TZUTC: -0800   
   MSGID: 58801.sync_sys@1:103/705 2d735aae   
   REPLY: 58800.sync_sys@1:103/705 2d731b17   
   PID: Synchronet 3.21a-Linux master/d39e01091 Nov 03 2025 GCC 12.2.0   
   TID: SBBSecho 3.31-Linux master/d39e01091 Nov 03 2025 GCC 12.2.0   
   COLS: 80   
   BBSID: VERT   
   CHRS: CP437 2   
   FORMAT: flowed   
   NOTE: FSEditor.js v1.105   
     Re: How do  I install an Lets Encrypt Certificate.   
     By: Mojo to DOVE-Net.Synchronet_Sysops on Thu Nov 06 2025 11:50 am   
      
    > Hi all,   
    >   
    > I am trying to install a lets encrypt certificate generated via certbot   
    > that comes with debian/ubuntu.   
    >   
    > It gives me the following files   
    > cert.pem   
    > chain.pem   
    > fullchain.pem (a combination of the previous two it looks like)   
    > privkey.pam   
    >   
    > I disabled the generate self-signed key in scfg.  But I left both   
    > cryptlib.key and ssl.cert in place.   
    >   
    > Things that i have tried.   
    > 1.   
    > jsexec certtool --import ./fullchain.pem   
    > result: "!JavaScript  /home/synchronet/sbbs/exec/certtool.js line 70:   
    > Error: CryptLib error -43"   
      
   cryptlib.h:#define CRYPT_ERROR_NOTFOUND ( -43 ) /* Requested item not found in   
   object */   
      
   I'd try that again with a different/bogus path to the pem file to see if the   
   error changes (i.e. it's complaining about an object *within* the file instead   
   of the file itself).   
      
    > The fullchain.pem looks the same as the example here   
    > https://wiki.synchro.net/module:certtool   
      
   That's promising.   
      
    > 2.   
    > I tried adding the folloing to the bottom of the [Mail] section in   
    > sbbs.ini:   
    >      Secure = true   
    >      CertificateFile = ./ssl_certs/fullchain.pem   
    >      KeyFile = ./cryptlib.key   
      
   Those keys don't seem to be supported or documented anywhere. How'd you come   
   up with that?   
      
    > result: cannot connenct to port 995   
      
   That just suggests that your TCP port 995 isn't open or sbbs isn't listening   
   on it. The [mail] Options TLS_POP3 option must be included (which is by   
   default) and the TLSPOP3Port option must be set to 995 (also the default) and   
   your sbbs log output (e.g. syslog) would tell if if it's in fact listening on   
   that port or not. This is completely unrelated to any certificate or key file.   
   --    
                                               digital man (rob)   
      
   Synchronet "Real Fact" #129:   
   Vertrauen first started running Synchronet (switched from WWIV) in July of 1991   
   Norco, CA WX: 68.4øF, 65.0% humidity, 4 mph W wind, 0.00 inches rain/24hrs   
   --- SBBSecho 3.31-Linux   
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)   
   SEEN-BY: 10/0 1 102/401 103/1 13 17 705 105/81 106/201 124/5016 128/187   
   SEEN-BY: 129/14 153/7715 154/110 214/22 218/0 1 215 601 610 700 840   
   SEEN-BY: 218/860 880 226/30 227/114 229/110 112 206 317 400 426 428   
   SEEN-BY: 229/470 700 705 266/512 280/464 291/111 301/1 320/219 322/757   
   SEEN-BY: 342/200 396/45 460/58 633/280 712/848 902/26 5075/35   
   PATH: 103/705 218/700 229/426