/700 229/426