[ LEgo ] [ 4.12.1.0 ] Let's Encrypt client and ACME library.5.2

This is the best place for community developers to publish their genius work. Your Apps enrich the QNAP Turbo NAS.
User avatar
QNAP_Stephane
Experience counts
Posts: 4802
Joined: Wed Mar 27, 2013 1:00 am

Re: [ LEgo ] [ 3.0.0 ] Let's Encrypt client and ACME library

Post by QNAP_Stephane »

version 3.0.0 online on repo ;)
---------------------------------------------------------------------------------------------------------------------------

Find all QPKG in the MyQnap.org repository https://www.myqnap.org
join our discord server for any inquiry related to qpkg - https://discord.gg/4fPxHSWKQW

----------------------------------------------------------------------------------------------------------------------------
User avatar
Toxic17
Ask me anything
Posts: 6469
Joined: Tue Jan 25, 2011 11:41 pm
Location: Planet Earth
Contact:

Re: [ LEgo ] [ 3.0.0 ] Let's Encrypt client and ACME library

Post by Toxic17 »

wow! quick work Stephane.

do you know is root folder is overwritten if new firmware is installed?
Regards Simon

Qnap Downloads
MyQNap.Org Repository
Submit a ticket • QNAP Helpdesk
QNAP Tutorials, User Manuals, FAQs, Downloads, Wiki
When you ask a question, please include the following


NAS: TS-673A QuTS hero h5.1.2.2534 • TS-121 4.3.3.2420 • APC Back-UPS ES 700G
Network: VM Hub3: 500/50 • UniFi UDM Pro: 3.2.9 • UniFi Network Controller: 8.0.28
USW-Aggregation: 6.6.61 • US-16-150W: 6.6.61 • 2x USW Mini Flex 2.0.0 • UniFi AC Pro 6.6.62 • UniFi U6-LR 6.6.62
UniFi Protect: 2.11.21/8TB Skyhawk AI • 3x G3 Instants: 4.69.55 • UniFi G3 Flex: 4.69.55 • UniFi G5 Flex: 4.69.55
User avatar
QNAP_Stephane
Experience counts
Posts: 4802
Joined: Wed Mar 27, 2013 1:00 am

Re: [ LEgo ] [ 3.0.0 ] Let's Encrypt client and ACME library

Post by QNAP_Stephane »

yes it is... it is a part of tmpfs

better set another HOME via an export HOME=/share/CACHEDEV1_DATA/.qpkg/LEgo

for example
---------------------------------------------------------------------------------------------------------------------------

Find all QPKG in the MyQnap.org repository https://www.myqnap.org
join our discord server for any inquiry related to qpkg - https://discord.gg/4fPxHSWKQW

----------------------------------------------------------------------------------------------------------------------------
User avatar
ukez
Know my way around
Posts: 222
Joined: Sat Jul 19, 2008 5:08 am
Location: Some Really Seedy Brothel

Re: [ LEgo ] [ 2.2.0 ] Let's Encrypt client and ACME library

Post by ukez »

yanuk wrote: Sun Jul 21, 2019 4:48 pm here's how i used it.

I'm using qapache, if you're using the default apache the only difference should be the port number and webroot. Qapache uses port 88 and folder "/share/htdocs"

First make sure your webroot is work by testing with the local server (192.168.1.123:88) and the non-ssl external address (http://my.ext.add)
Lego requires a port to bind to, 88 and 80 are both used, so I randomly chose a port 1234, (i didn't forward port 1234 from my router to nas port 88, but if validation fail, you might want to try this)
then i run the following:

Code: Select all

lego --http.port "1234" --a  --http.webroot "/share/htdocs"  --email="my@email.com" --domains="my.ext.add" --http run
the certs will be found inside the <current directory>/.lego

depending on where you run the command, a new folder .lego will be created in the current directory where you ran the command. So after running the above command just run

Code: Select all

cd .lego
and you'll see the certs in the folders
rename and move the certs as required

if you forgot where the files went, use

Code: Select all

lego list
You're a gentleman, thank you.
Before you criticise a man walk a mile in his shoe's, that way if he's angry he's a mile away and barefoot.
Marco Lungo
New here
Posts: 5
Joined: Fri Oct 18, 2019 6:21 pm

Re: [ LEgo ] [ 3.0.0 ] Let's Encrypt client and ACME library

Post by Marco Lungo »

Hi, I'm sorry, maybe it's my fault but I do not understand if this solution works on my TS-251+. too
I've tried to download but it seems to me that my NAS it's not on the list.
Thank's a lot
yanuk
Know my way around
Posts: 164
Joined: Mon Feb 08, 2016 9:45 am

