-
exec/letsyncrypt.js
From
deuce@1:103/705 to
CVS commit on Fri Feb 23 15:08:08 2018
exec letsyncrypt.js NONE 1.1
Update of /cvsroot/sbbs/exec
In directory cvs:/tmp/cvs-serv16039
Added Files:
letsyncrypt.js
Log Message:
LetSyncrypt.js -- an AJAXv2 client for Let's Encrypt.
This script will request and install a certificate, then recycle your web server. This is barely sufficient, but a lot more needs to be done...
1) Tracking certificate expiration, and only placing a new order when
appropriate.
2) Handling failure better.
3) Handle changes in the system password (like anyone ever does THAT).
4) Clean up stale authorizations.
Also, some enhanced features would be nice:
1) Adding a bunch of SANs, so virtual hosts Just Work
2) Key aging and updating
3) More control of certificate contents... I can't find a list of what
Let's Encrypt supports in CSRs.
--- SBBSecho 3.03-Win32
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
-
From
deuce@1:103/705 to
CVS commit on Fri Feb 23 15:55:09 2018
exec letsyncrypt.js 1.1 1.2
Update of /cvsroot/sbbs/exec
In directory cvs:/tmp/cvs-serv31080
Modified Files:
letsyncrypt.js
Log Message:
Only update the certificate if it's older than 30 days. It's now safe to
run this as a daily event.
--- SBBSecho 3.03-Win32
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
-
From
deuce@1:103/705 to
CVS commit on Fri Feb 23 19:01:25 2018
exec letsyncrypt.js 1.2 1.3
Update of /cvsroot/sbbs/exec
In directory cvs:/tmp/cvs-serv22594
Modified Files:
letsyncrypt.js
Log Message:
Fulfill all http-01 challenges rather than just picking one of them.
--- SBBSecho 3.03-Win32
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
-
From
deuce@1:103/705 to
CVS commit on Fri Feb 23 23:08:41 2018
exec letsyncrypt.js 1.3 1.4
Update of /cvsroot/sbbs/exec
In directory cvs:/tmp/cvs-serv16886
Modified Files:
letsyncrypt.js
Log Message:
Initial multiple domain stuff.
--- SBBSecho 3.03-Win32
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
-
From
deuce@1:103/705 to
CVS commit on Fri Feb 23 23:09:54 2018
exec letsyncrypt.js 1.4 1.5
Update of /cvsroot/sbbs/exec
In directory cvs:/tmp/cvs-serv17090
Modified Files:
letsyncrypt.js
Log Message:
csrenc was just for debugging... remove.
--- SBBSecho 3.03-Win32
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
-
From
deuce@1:103/705 to
CVS commit on Sat Feb 24 00:36:31 2018
exec letsyncrypt.js 1.5 1.6
Update of /cvsroot/sbbs/exec
In directory cvs:/tmp/cvs-serv25895
Modified Files:
letsyncrypt.js
Log Message:
Add support for multiple domains.
Modify ctrl/letsyncrypt.ini and in the Domains section, add the web root
for each domain in the format:
example.com=/sbbs/web/root
If the list of domains changes, a new certificate will be generated next
time letsyncrypt runs.
You DO NOT need to specify the domains if you only need to support the single host system.inet_addr.
--- SBBSecho 3.03-Win32
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
-
From
deuce@1:103/705 to
CVS commit on Sat Feb 24 00:52:46 2018
exec letsyncrypt.js 1.6 1.7
Update of /cvsroot/sbbs/exec
In directory cvs:/tmp/cvs-serv27923
Modified Files:
letsyncrypt.js
Log Message:
Remove ToDone comments.
--- SBBSecho 3.03-Win32
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
-
From
deuce@1:103/705 to
CVS commit on Sat Feb 24 01:36:50 2018
exec letsyncrypt.js 1.7 1.8
Update of /cvsroot/sbbs/exec
In directory cvs:/tmp/cvs-serv32694
Modified Files:
letsyncrypt.js
Log Message:
If the current RSA key in ssl.cert is too small (< 2048 bits), delete
ssl.cert and generate a new key.
The defl-signed certificates are 1536 bits, so cannot be reused for Let's Encrypt.
--- SBBSecho 3.03-Win32
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
-
From
deuce@1:103/705 to
CVS commit on Sat Feb 24 01:47:03 2018
exec letsyncrypt.js 1.8 1.9
Update of /cvsroot/sbbs/exec
In directory cvs:/tmp/cvs-serv1440
Modified Files:
letsyncrypt.js
Log Message:
Renew certificates when they have less than 30 days remaining, rather than
when they're 30 days old.
