Thread Rating:
  • 1 Vote(s) - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
[ Letsencrypt ][ 1.0.0.0 ] Free, automated, and open Certificate Authority.
#1
[Image: letsencrypt-logo-horizontal.svg]

INFO...As from fw 3.02.02, Letsencrypt is implemented in Thecus OS7 WebUI. This module can still be installed on OS7 but not needed.

Module is available for:

x64_OS5/OS7 - last version 0.39.0.0
x86_OS5/OS6 - last version 1.0.0.0
ppc_OS6 - last version 0.13.0.1

Download:
"You have not unlocked the download links. Read here to check how you can unlock them."


Require:
Python2 > 2.05.04
FaJoCron > 1.02.01
FaJoSSHD > 1.10.02 optional

Guides to use certificates on different modules, after they've been created:

apache and modules depending on apache - http://s.go.ro/k4qvegm0

Create SSL Certificate using Let’s Encrypt
 
Requirements:

SSH enabled on your NAS or FaJoSSHD module installed (NAS SSH will be used on this guide)
For PC, you need Putty or any SSH client to connect on you NAS
On your router forward port 80 and 443 to your NAS IP

A DNS which is pointed to your external IP, you can get one from http://freeddns.noip.com and configure it on your NAS or router for automatic update, when you external IP changed. Then you can access your NAS remotely at http://example.ddns.net or securely at https://example.ddns.net

[Image: 2017-05-01_14_37_04-_N5810.png]

Enable SSH in your NAS

[Image: image.png]

Enable HTTP and HTTPS service

[Image: 2017-05-01_21_32_59-_N5810.png]

Start Putty and connect on you NAS (HOST name select your NAS IP):

[Image: image.png]

Login as : root and password: youradminpassword

[Image: image.png]

We consider in this tutorial your domain is example.ddns.net or *.example.ddns.net for wildcard certificate

Type this command to add your domain, replace example.ddns.net with your DNS

Code:
echo example.ddns.net > /raid/data/MOD_CONFIG/letsencrypt/domain

or for wildcard certificate

Code:
echo *.example.ddns.net > /raid/data/MOD_CONFIG/letsencrypt/domain

Then type this command  to register:
Code:
/raid/data/module/Letsencrypt/shell/module.rc register

It will ask you for email address to register, type your email address and hit enter.

Code:
Saving debug log to /raid/data/MOD_CONFIG/letsencrypt/log/letsencrypt.log
Enter email address (used for urgent renewal and security notices) (Enter 'c' to
cancel):john.doe@gmail.com

-------------------------------------------------------------------------------
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about EFF and
our work to encrypt the web, protect its users and defend digital rights.
-------------------------------------------------------------------------------
(Y)es/(N)o: N

IMPORTANT NOTES:
- Your account credentials have been saved in your Certbot
  configuration directory at /raid/data/MOD_CONFIG/letsencrypt. You
  should make a secure backup of this folder now. This configuration
  directory will also contain certificates and private keys obtained
  by Certbot so making regular backups of this folder is ideal.

Now let's create the certificates, enter the following command:

Code:
/raid/data/module/Letsencrypt/shell/module.rc certonly

or for wildcard certificate:

Code:
/raid/data/module/Letsencrypt/shell/module.rc certonly_dns_challenge

Certificates will be created and saved to /raid/data/MOD_CONFIG/letsencrypt/live/example.ddns.net

Code:
Saving debug log to /raid/data/MOD_CONFIG/letsencrypt/log/letsencrypt.log
Obtaining a new certificate
Performing the following challenges:
tls-sni-01 challenge for example.ddns.net
Waiting for verification...
Cleaning up challenges
Generating key (2048 bits): /raid/data/MOD_CONFIG/letsencrypt/keys/0000_key-certbot.pem
Creating CSR: /raid/data/MOD_CONFIG/letsencrypt/csr/0000_csr-certbot.pem
Non-standard path(s), might not work with crontab installed by your operating system package manager

IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at
  /raid/data/MOD_CONFIG/letsencrypt/live/example.ddns.net/fullchain.pem.
  Your cert will expire on 2017-07-30. To obtain a new or tweaked
  version of this certificate in the future, simply run certbot
  again. To non-interactively renew *all* of your certificates, run
  "certbot renew"
- If you like Certbot, please consider supporting our work by:

  Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
  Donating to EFF:                    https://eff.org/donate-le

wildcard certificates have to be renewed manually using:
Code:
/raid/data/module/Letsencrypt/shell/module.rc renew_dns_challenge

For the standard certificate we need to setup a crontab job so that the certificates are checked for automatic renew twice a month. Due to the fact the renew process need access to port 80 and 443, Thecus WebUI is stoped and restarted after the check process.


Open FaJoCron WebUI and add the following line in crontab file:

PHP Code:
0 5 */15 * * root /raid/data/module/Letsencrypt/shell/module.rc renew 

Should look like below

[Image: 2017-05-01_21_13_48-_Mozilla_Firefox.png]

Now we should configure Thecus WebUI to use our certificates. This is needed just once.
Copy the certificates from NAS somewhere locally on your PC. Certicates are stored to /raid/data/MOD_CONFIG/letsencrypt/archive/example.ddns.net, so copy the folder example.ddns.net somewhere on your PC.
Copy also  /raid/data/MOD_CONFIG/letsencrypt/live/example.ddns.net/ca-bundle.crt somewhere on your PC
You can use any client you want, WinSCP or modules like eXTPlorer or MonstaFTP. Folder contain the following files:

[Image: 2017-05-01_21_35_08--_N5810_-_Win_SCP.png]

In Thecus WebUI go to Services >> Web Service >> Advanced
Certifcate file: select cert1.pem
Certificate Key file: select privkey1.pem
CA Certificate file: select ca-bundle.crt

OS7
[Image: 2017-05-01_21_32_59-_N5810.png]

OS5
[Image: 2017-05-01_21_49_12-_N2800.png]

Click apply and reboot your NAS
Enjoy secure connection
------------------------------------------------------------------------
[Image: linkedinbutton.jpg][Image: btn_donate_LG.gif]
Please respect my work and dont share my modules
Reply


Messages In This Thread
[ Letsencrypt ][ 1.0.0.0 ] Free, automated, and open Certificate Authority. - by outkastm - 01-05-2017, 11:06 PM

Forum Jump:


Users browsing this thread: 1 Guest(s)