Re: [ LEgo ] [ 3.0.0 ] Let's Encrypt client and ACME library

Post by yanuk »

Marco Lungo wrote: Fri Oct 18, 2019 6:31 pm Hi, I'm sorry, maybe it's my fault but I do not understand if this solution works on my TS-251+. too
I've tried to download but it seems to me that my NAS it's not on the list.
Thank's a lot
It should, it worked on my TS451 and 453A

Just be sure that the port 80 is forwarded to your nas (port 88 in the case of Qapache)

Also be sure that your web root directory is working, recently i had issues renewing because somehow the vhost (inside /opt/Qapache/etc/extra/httpd-vhosts.conf) defaulted to a DocumentRoot of "docs/dummy-host-example.com" took me a while to spot this. changed the documentroot back to /share/htdocs and all's well
TS451
TS453
TVS-682
blackbat
Starting out
Posts: 24
Joined: Fri Mar 27, 2015 6:20 am

Re: [ LEgo ] [ 3.1.0 ] Let's Encrypt client and ACME library

Post by blackbat »

Is there any way to get LEgo to create fullchain.pem and privkey.pem files, like LetsEncrypt does? I have LetsEncrypt installed and working on my QNAP NAS but recently received an email from LetsEncrypt saying that ACMEv1 won't be supported going forwards. I don't believe the LetsEncrypt package for QNAP supports ACMEv2.
User avatar
QNAP_Stephane
Experience counts
Posts: 4802
Joined: Wed Mar 27, 2013 1:00 am

Re: [ LEgo ] [ 3.3.0 ] Let's Encrypt client and ACME library

Post by QNAP_Stephane »

updated to 3.3.0
---------------------------------------------------------------------------------------------------------------------------

Find all QPKG in the MyQnap.org repository https://www.myqnap.org
join our discord server for any inquiry related to qpkg - https://discord.gg/4fPxHSWKQW

----------------------------------------------------------------------------------------------------------------------------
User avatar
aesculus
Easy as a breeze
Posts: 346
Joined: Fri Dec 14, 2007 11:17 am

Re: [ LEgo ] [ 3.3.0 ] Let's Encrypt client and ACME library

Post by aesculus »

I must be missing a basic concept. After running LEGO on my domain I get the certificates but the domain.crt file has two certificates in it. Also the .key file seems to be very small compared to all other certificates.

Which of the two certificates do I apply and is that key file OK for the private key?
Chris
xbenny
Starting out
Posts: 11
Joined: Thu Jul 24, 2014 3:51 am

Re: [ LEgo ] [ 3.3.0 ] Let's Encrypt client and ACME library

Post by xbenny »

Code: Select all

cat  certificate.crt certificate.key > certificate.pem
and use .pem file like certificate

Dont use default directory for storing a certificate, is deleted when restarted or updated NAS.

Here its my autoupdate solution for Qapache (not testest yet)

create folder /share/CACHEDEV3_DATA/.qpkg/LEgo/script/

and put lego_renew.sh and chmod +x

Code: Select all

#!/bin/bash

cd /share/CACHEDEV3_DATA/.qpkg/LEgo/certificates/
/etc/init.d/Qapache.sh stop
lego  --email="xxx@xx.xx" --domains="xxxxx.xx" -a --http  renew --days 90
rm -rf stunnel_xxx.pem
cat xxxx.crt xxxx.key > stunnel_xxx.pem
chmod 600 stunnel_xxx.pem
/etc/init.d/Qapache.sh start 

add to crontab

Code: Select all

30 0 1 1/3 * /share/CACHEDEV3_DATA/.qpkg/LEgo/script/lego_renew.sh
Last edited by xbenny on Fri Jan 24, 2020 2:36 am, edited 1 time in total.
QNAP TS-453 PRO
User avatar
aesculus
Easy as a breeze
Posts: 346
Joined: Fri Dec 14, 2007 11:17 am

Re: [ LEgo ] [ 3.3.0 ] Let's Encrypt client and ACME library

Post by aesculus »

aesculus wrote: Sat Jan 18, 2020 5:21 am I must be missing a basic concept. After running LEGO on my domain I get the certificates but the domain.crt file has two certificates in it. Also the .key file seems to be very small compared to all other certificates.

Which of the two certificates do I apply and is that key file OK for the private key?
It appears that the cert file has both the domain cert and the chain cert. So I extracted the domain cert into another file.

But that tiny private.key file is way smaller than normal and the NAS does not accept it. I tried obtaining another cert and again I got a tiny private key.

