NAS 3rd Party
[ Letsencrypt ][ ] Free, automated, and open Certificate Authority. - Printable Version

+- NAS 3rd Party (
+-- Forum: Thecus NAS (
+--- Forum: 3rd Party Modules - Paid (
+--- Thread: [ Letsencrypt ][ ] Free, automated, and open Certificate Authority. (/showthread.php?tid=66)

Pages: 1 2 3 4 5 6 7 8 9

[ Letsencrypt ][ ] Free, automated, and open Certificate Authority. - outkastm - 01-05-2017

[Image: letsencrypt-logo-horizontal.svg]

INFO...As from fw 3.02.02, Letsencrypt is implemented in Thecus OS7 WebUI. This module can still be installed on OS7 but not needed.

Module is available for:

x64_OS5/OS7 - last version
x86_OS5/OS6 - last version
ppc_OS6 - last version

"You have not unlocked the download links. Read here to check how you can unlock them."

Python2 > 2.05.04
FaJoCron > 1.02.01
FaJoSSHD > 1.10.02 optional

Guides to use certificates on different modules, after they've been created:

apache and modules depending on apache -

Create SSL Certificate using Let’s Encrypt

SSH enabled on your NAS or FaJoSSHD module installed (NAS SSH will be used on this guide)
For PC, you need Putty or any SSH client to connect on you NAS
On your router forward port 80 and 443 to your NAS IP

A DNS which is pointed to your external IP, you can get one from and configure it on your NAS or router for automatic update, when you external IP changed. Then you can access your NAS remotely at or securely at

[Image: 2017-05-01_14_37_04-_N5810.png]

Enable SSH in your NAS

[Image: image.png]

Enable HTTP and HTTPS service

[Image: 2017-05-01_21_32_59-_N5810.png]

Start Putty and connect on you NAS (HOST name select your NAS IP):

[Image: image.png]

Login as : root and password: youradminpassword

[Image: image.png]

We consider in this tutorial your domain is or * for wildcard certificate

Type this command to add your domain, replace with your DNS

echo > /raid/data/MOD_CONFIG/letsencrypt/domain

or for wildcard certificate

echo * > /raid/data/MOD_CONFIG/letsencrypt/domain

Then type this command  to register:
/raid/data/module/Letsencrypt/shell/module.rc register

It will ask you for email address to register, type your email address and hit enter.

Saving debug log to /raid/data/MOD_CONFIG/letsencrypt/log/letsencrypt.log
Enter email address (used for urgent renewal and security notices) (Enter 'c' to

Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about EFF and
our work to encrypt the web, protect its users and defend digital rights.
(Y)es/(N)o: N

- Your account credentials have been saved in your Certbot
  configuration directory at /raid/data/MOD_CONFIG/letsencrypt. You
  should make a secure backup of this folder now. This configuration
  directory will also contain certificates and private keys obtained
  by Certbot so making regular backups of this folder is ideal.

Now let's create the certificates, enter the following command:

/raid/data/module/Letsencrypt/shell/module.rc certonly

or for wildcard certificate:

/raid/data/module/Letsencrypt/shell/module.rc certonly_dns_challenge

Certificates will be created and saved to /raid/data/MOD_CONFIG/letsencrypt/live/

Saving debug log to /raid/data/MOD_CONFIG/letsencrypt/log/letsencrypt.log
Obtaining a new certificate
Performing the following challenges:
tls-sni-01 challenge for
Waiting for verification...
Cleaning up challenges
Generating key (2048 bits): /raid/data/MOD_CONFIG/letsencrypt/keys/0000_key-certbot.pem
Creating CSR: /raid/data/MOD_CONFIG/letsencrypt/csr/0000_csr-certbot.pem
Non-standard path(s), might not work with crontab installed by your operating system package manager

- Congratulations! Your certificate and chain have been saved at
  Your cert will expire on 2017-07-30. To obtain a new or tweaked
  version of this certificate in the future, simply run certbot
  again. To non-interactively renew *all* of your certificates, run
  "certbot renew"
- If you like Certbot, please consider supporting our work by:

  Donating to ISRG / Let's Encrypt:
  Donating to EFF:          

wildcard certificates have to be renewed manually using:
/raid/data/module/Letsencrypt/shell/module.rc renew_dns_challenge

For the standard certificate we need to setup a crontab job so that the certificates are checked for automatic renew twice a month. Due to the fact the renew process need access to port 80 and 443, Thecus WebUI is stoped and restarted after the check process.

