Subj : Re: How do I install an Lets Encrypt Certificate. To : All From : Mojo Date : Thu Nov 06 2025 22:59:16 On Thu, 6 Nov 2025 16:36:13 -0800 "Digital Man" (VERT) wrote: > Re: How do I install an Lets Encrypt Certificate. > By: Mojo to DOVE-Net.Synchronet_Sysops on Thu Nov 06 2025 11:50 am > > > Hi all, > > > I am trying to install a lets encrypt certificate generated via > > certbot that comes with debian/ubuntu. > > > It gives me the following files > > cert.pem > > chain.pem > > fullchain.pem (a combination of the previous two it looks like) > > privkey.pam > > > I disabled the generate self-signed key in scfg. But I left both > > cryptlib.key and ssl.cert in place. > > > Things that i have tried. > > 1. > > jsexec certtool --import ./fullchain.pem > > result: "!JavaScript /home/synchronet/sbbs/exec/certtool.js line > > 70: Error: CryptLib error -43" > > cryptlib.h:#define CRYPT_ERROR_NOTFOUND ( -43 ) /* Requested item not > found in object */ > > I'd try that again with a different/bogus path to the pem file to see > if the error changes (i.e. it's complaining about an object *within* > the file instead of the file itself). Yes I tried that and it fails with bogus paths too. ``` if (argv.indexOf('--import') > -1) { ks = new CryptKeyset(csr_fname, CryptKeyset.KEYOPT.READONLY); rsa = ks.get_private_key("ssl_cert", syspass); ks.close(); i = argv.indexOf('--import') + 1; if (i>=argc) throw("No cert filename specified"); f = new File(argv[i]); if (!f.open("rb")) throw("Unable to open "+f.name); cert = f.read(); f.close(); cert = ACMEv2.prototype.create_pkcs7(cert); cert = new CryptCert(cert); //cert.check(); for (i=0; i < 10; i++) { if (file_remove(sks_fname)) break; mswait(100); } if (i == 10) throw("Unable to delete file "+sks_fname); ks = new CryptKeyset(sks_fname, CryptKeyset.KEYOPT.CREATE); ks.add_private_key(rsa, syspass); ks.add_public_key(cert); ks.close(); print("Certificate imported, delete "+csr_fname+" after verifying."); file_touch(recycle_sem); } ``` see there? Its looking for a csr file in the ctrl dir. Not sure why it is doing that for just importing a cert. Or maybe certtool isn't meant to just import a plain pem file. I think the tool itself is not for this use case. I was looking at the letsyncript and that to see if i can hack something simple together that can genearte a ssl.cert in the format that sbbs expects (from exiting fullchain.pem and privkey.pem) to replae the self generated one in ctrl. > > > The fullchain.pem looks the same as the example here > > https://wiki.synchro.net/module:certtool > > That's promising. > > > 2. > > I tried adding the folloing to the bottom of the [Mail] section in > > sbbs.ini: > > Secure = true > > CertificateFile = ./ssl_certs/fullchain.pem > > KeyFile = ./cryptlib.key > > Those keys don't seem to be supported or documented anywhere. How'd > you come up with that? > I saw them here so just tried them. https://nettwerked.synchronetbbs.org/?page=001-forum.ssjs&sub=dove-syncdisc&thread=1575 > > result: cannot connenct to port 995 > > That just suggests that your TCP port 995 isn't open or sbbs isn't > listening on it. The [mail] Options TLS_POP3 option must be included > (which is by default) and the TLSPOP3Port option must be set to 995 > (also the default) and your sbbs log output (e.g. syslog) would tell > if if it's in fact listening on that port or not. This is completely > unrelated to any certificate or key file. Its failing due to the keys I added to the [Mail] section. *** SSL/TLShandshake failed *** I was attempting to see if sbbs would accept a straight cert and key --- * Synchronet * Overfit! Bringing back the golden era of BBS Networking. [telnet://playmate.dynu * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705) .