-
exec/letsyncrypt.js
From
deuce@VERT to
CVS commit on Friday, February 23, 2018 15:08:08
exec letsyncrypt.js NONE 1.1
Update of /cvsroot/sbbs/exec
In directory cvs:/tmp/cvs-serv16039
Added Files:
letsyncrypt.js
Log Message:
LetSyncrypt.js -- an AJAXv2 client for Let's Encrypt.
This script will request and install a certificate, then recycle your web server. This is barely sufficient, but a lot more needs to be done...
1) Tracking certificate expiration, and only placing a new order when
appropriate.
2) Handling failure better.
3) Handle changes in the system password (like anyone ever does THAT).
4) Clean up stale authorizations.
Also, some enhanced features would be nice:
1) Adding a bunch of SANs, so virtual hosts Just Work
2) Key aging and updating
3) More control of certificate contents... I can't find a list of what
Let's Encrypt supports in CSRs.
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
-
From
deuce@VERT to
CVS commit on Friday, February 23, 2018 15:55:09
exec letsyncrypt.js 1.1 1.2
Update of /cvsroot/sbbs/exec
In directory cvs:/tmp/cvs-serv31080
Modified Files:
letsyncrypt.js
Log Message:
Only update the certificate if it's older than 30 days. It's now safe to
run this as a daily event.
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
-
From
deuce@VERT to
CVS commit on Friday, February 23, 2018 19:01:25
exec letsyncrypt.js 1.2 1.3
Update of /cvsroot/sbbs/exec
In directory cvs:/tmp/cvs-serv22594
Modified Files:
letsyncrypt.js
Log Message:
Fulfill all http-01 challenges rather than just picking one of them.
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
-
From
deuce@VERT to
CVS commit on Friday, February 23, 2018 23:08:41
exec letsyncrypt.js 1.3 1.4
Update of /cvsroot/sbbs/exec
In directory cvs:/tmp/cvs-serv16886
Modified Files:
letsyncrypt.js
Log Message:
Initial multiple domain stuff.
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
-
From
deuce@VERT to
CVS commit on Friday, February 23, 2018 23:09:54
exec letsyncrypt.js 1.4 1.5
Update of /cvsroot/sbbs/exec
In directory cvs:/tmp/cvs-serv17090
Modified Files:
letsyncrypt.js
Log Message:
csrenc was just for debugging... remove.
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
-
From
deuce@VERT to
CVS commit on Saturday, February 24, 2018 00:36:31
exec letsyncrypt.js 1.5 1.6
Update of /cvsroot/sbbs/exec
In directory cvs:/tmp/cvs-serv25895
Modified Files:
letsyncrypt.js
Log Message:
Add support for multiple domains.
Modify ctrl/letsyncrypt.ini and in the Domains section, add the web root
for each domain in the format:
example.com=/sbbs/web/root
If the list of domains changes, a new certificate will be generated next
time letsyncrypt runs.
You DO NOT need to specify the domains if you only need to support the single host system.inet_addr.
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
-
From
deuce@VERT to
CVS commit on Saturday, February 24, 2018 00:52:46
exec letsyncrypt.js 1.6 1.7
Update of /cvsroot/sbbs/exec
In directory cvs:/tmp/cvs-serv27923
Modified Files:
letsyncrypt.js
Log Message:
Remove ToDone comments.
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
-
From
deuce@VERT to
CVS commit on Saturday, February 24, 2018 01:36:50
exec letsyncrypt.js 1.7 1.8
Update of /cvsroot/sbbs/exec
In directory cvs:/tmp/cvs-serv32694
Modified Files:
letsyncrypt.js
Log Message:
If the current RSA key in ssl.cert is too small (< 2048 bits), delete
ssl.cert and generate a new key.
The defl-signed certificates are 1536 bits, so cannot be reused for Let's Encrypt.
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
-
From
deuce@VERT to
CVS commit on Saturday, February 24, 2018 01:47:03
exec letsyncrypt.js 1.8 1.9
Update of /cvsroot/sbbs/exec
In directory cvs:/tmp/cvs-serv1440
Modified Files:
letsyncrypt.js
Log Message:
Renew certificates when they have less than 30 days remaining, rather than
when they're 30 days old.