Open FaJoCron WebUI and add the following line in crontab file:

PHP Code:
0 5 */15 * * root /raid/data/module/Letsencrypt/shell/module.rc renew 

Should look like below

[Image: 2017-05-01_21_13_48-_Mozilla_Firefox.png]

Now we should configure Thecus WebUI to use our certificates. This is needed just once.
Copy the certificates from NAS somewhere locally on your PC. Certicates are stored to /raid/data/MOD_CONFIG/letsencrypt/archive/, so copy the folder somewhere on your PC.
Copy also  /raid/data/MOD_CONFIG/letsencrypt/live/ somewhere on your PC
You can use any client you want, WinSCP or modules like eXTPlorer or MonstaFTP. Folder contain the following files:

[Image: 2017-05-01_21_35_08--_N5810_-_Win_SCP.png]

In Thecus WebUI go to Services >> Web Service >> Advanced
Certifcate file: select cert1.pem
Certificate Key file: select privkey1.pem
CA Certificate file: select ca-bundle.crt

[Image: 2017-05-01_21_32_59-_N5810.png]

[Image: 2017-05-01_21_49_12-_N2800.png]

Click apply and reboot your NAS
Enjoy secure connection

RE: [Letsencrypt][] Free, automated, and open Certificate Authority. - outkastm - 02-05-2017


RE: [Letsencrypt][] Free, automated, and open Certificate Authority. - outkastm - 05-05-2017

added guide for using certificates on apache and modules depending of apache like owncloud, nextcloud, eXtplorer, MonstaFTP
updated to

RE: [Letsencrypt][] Free, automated, and open Certificate Authority. - outkastm - 28-05-2017

added x86_OS6

RE: [Letsencrypt][] Free, automated, and open Certificate Authority. - outkastm - 28-05-2017

added ppc_OS6

RE: [Letsencrypt][] Free, automated, and open Certificate Authority. - ZeroNRG - 19-07-2017

I've created a script that works with DuckDNS to use DNS authorization for Let's Encrypt.
DuckDNS allows the publication of TXT records, if you are using Let's Encrypt and want to do DNS validation this might be an alternative.

In my case I am not allowing access on port 80 or 443, then the only solution is DNS validation.

Using a separate cron script to kickstart the Let's Encrypt process

source /raid/data/module/Letsencrypt/sys/venv/bin/activate
certbot certonly -d --preferred-challenges=dns-01 --config-dir /raid/data/MOD_CONFIG/letsencrypt --logs-dir /raid/data/MOD_CONFIG/letsencrypt/log --work-dir /raid/data/MOD_CONFIG/letsencrypt/lib --manual-auth-hook /raid/data/DuckDNS/ --manual --agree-tos --manual-public-ip-logging-ok --quiet

RE: [Letsencrypt][] Free, automated, and open Certificate Authority. - kos - 29-12-2017

(28-05-2017, 04:23 PM)outkastm Wrote: in order to finish these module for x86 OS6 and x86 OS5 i need some info (i dont own any x86 NAS) from someone who own one of these models
Command to run in SSH and post the results:

Hi, I would really appreciate it if you could finish this module for x86 OS5.
Here are the requested results:

root@ cat /etc/version | awk '-F' '.' '{print $1}'

