[ LEgo ] [ 4.12.1.0 ] Let's Encrypt client and ACME library.5.2
- QNAP_Stephane
- Experience counts
- Posts: 4802
- Joined: Wed Mar 27, 2013 1:00 am
Re: [ LEgo ] [ 3.0.0 ] Let's Encrypt client and ACME library
version 3.0.0 online on repo
---------------------------------------------------------------------------------------------------------------------------
Find all QPKG in the MyQnap.org repository https://www.myqnap.org
join our discord server for any inquiry related to qpkg - https://discord.gg/4fPxHSWKQW
----------------------------------------------------------------------------------------------------------------------------
Find all QPKG in the MyQnap.org repository https://www.myqnap.org
join our discord server for any inquiry related to qpkg - https://discord.gg/4fPxHSWKQW
----------------------------------------------------------------------------------------------------------------------------
- Toxic17
- Ask me anything
- Posts: 6469
- Joined: Tue Jan 25, 2011 11:41 pm
- Location: Planet Earth
- Contact:
Re: [ LEgo ] [ 3.0.0 ] Let's Encrypt client and ACME library
wow! quick work Stephane.
do you know is root folder is overwritten if new firmware is installed?
do you know is root folder is overwritten if new firmware is installed?
Regards Simon
Qnap Downloads
MyQNap.Org Repository
Submit a ticket • QNAP Helpdesk
QNAP Tutorials, User Manuals, FAQs, Downloads, Wiki
When you ask a question, please include the following
NAS: TS-673A QuTS hero h5.1.2.2534 • TS-121 4.3.3.2420 • APC Back-UPS ES 700G
Network: VM Hub3: 500/50 • UniFi UDM Pro: 3.2.9 • UniFi Network Controller: 8.0.28
USW-Aggregation: 6.6.61 • US-16-150W: 6.6.61 • 2x USW Mini Flex 2.0.0 • UniFi AC Pro 6.6.62 • UniFi U6-LR 6.6.62
UniFi Protect: 2.11.21/8TB Skyhawk AI • 3x G3 Instants: 4.69.55 • UniFi G3 Flex: 4.69.55 • UniFi G5 Flex: 4.69.55
Qnap Downloads
MyQNap.Org Repository
Submit a ticket • QNAP Helpdesk
QNAP Tutorials, User Manuals, FAQs, Downloads, Wiki
When you ask a question, please include the following
NAS: TS-673A QuTS hero h5.1.2.2534 • TS-121 4.3.3.2420 • APC Back-UPS ES 700G
Network: VM Hub3: 500/50 • UniFi UDM Pro: 3.2.9 • UniFi Network Controller: 8.0.28
USW-Aggregation: 6.6.61 • US-16-150W: 6.6.61 • 2x USW Mini Flex 2.0.0 • UniFi AC Pro 6.6.62 • UniFi U6-LR 6.6.62
UniFi Protect: 2.11.21/8TB Skyhawk AI • 3x G3 Instants: 4.69.55 • UniFi G3 Flex: 4.69.55 • UniFi G5 Flex: 4.69.55
- QNAP_Stephane
- Experience counts
- Posts: 4802
- Joined: Wed Mar 27, 2013 1:00 am
Re: [ LEgo ] [ 3.0.0 ] Let's Encrypt client and ACME library
yes it is... it is a part of tmpfs
better set another HOME via an export HOME=/share/CACHEDEV1_DATA/.qpkg/LEgo
for example
better set another HOME via an export HOME=/share/CACHEDEV1_DATA/.qpkg/LEgo
for example
---------------------------------------------------------------------------------------------------------------------------
Find all QPKG in the MyQnap.org repository https://www.myqnap.org
join our discord server for any inquiry related to qpkg - https://discord.gg/4fPxHSWKQW
----------------------------------------------------------------------------------------------------------------------------
Find all QPKG in the MyQnap.org repository https://www.myqnap.org
join our discord server for any inquiry related to qpkg - https://discord.gg/4fPxHSWKQW
----------------------------------------------------------------------------------------------------------------------------
- ukez
- Know my way around
- Posts: 222
- Joined: Sat Jul 19, 2008 5:08 am
- Location: Some Really Seedy Brothel
Re: [ LEgo ] [ 2.2.0 ] Let's Encrypt client and ACME library
You're a gentleman, thank you.yanuk wrote: ↑Sun Jul 21, 2019 4:48 pm here's how i used it.
