home bbs files messages ]

Just a sample of the Echomail archive

Cooperative anarchy at its finest, still active today. Darkrealms is the Zone 1 Hub.

   SYNC_SYSOPS      Synchronet Multinode BBS Software Suppor      33,243 messages   

[   << oldest   |   < older   |   list   |   newer >   |   newest >>   ]

   Message 32,677 of 33,243   
   Mojo to All   
   Re: How do I install an Lets Encrypt Ce   
   06 Nov 25 22:59:16   
   
   TZUTC: -0400   
   MSGID: 58802.sync_sys@1:103/705 2d73c3dc   
   REPLY: 58801.sync_sys@1:103/705 2d735aae   
   PID: Synchronet 3.21a-Linux master/c1820d521 Oct 31 2025 GCC 12.2.0   
   TID: SBBSecho 3.31-Linux master/d39e01091 Nov 03 2025 GCC 12.2.0   
   BBSID: OVERFIT   
   CHRS: ASCII 1   
   FORMAT: flowed   
   On Thu, 6 Nov 2025 16:36:13 -0800   
   "Digital Man" (VERT)  wrote:   
      
   >   Re: How do  I install an Lets Encrypt Certificate.   
   >   By: Mojo to DOVE-Net.Synchronet_Sysops on Thu Nov 06 2025 11:50 am   
   >    
   >  > Hi all,   
   >    
   >  > I am trying to install a lets encrypt certificate generated via   
   >  > certbot that comes with debian/ubuntu.   
   >    
   >  > It gives me the following files   
   >  > cert.pem   
   >  > chain.pem   
   >  > fullchain.pem (a combination of the previous two it looks like)   
   >  > privkey.pam   
   >    
   >  > I disabled the generate self-signed key in scfg.  But I left both   
   >  > cryptlib.key and ssl.cert in place.   
   >    
   >  > Things that i have tried.   
   >  > 1.   
   >  > jsexec certtool --import ./fullchain.pem   
   >  > result: "!JavaScript  /home/synchronet/sbbs/exec/certtool.js line   
   >  > 70: Error: CryptLib error -43"   
   >    
   > cryptlib.h:#define CRYPT_ERROR_NOTFOUND ( -43 ) /* Requested item not   
   > found in object */   
   >    
   > I'd try that again with a different/bogus path to the pem file to see   
   > if the error changes (i.e. it's complaining about an object *within*   
   > the file instead of the file itself).   
      
   Yes I tried that and it fails with bogus paths too.   
   ```   
   if (argv.indexOf('--import') > -1) {   
   	ks = new CryptKeyset(csr_fname,   
   CryptKeyset.KEYOPT.READONLY);	   
   	rsa = ks.get_private_key("ssl_cert", syspass);   
   	ks.close();   
      
   	i = argv.indexOf('--import') + 1;   
   	if (i>=argc)   
   		throw("No cert filename specified");   
   	f = new File(argv[i]);   
   	if (!f.open("rb"))   
   		throw("Unable to open "+f.name);   
   	cert = f.read();   
   	f.close();   
   	cert = ACMEv2.prototype.create_pkcs7(cert);   
   	cert = new CryptCert(cert);   
   	//cert.check();   
      
   	for (i=0; i < 10; i++) {   
   		if (file_remove(sks_fname))   
   			break;   
   		mswait(100);   
   	}   
   	if (i == 10)   
   		throw("Unable to delete file "+sks_fname);   
      
   	ks = new CryptKeyset(sks_fname, CryptKeyset.KEYOPT.CREATE);   
   	ks.add_private_key(rsa, syspass);   
   	ks.add_public_key(cert);   
   	ks.close();   
   	print("Certificate imported, delete "+csr_fname+" after   
   	verifying.");   
   	file_touch(recycle_sem);   
   }   
   ```   
      
   see there?  Its looking for a csr file in the ctrl dir. Not sure why it   
   is doing that for just importing a cert. Or maybe certtool isn't meant   
   to just import a plain pem file.  I think the tool itself is not for   
   this use case.  I was looking at the letsyncript and that to see if i   
   can hack something simple together that can genearte a ssl.cert in   
   the format that sbbs expects (from exiting fullchain.pem and   
   privkey.pem) to replae the self generated one in ctrl.   
      
      
      
   >    
   >  > The fullchain.pem looks the same as the example here   
   >  > https://wiki.synchro.net/module:certtool   
   >    
   > That's promising.   
   >    
   >  > 2.   
   >  > I tried adding the folloing to the bottom of the [Mail] section in   
   >  > sbbs.ini:   
   >  >      Secure = true   
   >  >      CertificateFile = ./ssl_certs/fullchain.pem   
   >  >      KeyFile = ./cryptlib.key   
   >    
   > Those keys don't seem to be supported or documented anywhere. How'd   
   > you come up with that?   
   >    
   I saw them here so just tried them.   
   https://nettwerked.synchronetbbs.org/?page=001-forum.ssjs&sub=do   
   e-syncdisc&thread=1575   
      
   >  > result: cannot connenct to port 995   
   >    
   > That just suggests that your TCP port 995 isn't open or sbbs isn't   
   > listening on it. The [mail] Options TLS_POP3 option must be included   
   > (which is by default) and the TLSPOP3Port option must be set to 995   
   > (also the default) and your sbbs log output (e.g. syslog) would tell   
   > if if it's in fact listening on that port or not. This is completely   
   > unrelated to any certificate or key file.   
   Its failing due to the keys I added to the [Mail] section.     
   *** SSL/TLShandshake failed ***   
   I was attempting to see if sbbs would accept a straight cert and key   
      
   ---   
    * Synchronet * Overfit! Bringing back the golden era of BBS Networking.   
   [telnet://playmate.dynu   
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)   
   SEEN-BY: 10/0 1 102/401 103/1 13 17 705 105/81 106/201 124/5016 128/187   
   SEEN-BY: 129/14 153/7715 154/110 214/22 218/0 1 215 601 610 700 840   
   SEEN-BY: 218/860 880 226/30 227/114 229/110 112 206 317 400 426 428   
   SEEN-BY: 229/470 700 705 266/512 280/464 291/111 301/1 320/219 322/757   
   SEEN-BY: 342/200 396/45 460/58 633/280 712/848 902/26 5075/35   
   PATH: 103/705 218/700 229/426   
      

[   << oldest   |   < older   |   list   |   newer >   |   newest >>   ]


(c) 1994,  bbs@darkrealms.ca