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
-
From
deuce@VERT to
CVS commit on Saturday, February 24, 2018 01:55:39
exec letsyncrypt.js 1.9 1.10
Update of /cvsroot/sbbs/exec
In directory cvs:/tmp/cvs-serv2273
Modified Files:
letsyncrypt.js
Log Message:
Don't re-do authorizations that are already completed.
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
-
From
deuce@VERT to
CVS commit on Saturday, February 24, 2018 13:10:06
exec letsyncrypt.js 1.10 1.11
Update of /cvsroot/sbbs/exec
In directory cvs:/tmp/cvs-serv30198
Modified Files:
letsyncrypt.js
Log Message:
If LetSyncrypt can't create $WEBROOT/.well-known/acme-challenge/, throw
an error.
If LetSyncrypt does create it, add a webctrl.ini file that removes access restrictions so that the file can be validated.
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
-
From
deuce@VERT to
CVS commit on Saturday, February 24, 2018 14:04:37
exec letsyncrypt.js 1.11 1.12
Update of /cvsroot/sbbs/exec
In directory cvs:/tmp/cvs-serv9603
Modified Files:
letsyncrypt.js
Log Message:
*Actually* don't do authorizations that are already completed.
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
-
From
deuce@VERT to
CVS commit on Saturday, February 24, 2018 14:24:13
exec letsyncrypt.js 1.12 1.13
Update of /cvsroot/sbbs/exec
In directory cvs:/tmp/cvs-serv13800
Modified Files:
letsyncrypt.js
Log Message:
Abort updates earlier, no need to read the system password if the update
isn't going to happen.
Also, add more errors, especially when a certificate is installed, but the state data can't be updated. That (very unlikely - some would say impossible) situation will result in a new cert being requested every time the script is ran (ideally every day), and likely running into throttling issues.
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
-
From
deuce@VERT to
CVS commit on Saturday, February 24, 2018 23:31:38
exec letsyncrypt.js 1.13 1.14
Update of /cvsroot/sbbs/exec
In directory cvs:/tmp/cvs-serv24297
Modified Files:
letsyncrypt.js
Log Message:
SyncJSLint
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
-
From
deuce@VERT to
CVS commit on Sunday, February 25, 2018 23:21:19
exec letsyncrypt.js 1.14 1.15
Update of /cvsroot/sbbs/exec
In directory cvs:/tmp/cvs-serv31440
Modified Files:
letsyncrypt.js
Log Message:
Remove asn1_len since it's in the ACMEv2 prototype now and use it from there. Give the certchain a different name from the private key so we can safely delete
it without losing the private key too.
Don't hold the keyset open while waiting for a CSR to be renewed.
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
-
From
deuce@VERT to
CVS commit on Sunday, February 25, 2018 23:24:27
exec letsyncrypt.js 1.15 1.16
Update of /cvsroot/sbbs/exec
In directory cvs:/tmp/cvs-serv31881
Modified Files:
letsyncrypt.js
Log Message:
Add a --force option to force a renewal.
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
-
From
deuce@VERT to
CVS commit on Monday, February 26, 2018 11:18:43
exec letsyncrypt.js 1.16 1.17
Update of /cvsroot/sbbs/exec
In directory cvs:/tmp/cvs-serv3675
Modified Files:
letsyncrypt.js
Log Message:
Store keys using the host, support a new Host global config parameter, do
an update of the Host has changed. Delete Staging value since it's not
used anymore.
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
-
From
deuce@VERT to
CVS commit on Monday, February 26, 2018 11:42:57
exec letsyncrypt.js 1.17 1.18
Update of /cvsroot/sbbs/exec
In directory cvs:/tmp/cvs-serv6643
Modified Files:
letsyncrypt.js
Log Message:
Don't do extra work to be less secure... always use a new RSA certificate
with a CSR.
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
-
From
deuce@VERT to
CVS commit on Monday, February 26, 2018 13:24:54
exec letsyncrypt.js 1.18 1.19
Update of /cvsroot/sbbs/exec
In directory cvs:/tmp/cvs-serv18566
Modified Files:
letsyncrypt.js
Log Message:
Add a delay between deletion attempts.
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
-
From
deuce@VERT to
CVS commit on Monday, February 26, 2018 14:07:41
exec letsyncrypt.js 1.19 1.20
Update of /cvsroot/sbbs/exec
In directory cvs:/tmp/cvs-serv22992
Modified Files:
letsyncrypt.js
Log Message:
Add support for the --new-key argument which generates a new account key.
