1. Forum
  2. DOVE-Net
  3. Synchronet Programming

  • exec/letsyncrypt.js

    From deuce@VERT to CVS commit on Friday, February 23, 2018 15:08:08
    exec letsyncrypt.js NONE 1.1
    Update of /cvsroot/sbbs/exec
    In directory cvs:/tmp/cvs-serv16039

    Added Files:
    letsyncrypt.js
    Log Message:
    LetSyncrypt.js -- an AJAXv2 client for Let's Encrypt.

    This script will request and install a certificate, then recycle your web server. This is barely sufficient, but a lot more needs to be done...
    1) Tracking certificate expiration, and only placing a new order when
    appropriate.
    2) Handling failure better.
    3) Handle changes in the system password (like anyone ever does THAT).
    4) Clean up stale authorizations.

    Also, some enhanced features would be nice:
    1) Adding a bunch of SANs, so virtual hosts Just Work
    2) Key aging and updating
    3) More control of certificate contents... I can't find a list of what
    Let's Encrypt supports in CSRs.




    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From deuce@VERT to CVS commit on Friday, February 23, 2018 15:55:09
    exec letsyncrypt.js 1.1 1.2
    Update of /cvsroot/sbbs/exec
    In directory cvs:/tmp/cvs-serv31080

    Modified Files:
    letsyncrypt.js
    Log Message:
    Only update the certificate if it's older than 30 days. It's now safe to
    run this as a daily event.




    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From deuce@VERT to CVS commit on Friday, February 23, 2018 19:01:25
    exec letsyncrypt.js 1.2 1.3
    Update of /cvsroot/sbbs/exec
    In directory cvs:/tmp/cvs-serv22594

    Modified Files:
    letsyncrypt.js
    Log Message:
    Fulfill all http-01 challenges rather than just picking one of them.




    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From deuce@VERT to CVS commit on Friday, February 23, 2018 23:08:41
    exec letsyncrypt.js 1.3 1.4
    Update of /cvsroot/sbbs/exec
    In directory cvs:/tmp/cvs-serv16886

    Modified Files:
    letsyncrypt.js
    Log Message:
    Initial multiple domain stuff.



    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From deuce@VERT to CVS commit on Friday, February 23, 2018 23:09:54
    exec letsyncrypt.js 1.4 1.5
    Update of /cvsroot/sbbs/exec
    In directory cvs:/tmp/cvs-serv17090

    Modified Files:
    letsyncrypt.js
    Log Message:
    csrenc was just for debugging... remove.





    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From deuce@VERT to CVS commit on Saturday, February 24, 2018 00:36:31
    exec letsyncrypt.js 1.5 1.6
    Update of /cvsroot/sbbs/exec
    In directory cvs:/tmp/cvs-serv25895

    Modified Files:
    letsyncrypt.js
    Log Message:
    Add support for multiple domains.

    Modify ctrl/letsyncrypt.ini and in the Domains section, add the web root
    for each domain in the format:
    example.com=/sbbs/web/root

    If the list of domains changes, a new certificate will be generated next
    time letsyncrypt runs.

    You DO NOT need to specify the domains if you only need to support the single host system.inet_addr.




    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From deuce@VERT to CVS commit on Saturday, February 24, 2018 00:52:46
    exec letsyncrypt.js 1.6 1.7
    Update of /cvsroot/sbbs/exec
    In directory cvs:/tmp/cvs-serv27923

    Modified Files:
    letsyncrypt.js
    Log Message:
    Remove ToDone comments.




    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From deuce@VERT to CVS commit on Saturday, February 24, 2018 01:36:50
    exec letsyncrypt.js 1.7 1.8
    Update of /cvsroot/sbbs/exec
    In directory cvs:/tmp/cvs-serv32694

    Modified Files:
    letsyncrypt.js
    Log Message:
    If the current RSA key in ssl.cert is too small (< 2048 bits), delete
    ssl.cert and generate a new key.

    The defl-signed certificates are 1536 bits, so cannot be reused for Let's Encrypt.



    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From deuce@VERT to CVS commit on Saturday, February 24, 2018 01:47:03
    exec letsyncrypt.js 1.8 1.9
    Update of /cvsroot/sbbs/exec
    In directory cvs:/tmp/cvs-serv1440

    Modified Files:
    letsyncrypt.js
    Log Message:
    Renew certificates when they have less than 30 days remaining, rather than
    when they're 30 days old.




    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From deuce@VERT to CVS commit on Saturday, February 24, 2018 01:55:39
    exec letsyncrypt.js 1.9 1.10
    Update of /cvsroot/sbbs/exec
    In directory cvs:/tmp/cvs-serv2273

    Modified Files:
    letsyncrypt.js
    Log Message:
    Don't re-do authorizations that are already completed.