--- SBBSecho 3.03-Win32
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
-
From
deuce@1:103/705 to
CVS commit on Sat Feb 24 01:55:39 2018
exec letsyncrypt.js 1.9 1.10
Update of /cvsroot/sbbs/exec
In directory cvs:/tmp/cvs-serv2273
Modified Files:
letsyncrypt.js
Log Message:
Don't re-do authorizations that are already completed.
--- SBBSecho 3.03-Win32
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
-
From
deuce@1:103/705 to
CVS commit on Sat Feb 24 13:10:06 2018
exec letsyncrypt.js 1.10 1.11
Update of /cvsroot/sbbs/exec
In directory cvs:/tmp/cvs-serv30198
Modified Files:
letsyncrypt.js
Log Message:
If LetSyncrypt can't create $WEBROOT/.well-known/acme-challenge/, throw
an error.
If LetSyncrypt does create it, add a webctrl.ini file that removes access restrictions so that the file can be validated.
--- SBBSecho 3.03-Win32
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
-
From
deuce@1:103/705 to
CVS commit on Sat Feb 24 14:04:37 2018
exec letsyncrypt.js 1.11 1.12
Update of /cvsroot/sbbs/exec
In directory cvs:/tmp/cvs-serv9603
Modified Files:
letsyncrypt.js
Log Message:
*Actually* don't do authorizations that are already completed.
--- SBBSecho 3.03-Win32
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
-
From
deuce@1:103/705 to
CVS commit on Sat Feb 24 14:24:13 2018
exec letsyncrypt.js 1.12 1.13
Update of /cvsroot/sbbs/exec
In directory cvs:/tmp/cvs-serv13800
Modified Files:
letsyncrypt.js
Log Message:
Abort updates earlier, no need to read the system password if the update
isn't going to happen.
Also, add more errors, especially when a certificate is installed, but the state data can't be updated. That (very unlikely - some would say impossible) situation will result in a new cert being requested every time the script is ran (ideally every day), and likely running into throttling issues.
--- SBBSecho 3.03-Win32
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
-
From
deuce@1:103/705 to
CVS commit on Sat Feb 24 23:31:38 2018
exec letsyncrypt.js 1.13 1.14
Update of /cvsroot/sbbs/exec
In directory cvs:/tmp/cvs-serv24297
Modified Files:
letsyncrypt.js
Log Message:
SyncJSLint
--- SBBSecho 3.03-Win32
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
-
From
deuce@1:103/705 to
CVS commit on Sun Feb 25 23:21:19 2018
exec letsyncrypt.js 1.14 1.15
Update of /cvsroot/sbbs/exec
In directory cvs:/tmp/cvs-serv31440
Modified Files:
letsyncrypt.js
Log Message:
Remove asn1_len since it's in the ACMEv2 prototype now and use it from there. Give the certchain a different name from the private key so we can safely delete
it without losing the private key too.
Don't hold the keyset open while waiting for a CSR to be renewed.
--- SBBSecho 3.03-Win32
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
-
From
deuce@1:103/705 to
CVS commit on Sun Feb 25 23:24:27 2018
exec letsyncrypt.js 1.15 1.16
Update of /cvsroot/sbbs/exec
In directory cvs:/tmp/cvs-serv31881
Modified Files:
letsyncrypt.js
Log Message:
Add a --force option to force a renewal.
--- SBBSecho 3.03-Win32
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
-
From
deuce@1:103/705 to
CVS commit on Mon Feb 26 11:18:43 2018
exec letsyncrypt.js 1.16 1.17
Update of /cvsroot/sbbs/exec
In directory cvs:/tmp/cvs-serv3675
Modified Files:
letsyncrypt.js
Log Message:
Store keys using the host, support a new Host global config parameter, do
an update of the Host has changed. Delete Staging value since it's not
used anymore.
--- SBBSecho 3.03-Win32
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
-
From
deuce@1:103/705 to
CVS commit on Mon Feb 26 11:42:57 2018
exec letsyncrypt.js 1.17 1.18
Update of /cvsroot/sbbs/exec
In directory cvs:/tmp/cvs-serv6643
Modified Files:
letsyncrypt.js
Log Message:
Don't do extra work to be less secure... always use a new RSA certificate
with a CSR.
--- SBBSecho 3.03-Win32
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
-
From
deuce@1:103/705 to
CVS commit on Mon Feb 26 13:24:54 2018
exec letsyncrypt.js 1.18 1.19
Update of /cvsroot/sbbs/exec
In directory cvs:/tmp/cvs-serv18566
Modified Files:
letsyncrypt.js
Log Message:
Add a delay between deletion attempts.
--- SBBSecho 3.03-Win32
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
-
From
deuce@1:103/705 to
CVS commit on Mon Feb 26 14:07:41 2018
exec letsyncrypt.js 1.19 1.20
Update of /cvsroot/sbbs/exec
In directory cvs:/tmp/cvs-serv22992
Modified Files:
letsyncrypt.js
Log Message:
Add support for the --new-key argument which generates a new account key.