root@ ps | grep httpd
3443 root       1060 S   /raid/data/module/apache/sys/bin/httpd -f /raid/data/
3444 root       1060 S   /raid/data/module/apache/sys/bin/httpd -f /raid/data/
3445 root       1360 S   /raid/data/module/apache/sys/bin/httpd -f /raid/data/
3446 root       1084 S   /raid/data/module/apache/sys/bin/httpd -f /raid/data/
3872 root        644 S   /raid/data/module/apache/sys/bin/httpd -f /raid/data/
6013 root      19720 S   /raid/data/module/apache/sys/bin/httpd -f /raid/data/
6124 root       7948 S   /raid/data/module/apache/sys/bin/httpd -f /raid/data/
6142 root      31916 S   /raid/data/module/apache/sys/bin/httpd -f /raid/data/
6143 root      35752 S   /raid/data/module/apache/sys/bin/httpd -f /raid/data/
6144 root      32200 S   /raid/data/module/apache/sys/bin/httpd -f /raid/data/
6149 root      34152 S   /raid/data/module/apache/sys/bin/httpd -f /raid/data/
6156 root      33428 S   /raid/data/module/apache/sys/bin/httpd -f /raid/data/
6181 root      34544 S   /raid/data/module/apache/sys/bin/httpd -f /raid/data/
6182 root      35384 S   /raid/data/module/apache/sys/bin/httpd -f /raid/data/
6184 root      30884 S   /raid/data/module/apache/sys/bin/httpd -f /raid/data/
6538 root      11836 S   /raid/data/module/apache/sys/bin/httpd -f /raid/data/
7064 root      11144 S   /raid/data/module/apache/sys/bin/httpd -f /raid/data/
7068 root      10348 S   /raid/data/module/apache/sys/bin/httpd -f /raid/data/
7069 root      10928 S   /raid/data/module/apache/sys/bin/httpd -f /raid/data/
7070 root      10904 S   /raid/data/module/apache/sys/bin/httpd -f /raid/data/
7237 root        716 S   /opt/apache/bin/httpd -k start
7514 root       5864 S   /opt/apache/bin/httpd -k start
7578 root       6128 S   /opt/apache/bin/httpd -k start
7580 root       6676 S   /opt/apache/bin/httpd -k start
9149 root        832 S   /raid/data/module/apache24/sys/bin/httpd -f /raid/dat
9151 root        524 S   /raid/data/module/apache24/sys/bin/httpd -f /raid/dat
9152 root        488 S   /raid/data/module/apache24/sys/bin/httpd -f /raid/dat
9153 root        488 S   /raid/data/module/apache24/sys/bin/httpd -f /raid/dat
9154 root        488 S   /raid/data/module/apache24/sys/bin/httpd -f /raid/dat
9155 root        488 S   /raid/data/module/apache24/sys/bin/httpd -f /raid/dat
10159 root        972 S   /raid/data/module/apache/sys/bin/httpd -f /raid/data/
10180 root        436 S   /raid/data/module/apache/sys/bin/httpd -f /raid/data/
10358 root      10644 S   /raid/data/module/apache/sys/bin/httpd -f /raid/data/
10362 root      10348 S   /raid/data/module/apache/sys/bin/httpd -f /raid/data/
10366 root      14716 S   /raid/data/module/apache/sys/bin/httpd -f /raid/data/
12497 root        912 S   /raid/data/module/apache/sys/bin/httpd -f /raid/data/
12555 root        424 S   /raid/data/module/apache/sys/bin/httpd -f /raid/data/
12577 root       1224 S   /raid/data/module/apache/sys/bin/httpd -f /raid/data/
12580 root       1356 S   /raid/data/module/apache/sys/bin/httpd -f /raid/data/
12581 root       1320 S   /raid/data/module/apache/sys/bin/httpd -f /raid/data/
12610 root       1324 S   /raid/data/module/apache/sys/bin/httpd -f /raid/data/
12701 root       1324 S   /raid/data/module/apache/sys/bin/httpd -f /raid/data/
13134 root      12132 S   /raid/data/module/apache/sys/bin/httpd -f /raid/data/
16173 root       6036 S   /opt/apache/bin/httpd -k start
16174 root       6564 S   /opt/apache/bin/httpd -k start
16500 root       7232 S   /opt/apache/bin/httpd -k start
17612 root       6796 S   /opt/apache/bin/httpd -k start
17902 root      31712 S   /raid/data/module/apache/sys/bin/httpd -f /raid/data/
18007 root      30920 S   /raid/data/module/apache/sys/bin/httpd -f /raid/data/
22227 root       9248 S   /raid/data/module/apache/sys/bin/httpd -f /raid/data/
22284 root        364 S   grep httpd
30185 root       5972 S   /opt/apache/bin/httpd -k start

root@ cat /etc/httpd/conf.d/ssl.conf | grep SSLCertificateFile
cat: /etc/httpd/conf.d/ssl.conf: No such file or directory

root@ cat /etc/httpd/conf/ssl.conf | grep SSLCertificateFile
SSLCertificateFile /opt/apache/conf/ssl.crt/server.crt

RE: [Letsencrypt][] Free, automated, and open Certificate Authority. - outkastm - 29-12-2017

I'll have a look these days

RE: [Letsencrypt][] Free, automated, and open Certificate Authority. - outkastm - 29-12-2017

added with support for x86 OS5 (to be tested by an owner)

RE: [Letsencrypt][] Free, automated, and open Certificate Authority. - kos - 02-01-2018

Installation went smoothly.
However trying to register my domain resulted in these errors :

root@ /raid/data/module/Letsencrypt/shell/module.rc register
Traceback (most recent call last):
  File "/raid/data/module/Letsencrypt/sys/venv/bin/certbot", line 6, in <module>
    from pkg_resources import load_entry_point
  File "/raid/data/module/Letsencrypt/sys/venv/lib/python2.7/site-packages/pkg_resources/", line 3036, in <module>
  File "/raid/data/module/Letsencrypt/sys/venv/lib/python2.7/site-packages/pkg_resources/", line 3020, in _call_aside
    f(*args, **kwargs)
  File "/raid/data/module/Letsencrypt/sys/venv/lib/python2.7/site-packages/pkg_resources/", line 3049, in _initialize_master_working_set
    working_set = WorkingSet._build_master()
  File "/raid/data/module/Letsencrypt/sys/venv/lib/python2.7/site-packages/pkg_resources/", line 654, in _build_master
  File "/raid/data/module/Letsencrypt/sys/venv/lib/python2.7/site-packages/pkg_resources/", line 968, in require
    needed = self.resolve(parse_requirements(requirements))
  File "/raid/data/module/Letsencrypt/sys/venv/lib/python2.7/site-packages/pkg_resources/", line 854, in resolve
    raise DistributionNotFound(req, requirers)
pkg_resources.DistributionNotFound: The 'cffi>=1.4.1' distribution was not found and is required by cryptography