    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From deuce@VERT to CVS commit on Saturday, February 24, 2018 13:10:06
    exec letsyncrypt.js 1.10 1.11
    Update of /cvsroot/sbbs/exec
    In directory cvs:/tmp/cvs-serv30198

    Modified Files:
    letsyncrypt.js
    Log Message:
    If LetSyncrypt can't create $WEBROOT/.well-known/acme-challenge/, throw
    an error.

    If LetSyncrypt does create it, add a webctrl.ini file that removes access restrictions so that the file can be validated.




    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From deuce@VERT to CVS commit on Saturday, February 24, 2018 14:04:37
    exec letsyncrypt.js 1.11 1.12
    Update of /cvsroot/sbbs/exec
    In directory cvs:/tmp/cvs-serv9603

    Modified Files:
    letsyncrypt.js
    Log Message:
    *Actually* don't do authorizations that are already completed.




    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From deuce@VERT to CVS commit on Saturday, February 24, 2018 14:24:13
    exec letsyncrypt.js 1.12 1.13
    Update of /cvsroot/sbbs/exec
    In directory cvs:/tmp/cvs-serv13800

    Modified Files:
    letsyncrypt.js
    Log Message:
    Abort updates earlier, no need to read the system password if the update
    isn't going to happen.

    Also, add more errors, especially when a certificate is installed, but the state data can't be updated. That (very unlikely - some would say impossible) situation will result in a new cert being requested every time the script is ran (ideally every day), and likely running into throttling issues.




    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From deuce@VERT to CVS commit on Saturday, February 24, 2018 23:31:38
    exec letsyncrypt.js 1.13 1.14
    Update of /cvsroot/sbbs/exec
    In directory cvs:/tmp/cvs-serv24297

    Modified Files:
    letsyncrypt.js
    Log Message:
    SyncJSLint




    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From deuce@VERT to CVS commit on Sunday, February 25, 2018 23:21:19
    exec letsyncrypt.js 1.14 1.15
    Update of /cvsroot/sbbs/exec
    In directory cvs:/tmp/cvs-serv31440

    Modified Files:
    letsyncrypt.js
    Log Message:
    Remove asn1_len since it's in the ACMEv2 prototype now and use it from there. Give the certchain a different name from the private key so we can safely delete
    it without losing the private key too.
    Don't hold the keyset open while waiting for a CSR to be renewed.




    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From deuce@VERT to CVS commit on Sunday, February 25, 2018 23:24:27
    exec letsyncrypt.js 1.15 1.16
    Update of /cvsroot/sbbs/exec
    In directory cvs:/tmp/cvs-serv31881

    Modified Files:
    letsyncrypt.js
    Log Message:
    Add a --force option to force a renewal.




    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From deuce@VERT to CVS commit on Monday, February 26, 2018 11:18:43
    exec letsyncrypt.js 1.16 1.17
    Update of /cvsroot/sbbs/exec
    In directory cvs:/tmp/cvs-serv3675

    Modified Files:
    letsyncrypt.js
    Log Message:
    Store keys using the host, support a new Host global config parameter, do
    an update of the Host has changed. Delete Staging value since it's not
    used anymore.




    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From deuce@VERT to CVS commit on Monday, February 26, 2018 11:42:57
    exec letsyncrypt.js 1.17 1.18
    Update of /cvsroot/sbbs/exec
    In directory cvs:/tmp/cvs-serv6643

    Modified Files:
    letsyncrypt.js
    Log Message:
    Don't do extra work to be less secure... always use a new RSA certificate
    with a CSR.




    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From deuce@VERT to CVS commit on Monday, February 26, 2018 13:24:54
    exec letsyncrypt.js 1.18 1.19
    Update of /cvsroot/sbbs/exec
    In directory cvs:/tmp/cvs-serv18566

    Modified Files:
    letsyncrypt.js
    Log Message:
    Add a delay between deletion attempts.




    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From deuce@VERT to CVS commit on Monday, February 26, 2018 14:07:41
    exec letsyncrypt.js 1.19 1.20
    Update of /cvsroot/sbbs/exec
    In directory cvs:/tmp/cvs-serv22992

    Modified Files:
    letsyncrypt.js
    Log Message:
    Add support for the --new-key argument which generates a new account key.




    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From deuce@VERT to CVS commit on Monday, February 26, 2018 15:57:25
    exec letsyncrypt.js 1.20 1.21
    Update of /cvsroot/sbbs/exec
    In directory cvs:/tmp/cvs-serv3432

    Modified Files:
    letsyncrypt.js
    Log Message:
    Add support for the --revoke option.




