Thread Rating:
  • 1 Vote(s) - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
[ Letsencrypt ] Free, automated, and open Certificate Authority.
#1
[Image: letsencrypt-logo-horizontal.svg]

Module is available for:

x64_OS5/OS7
x86_OS6
x86_OS5
ppc_OS6

Download

Require:

Python2 > 2.05.04
FaJoCron > 1.02.01
FaJoSSHD > 1.10.02 optional


Guides to use certificates on different modules, after they've been created:

apache and modules depending on apache - http://s.go.ro/1y4ub69r

Create SSL Certificate using Let’s Encrypt
 

Requirements:

SSH enabled on your NAS or FaJoSSHD module installed (NAS SSH will be used on this guide)
For PC, you need Putty or any SSH client to connect on you NAS
On your router forward port 80 and 443 to your NAS IP


A DNS which is pointed to your external IP, you can get one from http://freeddns.noip.com and configure it on your NAS or router for automatic update, when you external IP changed. Then you can access your NAS remotely at http://example.ddns.net or securely at https://example.ddns.net

[Image: 2017-05-01_14_37_04-_N5810.png]

Enable SSH in your NAS

[Image: image.png]

Enable HTTP and HTTPS service

[Image: 2017-05-01_21_32_59-_N5810.png]

Start Putty and connect on you NAS (HOST name select your NAS IP):

[Image: image.png]

Login as : root and password: youradminpassword

[Image: image.png]

We consider in this tutorial your domain is example.ddns.net

Type this command to add your domain, replace example.ddns.net with your DNS

Code:
echo example.ddns.net > /raid/data/MOD_CONFIG/letsencrypt/domain

Then type this command  to register:
Code:
/raid/data/module/Letsencrypt/shell/module.rc register

It will ask you for email address to register, type your email address and hit enter.

Code:
Saving debug log to /raid/data/MOD_CONFIG/letsencrypt/log/letsencrypt.log
Enter email address (used for urgent renewal and security notices) (Enter 'c' to
cancel):john.doe@gmail.com

-------------------------------------------------------------------------------
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about EFF and
our work to encrypt the web, protect its users and defend digital rights.
-------------------------------------------------------------------------------
(Y)es/(N)o: N

IMPORTANT NOTES:
- Your account credentials have been saved in your Certbot
  configuration directory at /raid/data/MOD_CONFIG/letsencrypt. You
  should make a secure backup of this folder now. This configuration
  directory will also contain certificates and private keys obtained
  by Certbot so making regular backups of this folder is ideal.

Now let's create the certificates, enter the following command:

Code:
/raid/data/module/Letsencrypt/shell/module.rc certonly

Certificates will be created and saved to /raid/data/MOD_CONFIG/letsencrypt/live/example.ddns.net

Code:
Saving debug log to /raid/data/MOD_CONFIG/letsencrypt/log/letsencrypt.log
Obtaining a new certificate
Performing the following challenges:
tls-sni-01 challenge for example.ddns.net
Waiting for verification...
Cleaning up challenges
Generating key (2048 bits): /raid/data/MOD_CONFIG/letsencrypt/keys/0000_key-certbot.pem
Creating CSR: /raid/data/MOD_CONFIG/letsencrypt/csr/0000_csr-certbot.pem
Non-standard path(s), might not work with crontab installed by your operating system package manager

IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at
  /raid/data/MOD_CONFIG/letsencrypt/live/example.ddns.net/fullchain.pem.
  Your cert will expire on 2017-07-30. To obtain a new or tweaked
  version of this certificate in the future, simply run certbot
  again. To non-interactively renew *all* of your certificates, run
  "certbot renew"
- If you like Certbot, please consider supporting our work by:

  Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
  Donating to EFF:                    https://eff.org/donate-le

Next we need to setup a crontab job so that the certificates are checked for automatic renew twice a month. Due to the fact the renew process need access to port 80 and 443, Thecus WebUI is stoped and restarted after the check process.

