Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Softether with certbot
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Softether with certbot

netomxnetomx Moderator, Veteran
edited June 2018 in Tutorials

Create a script in your vps, change paths:

#!/bin/sh

DOMINIO="my.domain"

/root/certbot/certbot-auto certonly --standalone --register-unsafely-without-email --non-interactive --agree-tos --tls-sni-01-port 5001 --http-01-port 80 -d $DOMINIO --renew-hook "touch /tmp/newcert"

if [ -f /tmp/newcert ]; then

cert=$( sed '/----/d'  /etc/letsencrypt/live/$DOMINIO/cert.pem | tr -d '\n' )
key=$( sed '/----/d'  /etc/letsencrypt/live/$DOMINIO/privkey.pem | tr -d '\n' )

sed -i "s|byte ServerCert.*|byte ServerCert $cert|" /root/vpnserver/vpn_server.config
sed -i "s|byte ServerKey.*|byte ServerKey $key|" /root/vpnserver/vpn_server.config

rm /tmp/newcert

/root/vpnserver/vpnserver stop
/root/vpnserver/vpnserver start

fi

Put a cron, weekly.

Remember, if you use cert-based auth, you need to update it. If not, you're good to go :)

Comments

  • ehabehab Member

    is this why you disappeared forever and came back with this?

    Thanked by 3imok NanoG6 sayem314
  • kasslekassle Member

    it's better to generate the certificate first, and then restart the service when success. to minimize downtime.

  • jvnadrjvnadr Member

    Congratz, @netomx, for your new tag! ;-)

  • netomxnetomx Moderator, Veteran

    ehab said: is this why you disappeared forever and came back with this?

    life's too complicated, for now :/

    kassle said: it's better to generate the certificate first, and then restart the service when success. to minimize downtime.

    Problem is, certbot needs to use port 443. Softether uses it.

    jvnadr said: Congratz

    DankE!

  • ehabehab Member

    @netomx said:
    life's too complicated, for now :/

    if you don't have women problems then you'll be oky.... we all have our bumps what matters is to hold the steering wheel and drive. :) good luck

    Thanked by 1netomx
  • kasslekassle Member

    @netomx said:

    kassle said: it's better to generate the certificate first, and then restart the service when success. to minimize downtime.

    Problem is, certbot needs to use port 443. Softether uses it.

    aah, i see. sorry didn't know about that.

  • @netomx said: Problem is, certbot needs to use port 443. Softether uses it.

    AFAIK, certbot can also use port 80 for the http challenge (as opposed to port 443 for the tls-sni challenge). Will that not help?

    Thanked by 1netomx
  • NomadNomad Member

    Let me guess, your WoSign certificate expired recently as well (:

  • netomxnetomx Moderator, Veteran

    @nullnothere said:

    @netomx said: Problem is, certbot needs to use port 443. Softether uses it.

    AFAIK, certbot can also use port 80 for the http challenge (as opposed to port 443 for the tls-sni challenge). Will that not help?

    It does! Let me check that

  • netomxnetomx Moderator, Veteran

    Added:

    --tls-sni-01-port 5001 --http-01-port 80

    And it works :)

  • @netomx Congratulations on your moderator rank, best wishes!

    Thanked by 1netomx
Sign In or Register to comment.