1. Forum
  2. FidoNet
  3. SYNC SYSOPS

  • Unable to figure out how to create ssl.cert

    From Sam Alexander@1:103/705 to Digital Man on Mon Jul 7 21:01:47 2025
    Re: Unable to figure out how to create ssl.cert
    By: Digital Man to Sam Alexander on Mon Jul 07 2025 10:34 am

    You'd mentioned the ssl.cert should've been created automatically, but I didn't have it after I built SBBS.

    The ctrl/cryptlib.key (private key) and ctrl/cert.ssl (self-signed cert) files are automatically created when you *run* (not build) SBBS. Do you have the cryptlib.key file? Note: If you
    change your system password, these files have to be recreated.

    I don't have /sbbs/ctrl/ssl.cert even after stopping and restarting SBBS, but I do have /sbbs/ctrl/cryptlib.key. I get these often in my sbbs logs.
    7/7 20:13:52 mail Failed to open/read TLS certificate: /sbbs/ctrl/ssl.cert

    Also I'm trying to use letsyncrypt, and trying to generate a new key: /sbbs/exec/jsexec letsyncrypt --new-key

    I see in the logs where Let's Encrypt tries to read into the web server and pull out the file for authenticate, but the file doesn't exist. I have /sbbs/web/root/.well-known/acme-challenge/ but apparently the js isn't creating the file for Let's Encrypt to find.

    7/7 20:50:50 web 0011 HTTP [23.178.112.213] Connection accepted on 192.168.4.109 port 80 from port 37161
    7/7 20:50:50 web 0011 HTTP [23.178.112.213] Request 1: GET /.well-known/acme-challenge/b1NbeFUniIxhs2GGS_64fM91UKqr2fgDsgmRwJLEgaU HTTP/1.1
    7/7 20:50:50 web 0011 HTTP [23.178.112.213] User-Agent: Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)
    7/7 20:50:50 web 0011 HTTP [23.178.112.213] !ERROR: 404 Not Found (line 4031) request: /.well-known/acme-challenge/b1NbeFUniIxhs2GGS_64fM91UKqr2fgDsgmRwJLEgaU
    7/7 20:50:51 web 0011 HTTP [23.178.112.213] Session thread terminated after 1 requests (0 clients and 2 threads remain, 27 served, 6 concurrently)

    For this the script fails:
    JSexec v3.21a-Linux master/40daa513e - Execute Synchronet JavaScript Module Compiled Jul 03 2025 19:17 with GCC 13.3.0

    Loading configuration files from /sbbs/ctrl
    JavaScript-C 1.8.5 2011-03-31
    JavaScript: Creating runtime: 167772160 bytes

    Reading script from /sbbs/exec/letsyncrypt.js
    /sbbs/exec/letsyncrypt.js compiled in 0.00 seconds
    !JavaScript /sbbs/exec/load/acmev2.js line 307: Error: keyChange did not return 200
    /sbbs/exec/letsyncrypt.js executed in 1.73 seconds
    !Module (letsyncrypt) set exit_code: 1

    JavaScript: Destroying context
    JavaScript: Destroying runtime

    Returning error code: 1

    So either route i'm not having much luck getting the certs setup for email. I even ran chmod 775 on /.well-known/acme-challenge folders which I'm running the jsexec as my sbbs user, owner of the sbbs folder, so I don't think it's a permissions thing. Thanks for any advise.

    ---
    þ Synchronet þ -==[ Totally Nerd BBS ]==- (Work in Progress) - totallynerd.com
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Digital Man@1:103/705 to Sam Alexander on Mon Jul 7 21:13:53 2025
    Re: Unable to figure out how to create ssl.cert
    By: Sam Alexander to Digital Man on Mon Jul 07 2025 09:01 pm

    Re: Unable to figure out how to create ssl.cert
    By: Digital Man to Sam Alexander on Mon Jul 07 2025 10:34 am

    You'd mentioned the ssl.cert should've been created automatically, but I didn't have it after I built SBBS.