What am I doing wrong to get a invalid private key?
Chris
User avatar
aesculus
Easy as a breeze
Posts: 346
Joined: Fri Dec 14, 2007 11:17 am

Re: [ LEgo ] [ 3.3.0 ] Let's Encrypt client and ACME library

Post by aesculus »

aesculus wrote: Tue Jan 21, 2020 6:49 am
But that tiny private.key file is way smaller than normal and the NAS does not accept it. I tried obtaining another cert and again I got a tiny private key.

What am I doing wrong to get a invalid private key?
Turns out I needed to add

Code: Select all

--key-type=rsa2048
While that says it is the default it did not work that way for me and I did not get a 2048 key without it.

All is good now.
Chris
User avatar
Toxic17
Ask me anything
Posts: 6469
Joined: Tue Jan 25, 2011 11:41 pm
Location: Planet Earth
Contact:

Re: [ LEgo ] [ 3.3.0 ] Let's Encrypt client and ACME library

Post by Toxic17 »

v3.5.0 is released now fyi.

Code: Select all

[v3.5.0] - 2020-03-15
Added:
[dnsprovider] Add DNS provider for Dynu.
[dnsprovider] Add DNS provider for reg.ru
[dnsprovider] Add DNS provider for Zonomi and RimuHosting.
[cli] Building binaries for arm 6 and 5
[cli] Uses CGO_ENABLED=0
[cli] Multi-arch Docker image.
[cli] Adds --name flag to list command.
Changed:
[lib] lib: Improve cleanup log messages.
[lib] Wrap errors.
Fixed:
[dnsprovider] azure: pass AZURE_CLIENT_SECRET_FILE to autorest.Authorizer
[dnsprovider] gcloud: fixes issues when used with GKE Workload Identity
[dnsprovider] oraclecloud: fix subdomain support
[v3.4.0] - 2020-02-25
Added:
[dnsprovider] Add DNS provider for Constellix
[dnsprovider] Add DNS provider for Servercow.
[dnsprovider] Add DNS provider for Scaleway
[cli] Add "LEGO_PATH" environment variable
Changed:
[dnsprovider] route53: allow custom client to be provided
[dnsprovider] namecheap: allow external domains
[dnsprovider] namecheap: add sandbox support.
[dnsprovider] ovh: Improve provider documentation
[dnsprovider] route53: Improve provider documentation
Fixed:
[dnsprovider] zoneee: fix subdomains.
[dnsprovider] designate: Don't clean up managed records like SOA and NS
[dnsprovider] dnspod: update lib.
[lib] crypto: Treat CommonName as optional
[lib] chore: update cenkalti/backoff to v4.
Regards Simon

Qnap Downloads
MyQNap.Org Repository
Submit a ticket • QNAP Helpdesk
QNAP Tutorials, User Manuals, FAQs, Downloads, Wiki
When you ask a question, please include the following


NAS: TS-673A QuTS hero h5.1.2.2534 • TS-121 4.3.3.2420 • APC Back-UPS ES 700G
Network: VM Hub3: 500/50 • UniFi UDM Pro: 3.2.9 • UniFi Network Controller: 8.0.28
USW-Aggregation: 6.6.61 • US-16-150W: 6.6.61 • 2x USW Mini Flex 2.0.0 • UniFi AC Pro 6.6.62 • UniFi U6-LR 6.6.62
UniFi Protect: 2.11.21/8TB Skyhawk AI • 3x G3 Instants: 4.69.55 • UniFi G3 Flex: 4.69.55 • UniFi G5 Flex: 4.69.55
cerealkillers
First post
Posts: 1
Joined: Sat Oct 10, 2015 1:18 pm

Re: [ LEgo ] [ 3.5.0 ] Let's Encrypt client and ACME library

Post by cerealkillers »

Tiny thing but noticed in the LEgo.sh it said:

/bin/ln -sf $QPKG_ROOT /opt/QPKG_NAME

when it should be:

/bin/ln -sf $QPKG_ROOT /opt/$QPKG_NAME

Not sure if that was just some peculiarity on mine but figured I'd put it here.
User avatar
QNAP_Stephane
Experience counts
Posts: 4802
Joined: Wed Mar 27, 2013 1:00 am

Re: [ LEgo ] [ 3.6.0 ] Let's Encrypt client and ACME library

Post by QNAP_Stephane »

3.6.0 updated
---------------------------------------------------------------------------------------------------------------------------

Find all QPKG in the MyQnap.org repository https://www.myqnap.org
join our discord server for any inquiry related to qpkg - https://discord.gg/4fPxHSWKQW

----------------------------------------------------------------------------------------------------------------------------
Post Reply

Return to “Community Apps”