I'm using qapache, if you're using the default apache the only difference should be the port number and webroot. Qapache uses port 88 and folder "/share/htdocs"
First make sure your webroot is work by testing with the local server (192.168.1.123:88) and the non-ssl external address (http://my.ext.add)
Lego requires a port to bind to, 88 and 80 are both used, so I randomly chose a port 1234, (i didn't forward port 1234 from my router to nas port 88, but if validation fail, you might want to try this)
then i run the following:the certs will be found inside the <current directory>/.legoCode: Select all
lego --http.port "1234" --a --http.webroot "/share/htdocs" --email="my@email.com" --domains="my.ext.add" --http run
depending on where you run the command, a new folder .lego will be created in the current directory where you ran the command. So after running the above command just runand you'll see the certs in the foldersCode: Select all
cd .lego
rename and move the certs as required
if you forgot where the files went, useCode: Select all
lego list
Before you criticise a man walk a mile in his shoe's, that way if he's angry he's a mile away and barefoot.
-
- New here
- Posts: 5
- Joined: Fri Oct 18, 2019 6:21 pm
Re: [ LEgo ] [ 3.0.0 ] Let's Encrypt client and ACME library
Hi, I'm sorry, maybe it's my fault but I do not understand if this solution works on my TS-251+. too
I've tried to download but it seems to me that my NAS it's not on the list.
Thank's a lot
I've tried to download but it seems to me that my NAS it's not on the list.
Thank's a lot
-
- Know my way around
- Posts: 164
- Joined: Mon Feb 08, 2016 9:45 am
Re: [ LEgo ] [ 3.0.0 ] Let's Encrypt client and ACME library
It should, it worked on my TS451 and 453AMarco Lungo wrote: ↑Fri Oct 18, 2019 6:31 pm Hi, I'm sorry, maybe it's my fault but I do not understand if this solution works on my TS-251+. too
I've tried to download but it seems to me that my NAS it's not on the list.
Thank's a lot
Just be sure that the port 80 is forwarded to your nas (port 88 in the case of Qapache)
Also be sure that your web root directory is working, recently i had issues renewing because somehow the vhost (inside /opt/Qapache/etc/extra/httpd-vhosts.conf) defaulted to a DocumentRoot of "docs/dummy-host-example.com" took me a while to spot this. changed the documentroot back to /share/htdocs and all's well
TS451
TS453
TVS-682
TS453
TVS-682
-
- Starting out
- Posts: 24
- Joined: Fri Mar 27, 2015 6:20 am
Re: [ LEgo ] [ 3.1.0 ] Let's Encrypt client and ACME library
Is there any way to get LEgo to create fullchain.pem and privkey.pem files, like LetsEncrypt does? I have LetsEncrypt installed and working on my QNAP NAS but recently received an email from LetsEncrypt saying that ACMEv1 won't be supported going forwards. I don't believe the LetsEncrypt package for QNAP supports ACMEv2.
- QNAP_Stephane
- Experience counts
- Posts: 4802
- Joined: Wed Mar 27, 2013 1:00 am
Re: [ LEgo ] [ 3.3.0 ] Let's Encrypt client and ACME library
updated to 3.3.0
---------------------------------------------------------------------------------------------------------------------------
Find all QPKG in the MyQnap.org repository https://www.myqnap.org
join our discord server for any inquiry related to qpkg - https://discord.gg/4fPxHSWKQW
----------------------------------------------------------------------------------------------------------------------------
Find all QPKG in the MyQnap.org repository https://www.myqnap.org
join our discord server for any inquiry related to qpkg - https://discord.gg/4fPxHSWKQW
----------------------------------------------------------------------------------------------------------------------------
- aesculus
- Easy as a breeze
- Posts: 346
- Joined: Fri Dec 14, 2007 11:17 am
Re: [ LEgo ] [ 3.3.0 ] Let's Encrypt client and ACME library
I must be missing a basic concept. After running LEGO on my domain I get the certificates but the domain.crt file has two certificates in it. Also the .key file seems to be very small compared to all other certificates.