Open FaJoCron WebUI and add the following line in crontab file:

PHP Code:
0 5 */15 * * root /raid/data/module/Letsencrypt/shell/module.rc renew 

Should look like below

[Image: 2017-05-01_21_13_48-_Mozilla_Firefox.png]

Now we should configure Thecus WebUI to use our certificates. This is needed just once.
Copy the certificates from NAS somewhere locally on your PC. Certicates are stored to /raid/data/MOD_CONFIG/letsencrypt/archive/example.ddns.net, so copy the folder example.ddns.net somewhere on your PC. You can use any client you want, WinSCP or modules like eXTPlorer or MonstaFTP. Folder contain the following files:

[Image: 2017-05-01_21_35_08--_N5810_-_Win_SCP.png]

In Thecus WebUI go to Services >> Web Service >> Advanced
Certifcate file: select cert1.pem
Certificate Key file: select privkey1.pem
CA Certificate file: select chain1.pem

OS7
[Image: 2017-05-01_21_32_59-_N5810.png]

OS5
[Image: 2017-05-01_21_49_12-_N2800.png]

Click apply and reboot your NAS
Enjoy secure connection

[Image: 2017-05-05_18_51_46-_Log_in.png]
-----------------------------------------------------------------------------------------------------
[Image: linkedinbutton.jpg]
Download modules from my forum pirinel.ro
Reply
#2
added 0.13.0.0
-----------------------------------------------------------------------------------------------------
[Image: linkedinbutton.jpg]
Download modules from my forum pirinel.ro
Reply
#3
added guide to use certificates on apache and modules which depends of apache like owncloud, nextcloud, eXtplorer, MonstaFTP etc
-----------------------------------------------------------------------------------------------------
[Image: linkedinbutton.jpg]
Download modules from my forum pirinel.ro
Reply
#4
added 0.13.0.1
-----------------------------------------------------------------------------------------------------
[Image: linkedinbutton.jpg]
Download modules from my forum pirinel.ro
Reply
#5
There will be support for N2560?

TIA

JL
Reply
#6
Yes
-----------------------------------------------------------------------------------------------------
[Image: linkedinbutton.jpg]
Download modules from my forum pirinel.ro
Reply
#7
in order to finish these module for x86 OS6 and x86 OS5 i need some info (i dont own any x86 NAS) from someone who own one of these models
Command to run in SSH and post the results:

Code:
cat /etc/version | awk '-F' '.' '{print $1}'

Code:
ps | grep httpd

Code:
cat /etc/httpd/conf.d/ssl.conf | grep SSLCertificateFile


Code:
cat /etc/httpd/conf/ssl.conf | grep SSLCertificateFile
-----------------------------------------------------------------------------------------------------
[Image: linkedinbutton.jpg]
Download modules from my forum pirinel.ro
Reply
#8
added x86_OS6
-----------------------------------------------------------------------------------------------------
[Image: linkedinbutton.jpg]
Download modules from my forum pirinel.ro
Reply
#9
added ppc_OS6
-----------------------------------------------------------------------------------------------------
[Image: linkedinbutton.jpg]
Download modules from my forum pirinel.ro
Reply
#10
(05-28-2017, 11:23 PM)outkastm Wrote: in order to finish these module for x86 OS6 and x86 OS5 i need some info (i dont own any x86 NAS) from someone who own one of these models
Command to run in SSH and post the results:

Hi, I would really appreciate it if you could finish this module for x86 OS5.
Here are the requested results:

