• exec/letsyncrypt.js

    From deuce@1:103/705 to CVS commit on Fri Feb 23 15:08:08 2018
    exec letsyncrypt.js NONE 1.1
    Update of /cvsroot/sbbs/exec
    In directory cvs:/tmp/cvs-serv16039

    Added Files:
    letsyncrypt.js
    Log Message:
    LetSyncrypt.js -- an AJAXv2 client for Let's Encrypt.

    This script will request and install a certificate, then recycle your web server. This is barely sufficient, but a lot more needs to be done...
    1) Tracking certificate expiration, and only placing a new order when
    appropriate.
    2) Handling failure better.
    3) Handle changes in the system password (like anyone ever does THAT).
    4) Clean up stale authorizations.

    Also, some enhanced features would be nice:
    1) Adding a bunch of SANs, so virtual hosts Just Work
    2) Key aging and updating
    3) More control of certificate contents... I can't find a list of what
    Let's Encrypt supports in CSRs.



    --- SBBSecho 3.03-Win32
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From deuce@1:103/705 to CVS commit on Fri Feb 23 15:55:09 2018
    exec letsyncrypt.js 1.1 1.2
    Update of /cvsroot/sbbs/exec
    In directory cvs:/tmp/cvs-serv31080

    Modified Files:
    letsyncrypt.js
    Log Message:
    Only update the certificate if it's older than 30 days. It's now safe to
    run this as a daily event.



    --- SBBSecho 3.03-Win32
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From deuce@1:103/705 to CVS commit on Fri Feb 23 19:01:25 2018
    exec letsyncrypt.js 1.2 1.3
    Update of /cvsroot/sbbs/exec
    In directory cvs:/tmp/cvs-serv22594

    Modified Files:
    letsyncrypt.js
    Log Message:
    Fulfill all http-01 challenges rather than just picking one of them.



    --- SBBSecho 3.03-Win32
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From deuce@1:103/705 to CVS commit on Fri Feb 23 23:08:41 2018
    exec letsyncrypt.js 1.3 1.4
    Update of /cvsroot/sbbs/exec
    In directory cvs:/tmp/cvs-serv16886

    Modified Files:
    letsyncrypt.js
    Log Message:
    Initial multiple domain stuff.


    --- SBBSecho 3.03-Win32
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From deuce@1:103/705 to CVS commit on Fri Feb 23 23:09:54 2018
    exec letsyncrypt.js 1.4 1.5
    Update of /cvsroot/sbbs/exec
    In directory cvs:/tmp/cvs-serv17090

    Modified Files:
    letsyncrypt.js
    Log Message:
    csrenc was just for debugging... remove.




    --- SBBSecho 3.03-Win32
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From deuce@1:103/705 to CVS commit on Sat Feb 24 00:36:31 2018
    exec letsyncrypt.js 1.5 1.6
    Update of /cvsroot/sbbs/exec
    In directory cvs:/tmp/cvs-serv25895

    Modified Files:
    letsyncrypt.js
    Log Message:
    Add support for multiple domains.

    Modify ctrl/letsyncrypt.ini and in the Domains section, add the web root
    for each domain in the format:
    example.com=/sbbs/web/root

    If the list of domains changes, a new certificate will be generated next
    time letsyncrypt runs.

    You DO NOT need to specify the domains if you only need to support the single host system.inet_addr.



    --- SBBSecho 3.03-Win32
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From deuce@1:103/705 to CVS commit on Sat Feb 24 00:52:46 2018
    exec letsyncrypt.js 1.6 1.7
    Update of /cvsroot/sbbs/exec
    In directory cvs:/tmp/cvs-serv27923

    Modified Files:
    letsyncrypt.js
    Log Message:
    Remove ToDone comments.



    --- SBBSecho 3.03-Win32
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From deuce@1:103/705 to CVS commit on Sat Feb 24 01:36:50 2018
    exec letsyncrypt.js 1.7 1.8
    Update of /cvsroot/sbbs/exec
    In directory cvs:/tmp/cvs-serv32694

    Modified Files:
    letsyncrypt.js
    Log Message:
    If the current RSA key in ssl.cert is too small (< 2048 bits), delete
    ssl.cert and generate a new key.