Which of the two certificates do I apply and is that key file OK for the private key?
Which of the two certificates do I apply and is that key file OK for the private key?
Chris
-
- Starting out
- Posts: 11
- Joined: Thu Jul 24, 2014 3:51 am
Re: [ LEgo ] [ 3.3.0 ] Let's Encrypt client and ACME library
Code: Select all
cat certificate.crt certificate.key > certificate.pem
Dont use default directory for storing a certificate, is deleted when restarted or updated NAS.
Here its my autoupdate solution for Qapache (not testest yet)
create folder /share/CACHEDEV3_DATA/.qpkg/LEgo/script/
and put lego_renew.sh and chmod +x
Code: Select all
#!/bin/bash
cd /share/CACHEDEV3_DATA/.qpkg/LEgo/certificates/
/etc/init.d/Qapache.sh stop
lego --email="xxx@xx.xx" --domains="xxxxx.xx" -a --http renew --days 90
rm -rf stunnel_xxx.pem
cat xxxx.crt xxxx.key > stunnel_xxx.pem
chmod 600 stunnel_xxx.pem
/etc/init.d/Qapache.sh start
add to crontab
Code: Select all
30 0 1 1/3 * /share/CACHEDEV3_DATA/.qpkg/LEgo/script/lego_renew.sh
Last edited by xbenny on Fri Jan 24, 2020 2:36 am, edited 1 time in total.
QNAP TS-453 PRO
- aesculus
- Easy as a breeze
- Posts: 346
- Joined: Fri Dec 14, 2007 11:17 am
Re: [ LEgo ] [ 3.3.0 ] Let's Encrypt client and ACME library
It appears that the cert file has both the domain cert and the chain cert. So I extracted the domain cert into another file.aesculus wrote: ↑Sat Jan 18, 2020 5:21 am I must be missing a basic concept. After running LEGO on my domain I get the certificates but the domain.crt file has two certificates in it. Also the .key file seems to be very small compared to all other certificates.
Which of the two certificates do I apply and is that key file OK for the private key?
But that tiny private.key file is way smaller than normal and the NAS does not accept it. I tried obtaining another cert and again I got a tiny private key.
What am I doing wrong to get a invalid private key?
Chris
- aesculus
- Easy as a breeze
- Posts: 346
- Joined: Fri Dec 14, 2007 11:17 am
Re: [ LEgo ] [ 3.3.0 ] Let's Encrypt client and ACME library
Turns out I needed to add
Code: Select all
--key-type=rsa2048
All is good now.
Chris
- Toxic17
- Ask me anything
- Posts: 6469
- Joined: Tue Jan 25, 2011 11:41 pm
- Location: Planet Earth
- Contact:
Re: [ LEgo ] [ 3.3.0 ] Let's Encrypt client and ACME library
v3.5.0 is released now fyi.
Code: Select all
[v3.5.0] - 2020-03-15
Added:
[dnsprovider] Add DNS provider for Dynu.
[dnsprovider] Add DNS provider for reg.ru
[dnsprovider] Add DNS provider for Zonomi and RimuHosting.
[cli] Building binaries for arm 6 and 5
[cli] Uses CGO_ENABLED=0
[cli] Multi-arch Docker image.
[cli] Adds --name flag to list command.
Changed:
[lib] lib: Improve cleanup log messages.
[lib] Wrap errors.
Fixed:
[dnsprovider] azure: pass AZURE_CLIENT_SECRET_FILE to autorest.Authorizer
[dnsprovider] gcloud: fixes issues when used with GKE Workload Identity
[dnsprovider] oraclecloud: fix subdomain support
[v3.4.0] - 2020-02-25
Added:
[dnsprovider] Add DNS provider for Constellix
[dnsprovider] Add DNS provider for Servercow.