    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From deuce@VERT to CVS commit on Monday, February 26, 2018 16:08:12
    exec letsyncrypt.js 1.21 1.22
    Update of /cvsroot/sbbs/exec
    In directory cvs:/tmp/cvs-serv4579

    Modified Files:
    letsyncrypt.js
    Log Message:
    Override User-Agent



    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From deuce@VERT to CVS commit on Monday, February 26, 2018 18:55:30
    exec letsyncrypt.js 1.22 1.23
    Update of /cvsroot/sbbs/exec
    In directory cvs:/tmp/cvs-serv26206

    Modified Files:
    letsyncrypt.js
    Log Message:
    "Clean up"

    Basically, prepare to split the script into various functions and stuff...
    that var list is silly.




    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From deuce@VERT to CVS commit on Monday, February 26, 2018 19:47:46
    exec letsyncrypt.js 1.23 1.24
    Update of /cvsroot/sbbs/exec
    In directory cvs:/tmp/cvs-serv31373

    Modified Files:
    letsyncrypt.js
    Log Message:
    Reorg, cleanup, fix, whatever.




    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From deuce@VERT to CVS commit on Monday, February 26, 2018 21:28:17
    exec letsyncrypt.js 1.24 1.25
    Update of /cvsroot/sbbs/exec
    In directory cvs:/tmp/cvs-serv9636

    Modified Files:
    letsyncrypt.js
    Log Message:
    Path host and dir_path to the constructor rather than setting them afterward. Fixes bug where the key ID would be taken from the staging server.




    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From deuce@VERT to CVS commit on Tuesday, February 27, 2018 02:19:54
    exec letsyncrypt.js 1.25 1.26
    Update of /cvsroot/sbbs/exec
    In directory cvs:/tmp/cvs-serv6824

    Modified Files:
    letsyncrypt.js
    Log Message:
    Make key type/size variables... to be configurable in the future.




    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From deuce@VERT to CVS commit on Tuesday, February 27, 2018 10:52:50
    exec letsyncrypt.js 1.26 1.27
    Update of /cvsroot/sbbs/exec
    In directory cvs:/tmp/cvs-serv13465

    Modified Files:
    letsyncrypt.js
    Log Message:
    The official integration guide recommends renewing certificates "when they
    have a third of their total lifetime left". Do that.




    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From deuce@VERT to CVS commit on Tuesday, February 27, 2018 11:18:40
    exec letsyncrypt.js 1.27 1.28
    Update of /cvsroot/sbbs/exec
    In directory cvs:/tmp/cvs-serv16790

    Modified Files:
    letsyncrypt.js
    Log Message:
    Do an incremental backoff on retries up to just over a minute.




    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From deuce@VERT to CVS commit on Tuesday, February 27, 2018 22:18:08
    exec letsyncrypt.js 1.28 1.29
    Update of /cvsroot/sbbs/exec
    In directory cvs:/tmp/cvs-serv18217

    Modified Files:
    letsyncrypt.js
    Log Message:
    Add new TOSAgreed ini setting, only tell the remote ToS was agreed to if
    it's true. Log an error with the URL if it's not true and account creation fails.




    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From deuce@VERT to CVS commit on Tuesday, February 27, 2018 22:30:04
    exec letsyncrypt.js 1.29 1.30
    Update of /cvsroot/sbbs/exec
    In directory cvs:/tmp/cvs-serv19515

    Modified Files:
    letsyncrypt.js
    Log Message:
    Add new --tos argument to print the Terms of Service URL.




    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From deuce@VERT to CVS commit on Thursday, March 01, 2018 22:47:33
    exec letsyncrypt.js 1.30 1.31
    Update of /cvsroot/sbbs/exec
    In directory cvs:/tmp/cvs-serv9367

    Modified Files:
    letsyncrypt.js
    Log Message:
    If there is an error in at_least_a_third(), always return false so a new certificate is generated.




    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From deuce@VERT to CVS commit on Tuesday, March 13, 2018 10:29:27
    exec letsyncrypt.js 1.31 1.32
    Update of /cvsroot/sbbs/exec
    In directory cvs:/tmp/cvs-serv24708

    Modified Files:
    letsyncrypt.js
    Log Message:
    ACMEv2 endpoint is now live. See the wiki for how to automate TLS certificates with Synchronet.