    The defl-signed certificates are 1536 bits, so cannot be reused for Let's Encrypt.


    --- SBBSecho 3.03-Win32
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From deuce@1:103/705 to CVS commit on Sat Feb 24 01:47:03 2018
    exec letsyncrypt.js 1.8 1.9
    Update of /cvsroot/sbbs/exec
    In directory cvs:/tmp/cvs-serv1440

    Modified Files:
    letsyncrypt.js
    Log Message:
    Renew certificates when they have less than 30 days remaining, rather than
    when they're 30 days old.



    --- SBBSecho 3.03-Win32
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From deuce@1:103/705 to CVS commit on Sat Feb 24 01:55:39 2018
    exec letsyncrypt.js 1.9 1.10
    Update of /cvsroot/sbbs/exec
    In directory cvs:/tmp/cvs-serv2273

    Modified Files:
    letsyncrypt.js
    Log Message:
    Don't re-do authorizations that are already completed.



    --- SBBSecho 3.03-Win32
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From deuce@1:103/705 to CVS commit on Sat Feb 24 13:10:06 2018
    exec letsyncrypt.js 1.10 1.11
    Update of /cvsroot/sbbs/exec
    In directory cvs:/tmp/cvs-serv30198

    Modified Files:
    letsyncrypt.js
    Log Message:
    If LetSyncrypt can't create $WEBROOT/.well-known/acme-challenge/, throw
    an error.

    If LetSyncrypt does create it, add a webctrl.ini file that removes access restrictions so that the file can be validated.



    --- SBBSecho 3.03-Win32
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From deuce@1:103/705 to CVS commit on Sat Feb 24 14:04:37 2018
    exec letsyncrypt.js 1.11 1.12
    Update of /cvsroot/sbbs/exec
    In directory cvs:/tmp/cvs-serv9603

    Modified Files:
    letsyncrypt.js
    Log Message:
    *Actually* don't do authorizations that are already completed.



    --- SBBSecho 3.03-Win32
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From deuce@1:103/705 to CVS commit on Sat Feb 24 14:24:13 2018
    exec letsyncrypt.js 1.12 1.13
    Update of /cvsroot/sbbs/exec
    In directory cvs:/tmp/cvs-serv13800

    Modified Files:
    letsyncrypt.js
    Log Message:
    Abort updates earlier, no need to read the system password if the update
    isn't going to happen.

    Also, add more errors, especially when a certificate is installed, but the state data can't be updated. That (very unlikely - some would say impossible) situation will result in a new cert being requested every time the script is ran (ideally every day), and likely running into throttling issues.



    --- SBBSecho 3.03-Win32
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From deuce@1:103/705 to CVS commit on Sat Feb 24 23:31:38 2018
    exec letsyncrypt.js 1.13 1.14
    Update of /cvsroot/sbbs/exec
    In directory cvs:/tmp/cvs-serv24297

    Modified Files:
    letsyncrypt.js
    Log Message:
    SyncJSLint



    --- SBBSecho 3.03-Win32
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From deuce@1:103/705 to CVS commit on Sun Feb 25 23:21:19 2018
    exec letsyncrypt.js 1.14 1.15
    Update of /cvsroot/sbbs/exec
    In directory cvs:/tmp/cvs-serv31440

    Modified Files:
    letsyncrypt.js
    Log Message:
    Remove asn1_len since it's in the ACMEv2 prototype now and use it from there. Give the certchain a different name from the private key so we can safely delete
    it without losing the private key too.
    Don't hold the keyset open while waiting for a CSR to be renewed.



    --- SBBSecho 3.03-Win32
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From deuce@1:103/705 to CVS commit on Sun Feb 25 23:24:27 2018
    exec letsyncrypt.js 1.15 1.16
    Update of /cvsroot/sbbs/exec
    In directory cvs:/tmp/cvs-serv31881

    Modified Files:
    letsyncrypt.js
    Log Message:
    Add a --force option to force a renewal.