[dnsprovider] Add DNS provider for Scaleway
[cli] Add "LEGO_PATH" environment variable
Changed:
[dnsprovider] route53: allow custom client to be provided
[dnsprovider] namecheap: allow external domains
[dnsprovider] namecheap: add sandbox support.
[dnsprovider] ovh: Improve provider documentation
[dnsprovider] route53: Improve provider documentation
Fixed:
[dnsprovider] zoneee: fix subdomains.
[dnsprovider] designate: Don't clean up managed records like SOA and NS
[dnsprovider] dnspod: update lib.
[lib] crypto: Treat CommonName as optional
[lib] chore: update cenkalti/backoff to v4.
Regards Simon
Qnap Downloads
MyQNap.Org Repository
Submit a ticket • QNAP Helpdesk
QNAP Tutorials, User Manuals, FAQs, Downloads, Wiki
When you ask a question, please include the following
NAS: TS-673A QuTS hero h5.1.2.2534 • TS-121 4.3.3.2420 • APC Back-UPS ES 700G
Network: VM Hub3: 500/50 • UniFi UDM Pro: 3.2.9 • UniFi Network Controller: 8.0.28
USW-Aggregation: 6.6.61 • US-16-150W: 6.6.61 • 2x USW Mini Flex 2.0.0 • UniFi AC Pro 6.6.62 • UniFi U6-LR 6.6.62
UniFi Protect: 2.11.21/8TB Skyhawk AI • 3x G3 Instants: 4.69.55 • UniFi G3 Flex: 4.69.55 • UniFi G5 Flex: 4.69.55
Qnap Downloads
MyQNap.Org Repository
Submit a ticket • QNAP Helpdesk
QNAP Tutorials, User Manuals, FAQs, Downloads, Wiki
When you ask a question, please include the following
NAS: TS-673A QuTS hero h5.1.2.2534 • TS-121 4.3.3.2420 • APC Back-UPS ES 700G
Network: VM Hub3: 500/50 • UniFi UDM Pro: 3.2.9 • UniFi Network Controller: 8.0.28
USW-Aggregation: 6.6.61 • US-16-150W: 6.6.61 • 2x USW Mini Flex 2.0.0 • UniFi AC Pro 6.6.62 • UniFi U6-LR 6.6.62
UniFi Protect: 2.11.21/8TB Skyhawk AI • 3x G3 Instants: 4.69.55 • UniFi G3 Flex: 4.69.55 • UniFi G5 Flex: 4.69.55
-
- First post
- Posts: 1
- Joined: Sat Oct 10, 2015 1:18 pm
Re: [ LEgo ] [ 3.5.0 ] Let's Encrypt client and ACME library
Tiny thing but noticed in the LEgo.sh it said:
/bin/ln -sf $QPKG_ROOT /opt/QPKG_NAME
when it should be:
/bin/ln -sf $QPKG_ROOT /opt/$QPKG_NAME
Not sure if that was just some peculiarity on mine but figured I'd put it here.
/bin/ln -sf $QPKG_ROOT /opt/QPKG_NAME
when it should be:
/bin/ln -sf $QPKG_ROOT /opt/$QPKG_NAME
Not sure if that was just some peculiarity on mine but figured I'd put it here.
- QNAP_Stephane
- Experience counts
- Posts: 4802
- Joined: Wed Mar 27, 2013 1:00 am
Re: [ LEgo ] [ 3.6.0 ] Let's Encrypt client and ACME library
3.6.0 updated
---------------------------------------------------------------------------------------------------------------------------
Find all QPKG in the MyQnap.org repository https://www.myqnap.org
join our discord server for any inquiry related to qpkg - https://discord.gg/4fPxHSWKQW
----------------------------------------------------------------------------------------------------------------------------
Find all QPKG in the MyQnap.org repository https://www.myqnap.org
join our discord server for any inquiry related to qpkg - https://discord.gg/4fPxHSWKQW
----------------------------------------------------------------------------------------------------------------------------