--- SBBSecho 3.03-Win32
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
-
From
deuce@1:103/705 to
CVS commit on Mon Feb 26 15:57:25 2018
exec letsyncrypt.js 1.20 1.21
Update of /cvsroot/sbbs/exec
In directory cvs:/tmp/cvs-serv3432
Modified Files:
letsyncrypt.js
Log Message:
Add support for the --revoke option.
--- SBBSecho 3.03-Win32
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
-
From
deuce@1:103/705 to
CVS commit on Mon Feb 26 16:08:12 2018
exec letsyncrypt.js 1.21 1.22
Update of /cvsroot/sbbs/exec
In directory cvs:/tmp/cvs-serv4579
Modified Files:
letsyncrypt.js
Log Message:
Override User-Agent
--- SBBSecho 3.03-Win32
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
-
From
deuce@1:103/705 to
CVS commit on Mon Feb 26 18:55:30 2018
exec letsyncrypt.js 1.22 1.23
Update of /cvsroot/sbbs/exec
In directory cvs:/tmp/cvs-serv26206
Modified Files:
letsyncrypt.js
Log Message:
"Clean up"
Basically, prepare to split the script into various functions and stuff...
that var list is silly.
--- SBBSecho 3.03-Win32
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
-
From
deuce@1:103/705 to
CVS commit on Mon Feb 26 19:47:46 2018
exec letsyncrypt.js 1.23 1.24
Update of /cvsroot/sbbs/exec
In directory cvs:/tmp/cvs-serv31373
Modified Files:
letsyncrypt.js
Log Message:
Reorg, cleanup, fix, whatever.
--- SBBSecho 3.03-Win32
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
-
From
deuce@1:103/705 to
CVS commit on Mon Feb 26 21:28:17 2018
exec letsyncrypt.js 1.24 1.25
Update of /cvsroot/sbbs/exec
In directory cvs:/tmp/cvs-serv9636
Modified Files:
letsyncrypt.js
Log Message:
Path host and dir_path to the constructor rather than setting them afterward. Fixes bug where the key ID would be taken from the staging server.
--- SBBSecho 3.03-Win32
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
-
From
deuce@1:103/705 to
CVS commit on Tue Feb 27 02:19:54 2018
exec letsyncrypt.js 1.25 1.26
Update of /cvsroot/sbbs/exec
In directory cvs:/tmp/cvs-serv6824
Modified Files:
letsyncrypt.js
Log Message:
Make key type/size variables... to be configurable in the future.
--- SBBSecho 3.03-Win32
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
-
From
deuce@1:103/705 to
CVS commit on Tue Feb 27 10:52:50 2018
exec letsyncrypt.js 1.26 1.27
Update of /cvsroot/sbbs/exec
In directory cvs:/tmp/cvs-serv13465
Modified Files:
letsyncrypt.js
Log Message:
The official integration guide recommends renewing certificates "when they
have a third of their total lifetime left". Do that.
--- SBBSecho 3.03-Win32
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
-
From
deuce@1:103/705 to
CVS commit on Tue Feb 27 11:18:40 2018
exec letsyncrypt.js 1.27 1.28
Update of /cvsroot/sbbs/exec
In directory cvs:/tmp/cvs-serv16790
Modified Files:
letsyncrypt.js
Log Message:
Do an incremental backoff on retries up to just over a minute.
--- SBBSecho 3.03-Win32
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
-
From
deuce@1:103/705 to
CVS commit on Tue Feb 27 22:18:08 2018
exec letsyncrypt.js 1.28 1.29
Update of /cvsroot/sbbs/exec
In directory cvs:/tmp/cvs-serv18217
Modified Files:
letsyncrypt.js
Log Message:
Add new TOSAgreed ini setting, only tell the remote ToS was agreed to if
it's true. Log an error with the URL if it's not true and account creation fails.
--- SBBSecho 3.03-Win32
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
-
From
deuce@1:103/705 to
CVS commit on Tue Feb 27 22:30:04 2018
exec letsyncrypt.js 1.29 1.30
Update of /cvsroot/sbbs/exec
In directory cvs:/tmp/cvs-serv19515
Modified Files:
letsyncrypt.js
Log Message:
Add new --tos argument to print the Terms of Service URL.
--- SBBSecho 3.03-Win32
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
-
From
deuce@1:103/705 to
CVS commit on Thu Mar 1 22:47:33 2018
exec letsyncrypt.js 1.30 1.31
Update of /cvsroot/sbbs/exec
In directory cvs:/tmp/cvs-serv9367
Modified Files:
letsyncrypt.js
Log Message:
If there is an error in at_least_a_third(), always return false so a new certificate is generated.