    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From deuce@VERT to CVS commit on Tuesday, March 27, 2018 19:36:56
    exec letsyncrypt.js 1.32 1.33
    Update of /cvsroot/sbbs/exec
    In directory cvs:/tmp/cvs-serv13132

    Modified Files:
    letsyncrypt.js
    Log Message:
    Don't try ten times to delete files that don't exist.




    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From rswindell@VERT to CVS commit on Monday, December 24, 2018 18:39:32
    exec letsyncrypt.js 1.33 1.34
    Update of /cvsroot/sbbs/exec
    In directory cvs:/tmp/cvs-serv6157

    Modified Files:
    letsyncrypt.js
    Log Message:
    Added some file.open/create failure handling/logging - just in case.



    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From rswindell@VERT to CVS commit on Wednesday, July 24, 2019 15:19:51
    exec letsyncrypt.js 1.34 1.35
    Update of /cvsroot/sbbs/exec
    In directory cvs:/tmp/cvs-serv28129

    Modified Files:
    letsyncrypt.js
    Log Message:
    Add GroupReadableKeyFile letsyncrypt.ini option (default: false)
    When set to true, enables group read permissions on the ssl.cert file
    (using the new file_chmod() global function).



    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From Deuce@VERT to Git commit to main/sbbs/master on Friday, January 01, 2021 11:01:14
    https://gitlab.synchro.net/main/sbbs/-/commit/e2e83629384d7540eda63a05
    Modified Files:
    exec/letsyncrypt.js
    Log Message:
    Remove nonsensical warning added in 89956b3d0c

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From Deuce@VERT to Git commit to main/sbbs/master on Monday, January 25, 2021 14:14:23
    https://gitlab.synchro.net/main/sbbs/-/commit/d4bdf4ff5028e0c7709de1f0
    Modified Files:
    exec/letsyncrypt.js
    Log Message:
    Properly parse web hostname from sbbs.ini

    Get both the webroot and web hostname from sbbs.ini rather than use system.inet_addr. system.inet_addr is configured in the messages
    section, so it's implied that it's for email addresses.

    Also, allow configuring the sysop email address with the SysopEmail
    global key in the ini file.

    This is a cleanup and duplicate of !82

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From Deuc¨@VERT to Git commit to main/sbbs/master on Wednesday, March 10, 2021 15:44:05
    https://gitlab.synchro.net/main/sbbs/-/commit/00e0498cdaf72390e104d300
    Modified Files:
    exec/letsyncrypt.js
    Log Message:
    If the service host is changed, the old private key is invalid.

    Just delete the old private key and create a new one for the new
    host.

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From Rob Swindell@VERT to Git commit to main/sbbs/master on Thursday, December 30, 2021 20:52:53
    https://gitlab.synchro.net/main/sbbs/-/commit/ba5462ba1e8444d8416bde8f
    Modified Files:
    exec/letsyncrypt.js
    Log Message:
    Insure the web RootDirectory ends in a slash.

    Reported by Compctech via DOVE-Net:

    "On a side note, I had to modify the letsyncrypt.js file to get letsencrypt to work. I had to add a / before .well-known on lines 86 - 89 & 96."

    I'm guessing this is because his sbbs.ini [Web] RootDirectory wasn't terminated with a slash.

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From Rob Swindell@VERT to Git commit to main/sbbs/master on Thursday, October 06, 2022 19:11:46
    https://gitlab.synchro.net/main/sbbs/-/commit/b3492b803427dd5a202c1979
    Modified Files:
    exec/letsyncrypt.js
    Log Message:
    Recycle all servers/services after updating certificate

    Per Deon (ALTERANT) via DOVE-Net:

    Oct 7 09:47:16 d-11-1 synchronet: srvc 0060 BINKPS connection accepted from: 2402:1f00:8101:b3c:1000::2 port 55338
    Oct 7 09:47:16 d-11-1 synchronet: srvc 0060 BINKPS TLS ERROR 'Server certificate has expired' (-3) setting private key
    Oct 7 09:47:16 d-11-1 synchronet: srvc 0060 BINKPS TLS ERROR 'Data has not been initialised' (-11) setting session active

    Which was odd, because my cert was renewed.

    I forced renewed it, and confirmed it was valid, but they were still failing.

    I noticed that letsyncrypt only recycles the web, which is probably the issue. Once I recycled everything, binkps connections started working again.

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From Rob Swindell@VERT to Git commit to main/sbbs/master on Monday, January 16, 2023 21:26:10
    https://gitlab.synchro.net/main/sbbs/-/commit/38ca791314996ea325edd0e7
    Modified Files:
    exec/letsyncrypt.js
    Log Message:
    Use main.ini instead of main.cnf for system password

    Fixes issue #471

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net