    --- SBBSecho 3.03-Win32
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From deuce@1:103/705 to CVS commit on Mon Feb 26 11:18:43 2018
    exec letsyncrypt.js 1.16 1.17
    Update of /cvsroot/sbbs/exec
    In directory cvs:/tmp/cvs-serv3675

    Modified Files:
    letsyncrypt.js
    Log Message:
    Store keys using the host, support a new Host global config parameter, do
    an update of the Host has changed. Delete Staging value since it's not
    used anymore.



    --- SBBSecho 3.03-Win32
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From deuce@1:103/705 to CVS commit on Mon Feb 26 11:42:57 2018
    exec letsyncrypt.js 1.17 1.18
    Update of /cvsroot/sbbs/exec
    In directory cvs:/tmp/cvs-serv6643

    Modified Files:
    letsyncrypt.js
    Log Message:
    Don't do extra work to be less secure... always use a new RSA certificate
    with a CSR.



    --- SBBSecho 3.03-Win32
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From deuce@1:103/705 to CVS commit on Mon Feb 26 13:24:54 2018
    exec letsyncrypt.js 1.18 1.19
    Update of /cvsroot/sbbs/exec
    In directory cvs:/tmp/cvs-serv18566

    Modified Files:
    letsyncrypt.js
    Log Message:
    Add a delay between deletion attempts.



    --- SBBSecho 3.03-Win32
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From deuce@1:103/705 to CVS commit on Mon Feb 26 14:07:41 2018
    exec letsyncrypt.js 1.19 1.20
    Update of /cvsroot/sbbs/exec
    In directory cvs:/tmp/cvs-serv22992

    Modified Files:
    letsyncrypt.js
    Log Message:
    Add support for the --new-key argument which generates a new account key.



    --- SBBSecho 3.03-Win32
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From deuce@1:103/705 to CVS commit on Mon Feb 26 15:57:25 2018
    exec letsyncrypt.js 1.20 1.21
    Update of /cvsroot/sbbs/exec
    In directory cvs:/tmp/cvs-serv3432

    Modified Files:
    letsyncrypt.js
    Log Message:
    Add support for the --revoke option.



    --- SBBSecho 3.03-Win32
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From deuce@1:103/705 to CVS commit on Mon Feb 26 16:08:12 2018
    exec letsyncrypt.js 1.21 1.22
    Update of /cvsroot/sbbs/exec
    In directory cvs:/tmp/cvs-serv4579

    Modified Files:
    letsyncrypt.js
    Log Message:
    Override User-Agent


    --- SBBSecho 3.03-Win32
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From deuce@1:103/705 to CVS commit on Mon Feb 26 18:55:30 2018
    exec letsyncrypt.js 1.22 1.23
    Update of /cvsroot/sbbs/exec
    In directory cvs:/tmp/cvs-serv26206

    Modified Files:
    letsyncrypt.js
    Log Message:
    "Clean up"

    Basically, prepare to split the script into various functions and stuff...
    that var list is silly.



    --- SBBSecho 3.03-Win32
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From deuce@1:103/705 to CVS commit on Mon Feb 26 19:47:46 2018
    exec letsyncrypt.js 1.23 1.24
    Update of /cvsroot/sbbs/exec
    In directory cvs:/tmp/cvs-serv31373

    Modified Files:
    letsyncrypt.js
    Log Message:
    Reorg, cleanup, fix, whatever.



    --- SBBSecho 3.03-Win32
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From deuce@1:103/705 to CVS commit on Mon Feb 26 21:28:17 2018
    exec letsyncrypt.js 1.24 1.25
    Update of /cvsroot/sbbs/exec
    In directory cvs:/tmp/cvs-serv9636

    Modified Files:
    letsyncrypt.js
    Log Message:
    Path host and dir_path to the constructor rather than setting them afterward. Fixes bug where the key ID would be taken from the staging server.