--- SBBSecho 3.03-Win32
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
-
From
deuce@1:103/705 to
CVS commit on Tue Mar 13 10:29:27 2018
exec letsyncrypt.js 1.31 1.32
Update of /cvsroot/sbbs/exec
In directory cvs:/tmp/cvs-serv24708
Modified Files:
letsyncrypt.js
Log Message:
ACMEv2 endpoint is now live. See the wiki for how to automate TLS certificates with Synchronet.
--- SBBSecho 3.03-Win32
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
-
From
deuce@1:103/705 to
CVS commit on Tue Mar 27 19:36:56 2018
exec letsyncrypt.js 1.32 1.33
Update of /cvsroot/sbbs/exec
In directory cvs:/tmp/cvs-serv13132
Modified Files:
letsyncrypt.js
Log Message:
Don't try ten times to delete files that don't exist.
--- SBBSecho 3.03-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
-
From
rswindell@1:103/705 to
CVS commit on Mon Dec 24 18:39:32 2018
exec letsyncrypt.js 1.33 1.34
Update of /cvsroot/sbbs/exec
In directory cvs:/tmp/cvs-serv6157
Modified Files:
letsyncrypt.js
Log Message:
Added some file.open/create failure handling/logging - just in case.
--- SBBSecho 3.06-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
-
From
rswindell@1:103/705 to
CVS commit on Wed Jul 24 15:19:51 2019
exec letsyncrypt.js 1.34 1.35
Update of /cvsroot/sbbs/exec
In directory cvs:/tmp/cvs-serv28129
Modified Files:
letsyncrypt.js
Log Message:
Add GroupReadableKeyFile letsyncrypt.ini option (default: false)
When set to true, enables group read permissions on the ssl.cert file
(using the new file_chmod() global function).
--- SBBSecho 3.07-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
-
From
Deuce@1:103/705 to
Git commit to main/sbbs/master on Fri Jan 1 11:01:14 2021
-
From
Deuce@1:103/705 to
Git commit to main/sbbs/master on Mon Jan 25 14:14:23 2021
https://gitlab.synchro.net/main/sbbs/-/commit/d4bdf4ff5028e0c7709de1f0
Modified Files:
exec/letsyncrypt.js
Log Message:
Properly parse web hostname from sbbs.iniGet both the webroot and web hostname from sbbs.ini rather than usesystem.inet_addr. system.inet_addr is configured in the messagessection, so it's implied that it's for email addresses.Also, allow configuring the sysop email address with the SysopEmailglobal key in the ini file.This is a cleanup and duplicate of !82
--- SBBSecho 3.12-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
-
From
Deucе@1:103/705 to
Git commit to main/sbbs/master on Wed Mar 10 15:44:05 2021
-
From
Rob Swindell@1:103/705 to
Git commit to main/sbbs/master on Thu Dec 30 20:52:53 2021
https://gitlab.synchro.net/main/sbbs/-/commit/ba5462ba1e8444d8416bde8f
Modified Files:
exec/letsyncrypt.js
Log Message:
Insure the web RootDirectory ends in a slash.Reported by Compctech via DOVE-Net:"On a side note, I had to modify the letsyncrypt.js file to get letsencrypt towork. I had to add a / before .well-known on lines 86 - 89 & 96."I'm guessing this is because his sbbs.ini [Web] RootDirectory wasn't terminated with a slash.
--- SBBSecho 3.14-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
-
From
Rob Swindell@1:103/705 to
Git commit to main/sbbs/master on Thu Oct 6 19:11:46 2022
https://gitlab.synchro.net/main/sbbs/-/commit/b3492b803427dd5a202c1979
Modified Files:
exec/letsyncrypt.js
Log Message:
Recycle all servers/services after updating certificatePer Deon (ALTERANT) via DOVE-Net:Oct 7 09:47:16 d-11-1 synchronet: srvc 0060 BINKPS connection accepted from:2402:1f00:8101:b3c:1000::2 port 55338Oct 7 09:47:16 d-11-1 synchronet: srvc 0060 BINKPS TLS ERROR 'Servercertificate has expired' (-3) setting private keyOct 7 09:47:16 d-11-1 synchronet: srvc 0060 BINKPS TLS ERROR 'Data has notbeen initialised' (-11) setting session activeWhich was odd,
because my cert was renewed.I forced renewed it, and confirmed it was valid, but they were still failing.I noticed that letsyncrypt only recycles the web, which is probably the issue.Once I recycled everything, binkps connections started working again.
--- SBBSecho 3.15-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
-
From
Rob Swindell@1:103/705 to
Git commit to main/sbbs/master on Mon Jan 16 21:26:10 2023