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
-
From
deuce@VERT to
CVS commit on Monday, February 26, 2018 15:57:25
exec letsyncrypt.js 1.20 1.21
Update of /cvsroot/sbbs/exec
In directory cvs:/tmp/cvs-serv3432
Modified Files:
letsyncrypt.js
Log Message:
Add support for the --revoke option.
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
-
From
deuce@VERT to
CVS commit on Monday, February 26, 2018 16:08:12
exec letsyncrypt.js 1.21 1.22
Update of /cvsroot/sbbs/exec
In directory cvs:/tmp/cvs-serv4579
Modified Files:
letsyncrypt.js
Log Message:
Override User-Agent
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
-
From
deuce@VERT to
CVS commit on Monday, February 26, 2018 18:55:30
exec letsyncrypt.js 1.22 1.23
Update of /cvsroot/sbbs/exec
In directory cvs:/tmp/cvs-serv26206
Modified Files:
letsyncrypt.js
Log Message:
"Clean up"
Basically, prepare to split the script into various functions and stuff...
that var list is silly.
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
-
From
deuce@VERT to
CVS commit on Monday, February 26, 2018 19:47:46
exec letsyncrypt.js 1.23 1.24
Update of /cvsroot/sbbs/exec
In directory cvs:/tmp/cvs-serv31373
Modified Files:
letsyncrypt.js
Log Message:
Reorg, cleanup, fix, whatever.
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
-
From
deuce@VERT to
CVS commit on Monday, February 26, 2018 21:28:17
exec letsyncrypt.js 1.24 1.25
Update of /cvsroot/sbbs/exec
In directory cvs:/tmp/cvs-serv9636
Modified Files:
letsyncrypt.js
Log Message:
Path host and dir_path to the constructor rather than setting them afterward. Fixes bug where the key ID would be taken from the staging server.
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
-
From
deuce@VERT to
CVS commit on Tuesday, February 27, 2018 02:19:54
exec letsyncrypt.js 1.25 1.26
Update of /cvsroot/sbbs/exec
In directory cvs:/tmp/cvs-serv6824
Modified Files:
letsyncrypt.js
Log Message:
Make key type/size variables... to be configurable in the future.
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
-
From
deuce@VERT to
CVS commit on Tuesday, February 27, 2018 10:52:50
exec letsyncrypt.js 1.26 1.27
Update of /cvsroot/sbbs/exec
In directory cvs:/tmp/cvs-serv13465
Modified Files:
letsyncrypt.js
Log Message:
The official integration guide recommends renewing certificates "when they
have a third of their total lifetime left". Do that.
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
-
From
deuce@VERT to
CVS commit on Tuesday, February 27, 2018 11:18:40
exec letsyncrypt.js 1.27 1.28
Update of /cvsroot/sbbs/exec
In directory cvs:/tmp/cvs-serv16790
Modified Files:
letsyncrypt.js
Log Message:
Do an incremental backoff on retries up to just over a minute.
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
-
From
deuce@VERT to
CVS commit on Tuesday, February 27, 2018 22:18:08
exec letsyncrypt.js 1.28 1.29
Update of /cvsroot/sbbs/exec
In directory cvs:/tmp/cvs-serv18217
Modified Files:
letsyncrypt.js
Log Message:
Add new TOSAgreed ini setting, only tell the remote ToS was agreed to if
it's true. Log an error with the URL if it's not true and account creation fails.
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
-
From
deuce@VERT to
CVS commit on Tuesday, February 27, 2018 22:30:04
exec letsyncrypt.js 1.29 1.30
Update of /cvsroot/sbbs/exec
In directory cvs:/tmp/cvs-serv19515
Modified Files:
letsyncrypt.js
Log Message:
Add new --tos argument to print the Terms of Service URL.
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
-
From
deuce@VERT to
CVS commit on Thursday, March 01, 2018 22:47:33
exec letsyncrypt.js 1.30 1.31
Update of /cvsroot/sbbs/exec
In directory cvs:/tmp/cvs-serv9367
Modified Files:
letsyncrypt.js
Log Message:
If there is an error in at_least_a_third(), always return false so a new certificate is generated.