    --- SBBSecho 3.03-Win32
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From deuce@1:103/705 to CVS commit on Tue Feb 27 02:19:54 2018
    exec letsyncrypt.js 1.25 1.26
    Update of /cvsroot/sbbs/exec
    In directory cvs:/tmp/cvs-serv6824

    Modified Files:
    letsyncrypt.js
    Log Message:
    Make key type/size variables... to be configurable in the future.



    --- SBBSecho 3.03-Win32
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From deuce@1:103/705 to CVS commit on Tue Feb 27 10:52:50 2018
    exec letsyncrypt.js 1.26 1.27
    Update of /cvsroot/sbbs/exec
    In directory cvs:/tmp/cvs-serv13465

    Modified Files:
    letsyncrypt.js
    Log Message:
    The official integration guide recommends renewing certificates "when they
    have a third of their total lifetime left". Do that.



    --- SBBSecho 3.03-Win32
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From deuce@1:103/705 to CVS commit on Tue Feb 27 11:18:40 2018
    exec letsyncrypt.js 1.27 1.28
    Update of /cvsroot/sbbs/exec
    In directory cvs:/tmp/cvs-serv16790

    Modified Files:
    letsyncrypt.js
    Log Message:
    Do an incremental backoff on retries up to just over a minute.



    --- SBBSecho 3.03-Win32
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From deuce@1:103/705 to CVS commit on Tue Feb 27 22:18:08 2018
    exec letsyncrypt.js 1.28 1.29
    Update of /cvsroot/sbbs/exec
    In directory cvs:/tmp/cvs-serv18217

    Modified Files:
    letsyncrypt.js
    Log Message:
    Add new TOSAgreed ini setting, only tell the remote ToS was agreed to if
    it's true. Log an error with the URL if it's not true and account creation fails.



    --- SBBSecho 3.03-Win32
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From deuce@1:103/705 to CVS commit on Tue Feb 27 22:30:04 2018
    exec letsyncrypt.js 1.29 1.30
    Update of /cvsroot/sbbs/exec
    In directory cvs:/tmp/cvs-serv19515

    Modified Files:
    letsyncrypt.js
    Log Message:
    Add new --tos argument to print the Terms of Service URL.



    --- SBBSecho 3.03-Win32
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From deuce@1:103/705 to CVS commit on Thu Mar 1 22:47:33 2018
    exec letsyncrypt.js 1.30 1.31
    Update of /cvsroot/sbbs/exec
    In directory cvs:/tmp/cvs-serv9367

    Modified Files:
    letsyncrypt.js
    Log Message:
    If there is an error in at_least_a_third(), always return false so a new certificate is generated.



    --- SBBSecho 3.03-Win32
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From deuce@1:103/705 to CVS commit on Tue Mar 13 10:29:27 2018
    exec letsyncrypt.js 1.31 1.32
    Update of /cvsroot/sbbs/exec
    In directory cvs:/tmp/cvs-serv24708

    Modified Files:
    letsyncrypt.js
    Log Message:
    ACMEv2 endpoint is now live. See the wiki for how to automate TLS certificates with Synchronet.



    --- SBBSecho 3.03-Win32
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From deuce@1:103/705 to CVS commit on Tue Mar 27 19:36:56 2018
    exec letsyncrypt.js 1.32 1.33
    Update of /cvsroot/sbbs/exec
    In directory cvs:/tmp/cvs-serv13132

    Modified Files:
    letsyncrypt.js
    Log Message:
    Don't try ten times to delete files that don't exist.



    --- SBBSecho 3.03-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From rswindell@1:103/705 to CVS commit on Mon Dec 24 18:39:32 2018
    exec letsyncrypt.js 1.33 1.34
    Update of /cvsroot/sbbs/exec
    In directory cvs:/tmp/cvs-serv6157

    Modified Files:
    letsyncrypt.js
    Log Message:
    Added some file.open/create failure handling/logging - just in case.