Code:
root@127.0.0.1:/# cat /etc/version | awk '-F' '.' '{print $1}'
5

Code:
root@127.0.0.1:/# ps | grep httpd
3443 root       1060 S   /raid/data/module/apache/sys/bin/httpd -f /raid/data/
3444 root       1060 S   /raid/data/module/apache/sys/bin/httpd -f /raid/data/
3445 root       1360 S   /raid/data/module/apache/sys/bin/httpd -f /raid/data/
3446 root       1084 S   /raid/data/module/apache/sys/bin/httpd -f /raid/data/
3872 root        644 S   /raid/data/module/apache/sys/bin/httpd -f /raid/data/
6013 root      19720 S   /raid/data/module/apache/sys/bin/httpd -f /raid/data/
6124 root       7948 S   /raid/data/module/apache/sys/bin/httpd -f /raid/data/
6142 root      31916 S   /raid/data/module/apache/sys/bin/httpd -f /raid/data/
6143 root      35752 S   /raid/data/module/apache/sys/bin/httpd -f /raid/data/
6144 root      32200 S   /raid/data/module/apache/sys/bin/httpd -f /raid/data/
6149 root      34152 S   /raid/data/module/apache/sys/bin/httpd -f /raid/data/
6156 root      33428 S   /raid/data/module/apache/sys/bin/httpd -f /raid/data/
6181 root      34544 S   /raid/data/module/apache/sys/bin/httpd -f /raid/data/
6182 root      35384 S   /raid/data/module/apache/sys/bin/httpd -f /raid/data/
6184 root      30884 S   /raid/data/module/apache/sys/bin/httpd -f /raid/data/
6538 root      11836 S   /raid/data/module/apache/sys/bin/httpd -f /raid/data/
7064 root      11144 S   /raid/data/module/apache/sys/bin/httpd -f /raid/data/
7068 root      10348 S   /raid/data/module/apache/sys/bin/httpd -f /raid/data/
7069 root      10928 S   /raid/data/module/apache/sys/bin/httpd -f /raid/data/
7070 root      10904 S   /raid/data/module/apache/sys/bin/httpd -f /raid/data/
7237 root        716 S   /opt/apache/bin/httpd -k start
7514 root       5864 S   /opt/apache/bin/httpd -k start
7578 root       6128 S   /opt/apache/bin/httpd -k start
7580 root       6676 S   /opt/apache/bin/httpd -k start
9149 root        832 S   /raid/data/module/apache24/sys/bin/httpd -f /raid/dat
9151 root        524 S   /raid/data/module/apache24/sys/bin/httpd -f /raid/dat
9152 root        488 S   /raid/data/module/apache24/sys/bin/httpd -f /raid/dat
9153 root        488 S   /raid/data/module/apache24/sys/bin/httpd -f /raid/dat
9154 root        488 S   /raid/data/module/apache24/sys/bin/httpd -f /raid/dat
9155 root        488 S   /raid/data/module/apache24/sys/bin/httpd -f /raid/dat
10159 root        972 S   /raid/data/module/apache/sys/bin/httpd -f /raid/data/
10180 root        436 S   /raid/data/module/apache/sys/bin/httpd -f /raid/data/
10358 root      10644 S   /raid/data/module/apache/sys/bin/httpd -f /raid/data/
10362 root      10348 S   /raid/data/module/apache/sys/bin/httpd -f /raid/data/
10366 root      14716 S   /raid/data/module/apache/sys/bin/httpd -f /raid/data/
12497 root        912 S   /raid/data/module/apache/sys/bin/httpd -f /raid/data/
12555 root        424 S   /raid/data/module/apache/sys/bin/httpd -f /raid/data/
12577 root       1224 S   /raid/data/module/apache/sys/bin/httpd -f /raid/data/
12580 root       1356 S   /raid/data/module/apache/sys/bin/httpd -f /raid/data/
12581 root       1320 S   /raid/data/module/apache/sys/bin/httpd -f /raid/data/
12610 root       1324 S   /raid/data/module/apache/sys/bin/httpd -f /raid/data/
12701 root       1324 S   /raid/data/module/apache/sys/bin/httpd -f /raid/data/
13134 root      12132 S   /raid/data/module/apache/sys/bin/httpd -f /raid/data/
16173 root       6036 S   /opt/apache/bin/httpd -k start
16174 root       6564 S   /opt/apache/bin/httpd -k start
16500 root       7232 S   /opt/apache/bin/httpd -k start
17612 root       6796 S   /opt/apache/bin/httpd -k start
17902 root      31712 S   /raid/data/module/apache/sys/bin/httpd -f /raid/data/
18007 root      30920 S   /raid/data/module/apache/sys/bin/httpd -f /raid/data/
22227 root       9248 S   /raid/data/module/apache/sys/bin/httpd -f /raid/data/
22284 root        364 S   grep httpd
30185 root       5972 S   /opt/apache/bin/httpd -k start

Code:
root@127.0.0.1:/# cat /etc/httpd/conf.d/ssl.conf | grep SSLCertificateFile
cat: /etc/httpd/conf.d/ssl.conf: No such file or directory

Code:
root@127.0.0.1:/# cat /etc/httpd/conf/ssl.conf | grep SSLCertificateFile
SSLCertificateFile /opt/apache/conf/ssl.crt/server.crt
Reply


Possibly Related Threads...
Thread Author Replies Views Last Post
  [Traccar][3.14.0.0] Free and Open Source GPS Tracking Platform outkastm 4 3,389 09-09-2017, 04:49 PM
Last Post: outkastm
  [phpBB][3.1.9]Free and Open Source Forum Software outkastm 1 1,530 04-25-2016, 06:28 AM
Last Post: outkastm

Forum Jump:


Users browsing this thread: 1 Guest(s)