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
-
From
deuce@VERT to
CVS commit on Tuesday, March 13, 2018 10:29:27
exec letsyncrypt.js 1.31 1.32
Update of /cvsroot/sbbs/exec
In directory cvs:/tmp/cvs-serv24708
Modified Files:
letsyncrypt.js
Log Message:
ACMEv2 endpoint is now live. See the wiki for how to automate TLS certificates with Synchronet.
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
-
From
deuce@VERT to
CVS commit on Tuesday, March 27, 2018 19:36:56
exec letsyncrypt.js 1.32 1.33
Update of /cvsroot/sbbs/exec
In directory cvs:/tmp/cvs-serv13132
Modified Files:
letsyncrypt.js
Log Message:
Don't try ten times to delete files that don't exist.
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
-
From
rswindell@VERT to
CVS commit on Monday, December 24, 2018 18:39:32
exec letsyncrypt.js 1.33 1.34
Update of /cvsroot/sbbs/exec
In directory cvs:/tmp/cvs-serv6157
Modified Files:
letsyncrypt.js
Log Message:
Added some file.open/create failure handling/logging - just in case.
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
-
From
rswindell@VERT to
CVS commit on Wednesday, July 24, 2019 15:19:51
exec letsyncrypt.js 1.34 1.35
Update of /cvsroot/sbbs/exec
In directory cvs:/tmp/cvs-serv28129
Modified Files:
letsyncrypt.js
Log Message:
Add GroupReadableKeyFile letsyncrypt.ini option (default: false)
When set to true, enables group read permissions on the ssl.cert file
(using the new file_chmod() global function).
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
-
From
Deuce@VERT to
Git commit to main/sbbs/master on Friday, January 01, 2021 11:01:14
-
From
Deuce@VERT to
Git commit to main/sbbs/master on Monday, January 25, 2021 14:14:23
https://gitlab.synchro.net/main/sbbs/-/commit/d4bdf4ff5028e0c7709de1f0
Modified Files:
exec/letsyncrypt.js
Log Message:
Properly parse web hostname from sbbs.ini
Get both the webroot and web hostname from sbbs.ini rather than use system.inet_addr. system.inet_addr is configured in the messages
section, so it's implied that it's for email addresses.
Also, allow configuring the sysop email address with the SysopEmail
global key in the ini file.
This is a cleanup and duplicate of !82
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
-
From
Deuc¨@VERT to
Git commit to main/sbbs/master on Wednesday, March 10, 2021 15:44:05
-
From
Rob Swindell@VERT to
Git commit to main/sbbs/master on Thursday, December 30, 2021 20:52:53
https://gitlab.synchro.net/main/sbbs/-/commit/ba5462ba1e8444d8416bde8f
Modified Files:
exec/letsyncrypt.js
Log Message:
Insure the web RootDirectory ends in a slash.
Reported by Compctech via DOVE-Net:
"On a side note, I had to modify the letsyncrypt.js file to get letsencrypt to work. I had to add a / before .well-known on lines 86 - 89 & 96."
I'm guessing this is because his sbbs.ini [Web] RootDirectory wasn't terminated with a slash.
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
-
From
Rob Swindell@VERT to
Git commit to main/sbbs/master on Thursday, October 06, 2022 19:11:46
https://gitlab.synchro.net/main/sbbs/-/commit/b3492b803427dd5a202c1979
Modified Files:
exec/letsyncrypt.js
Log Message:
Recycle all servers/services after updating certificate
Per Deon (ALTERANT) via DOVE-Net:
Oct 7 09:47:16 d-11-1 synchronet: srvc 0060 BINKPS connection accepted from: 2402:1f00:8101:b3c:1000::2 port 55338
Oct 7 09:47:16 d-11-1 synchronet: srvc 0060 BINKPS TLS ERROR 'Server certificate has expired' (-3) setting private key
Oct 7 09:47:16 d-11-1 synchronet: srvc 0060 BINKPS TLS ERROR 'Data has not been initialised' (-11) setting session active
Which was odd, because my cert was renewed.
I forced renewed it, and confirmed it was valid, but they were still failing.
I noticed that letsyncrypt only recycles the web, which is probably the issue. Once I recycled everything, binkps connections started working again.
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
-
From
Rob Swindell@VERT to
Git commit to main/sbbs/master on Monday, January 16, 2023 21:26:10