    --- SBBSecho 3.06-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From rswindell@1:103/705 to CVS commit on Wed Jul 24 15:19:51 2019
    exec letsyncrypt.js 1.34 1.35
    Update of /cvsroot/sbbs/exec
    In directory cvs:/tmp/cvs-serv28129

    Modified Files:
    letsyncrypt.js
    Log Message:
    Add GroupReadableKeyFile letsyncrypt.ini option (default: false)
    When set to true, enables group read permissions on the ssl.cert file
    (using the new file_chmod() global function).


    --- SBBSecho 3.07-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Deuce@1:103/705 to Git commit to main/sbbs/master on Fri Jan 1 11:01:14 2021
    https://gitlab.synchro.net/main/sbbs/-/commit/e2e83629384d7540eda63a05
    Modified Files:
    exec/letsyncrypt.js
    Log Message:
    Remove nonsensical warning added in 89956b3d0c
    --- SBBSecho 3.12-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Deuce@1:103/705 to Git commit to main/sbbs/master on Mon Jan 25 14:14:23 2021
    https://gitlab.synchro.net/main/sbbs/-/commit/d4bdf4ff5028e0c7709de1f0
    Modified Files:
    exec/letsyncrypt.js
    Log Message:
    Properly parse web hostname from sbbs.iniGet both the webroot and web hostname from sbbs.ini rather than usesystem.inet_addr. system.inet_addr is configured in the messagessection, so it's implied that it's for email addresses.Also, allow configuring the sysop email address with the SysopEmailglobal key in the ini file.This is a cleanup and duplicate of !82
    --- SBBSecho 3.12-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Deucе@1:103/705 to Git commit to main/sbbs/master on Wed Mar 10 15:44:05 2021
    https://gitlab.synchro.net/main/sbbs/-/commit/00e0498cdaf72390e104d300
    Modified Files:
    exec/letsyncrypt.js
    Log Message:
    If the service host is changed, the old private key is invalid.Just delete the old private key and create a new one for the newhost.
    --- SBBSecho 3.13-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Rob Swindell@1:103/705 to Git commit to main/sbbs/master on Thu Dec 30 20:52:53 2021
    https://gitlab.synchro.net/main/sbbs/-/commit/ba5462ba1e8444d8416bde8f
    Modified Files:
    exec/letsyncrypt.js
    Log Message:
    Insure the web RootDirectory ends in a slash.Reported by Compctech via DOVE-Net:"On a side note, I had to modify the letsyncrypt.js file to get letsencrypt towork. I had to add a / before .well-known on lines 86 - 89 & 96."I'm guessing this is because his sbbs.ini [Web] RootDirectory wasn't terminated with a slash.
    --- SBBSecho 3.14-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Rob Swindell@1:103/705 to Git commit to main/sbbs/master on Thu Oct 6 19:11:46 2022
    https://gitlab.synchro.net/main/sbbs/-/commit/b3492b803427dd5a202c1979
    Modified Files:
    exec/letsyncrypt.js
    Log Message:
    Recycle all servers/services after updating certificatePer Deon (ALTERANT) via DOVE-Net:Oct 7 09:47:16 d-11-1 synchronet: srvc 0060 BINKPS connection accepted from:2402:1f00:8101:b3c:1000::2 port 55338Oct 7 09:47:16 d-11-1 synchronet: srvc 0060 BINKPS TLS ERROR 'Servercertificate has expired' (-3) setting private keyOct 7 09:47:16 d-11-1 synchronet: srvc 0060 BINKPS TLS ERROR 'Data has notbeen initialised' (-11) setting session activeWhich was odd,
    because my cert was renewed.I forced renewed it, and confirmed it was valid, but they were still failing.I noticed that letsyncrypt only recycles the web, which is probably the issue.Once I recycled everything, binkps connections started working again.
    --- SBBSecho 3.15-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Rob Swindell@1:103/705 to Git commit to main/sbbs/master on Mon Jan 16 21:26:10 2023
    https://gitlab.synchro.net/main/sbbs/-/commit/38ca791314996ea325edd0e7
    Modified Files:
    exec/letsyncrypt.js
    Log Message:
    Use main.ini instead of main.cnf for system passwordFixes issue #471
    --- SBBSecho 3.20-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)