    The ctrl/cryptlib.key (private key) and ctrl/cert.ssl (self-signed cert) files are automatically created when you *run* (not build) SBBS. Do you have the cryptlib.key file? Note: If you change your system password, these files have to be recreated.

    I don't have /sbbs/ctrl/ssl.cert even after stopping and restarting SBBS, but I do have /sbbs/ctrl/cryptlib.key.

    You should probably resolve that issue first.

    I get these often in my sbbs logs.
    7/7 20:13:52 mail Failed to open/read TLS certificate: /sbbs/ctrl/ssl.cert

    Also I'm trying to use letsyncrypt, and trying to generate a new key: /sbbs/exec/jsexec letsyncrypt --new-key

    I see in the logs where Let's Encrypt tries to read into the web server and pull out the file for authenticate, but the file doesn't exist. I have /sbbs/web/root/.well-known/acme-challenge/ but apparently the js isn't creating the file for Let's Encrypt to find.

    Did you set up your letsyncrypt.ini file?
    --
    digital man (rob)

    Breaking Bad quote #35:
    You ever smoke anything else, Wendy? Sausages don't count - ha ha - Hank Norco, CA WX: 70.1øF, 65.0% humidity, 4 mph W wind, 0.00 inches rain/24hrs
    --- SBBSecho 3.28-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Sam Alexander@1:103/705 to Digital Man on Tue Jul 8 00:06:10 2025
    Re: Unable to figure out how to create ssl.cert
    By: Digital Man to Sam Alexander on Mon Jul 07 2025 09:13 pm

    I don't have /sbbs/ctrl/ssl.cert even after stopping and restarting SBBS, but I do have /sbbs/ctrl/cryptlib.key.

    You should probably resolve that issue first.

    What creates this or how can I troubleshoot this? I don't see any errors or messages in the logs about this being created or not.


    Did you set up your letsyncrypt.ini file?

    Yes, I left the KeyID as is and there wasn't anything under STATE:

    Host = acme-v02.api.letsencrypt.org
    Directory = /directory
    TOSAgreed = true
    GroupReadableKeyFile = false

    [Domains]
    totallynerd.com = /sbbs/web/root



    Thanks again for your help --
    Sam

    ---
    þ Synchronet þ -==[ Totally Nerd BBS ]==- (Work in Progress) - totallynerd.com
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Digital Man@1:103/705 to Sam Alexander on Tue Jul 8 10:54:11 2025
    Re: Unable to figure out how to create ssl.cert
    By: Sam Alexander to Digital Man on Tue Jul 08 2025 12:06 am

    Re: Unable to figure out how to create ssl.cert
    By: Digital Man to Sam Alexander on Mon Jul 07 2025 09:13 pm

    I don't have /sbbs/ctrl/ssl.cert even after stopping and restarting SBBS, but I do have /sbbs/ctrl/cryptlib.key.

    You should probably resolve that issue first.

    What creates this or how can I troubleshoot this?

    sbbs will create a self-signed cert, but only when SCFG->System->Security->Create Self-signed Certificate is set to "Yes" (which is a new option, that defaults to "No" since self-signed certs were confusing sysops).

    I don't see any errors or
    messages in the logs about this being created or not.

    I forgot about that (new) option, but that's likely why.

    You likely don't want a self-signed certificate anyway.

    Did you set up your letsyncrypt.ini file?

    Yes, I left the KeyID as is and there wasn't anything under STATE:

    Host = acme-v02.api.letsencrypt.org
    Directory = /directory
    TOSAgreed = true
    GroupReadableKeyFile = false

    [Domains]
    totallynerd.com = /sbbs/web/root

    What is the [Web] RootDirectory set to in your ctrl/sbbs.ini file?
    The default value for this key is:

    RootDirectory = ../webv4/root

    which doesn't match the path for your domain in your letsyncrypt.ini file.
    --
    digital man (rob)

    Synchronet "Real Fact" #128:
    Synchronet v3.19b was released on January 2, 2022 (15 months after v3.18b) Norco, CA WX: 79.3øF, 49.0% humidity, 3 mph WNW wind, 0.00 inches rain/24hrs --- SBBSecho 3.28-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)