Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Shells Virtual Desktop
BMail.ag - Secure Email Service
Server.net
CPLicense.net
VPS Server
Buy VPN
Vultr
VMs for AI
HostDare
HostDare
ReliableSite White-Label Dedicated Hosting for Resellers
25% Recurring Discount on NVMe VPS
InterServer VPS
BMail.ag - Secure Email Service
Best VPN
High-Performance Bare Metal Server Solutions
Karvl.com
Server Mania Cloud Hosting
DataWagon Hosting
AlphaVPS Hosting
Evoxt.com
Clouvider
VPS Hosting with NVMe
Residential IPs in the US & 4G Mobile Proxies in EU & US with Unlimited Bandwidth
ReliableSite White-Label Dedicated Hosting for Resellers
Rabisu - Hosting Solutions
Shells Virtual Desktop
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Softether with certbot

netomxnetomx Moderator, Veteran
edited June 2018 in Tutorials

Create a script in your vps, change paths:

#!/bin/sh

DOMINIO="my.domain"

/root/certbot/certbot-auto certonly --standalone --register-unsafely-without-email --non-interactive --agree-tos --tls-sni-01-port 5001 --http-01-port 80 -d $DOMINIO --renew-hook "touch /tmp/newcert"

if [ -f /tmp/newcert ]; then

cert=$( sed '/----/d'  /etc/letsencrypt/live/$DOMINIO/cert.pem | tr -d '\n' )
key=$( sed '/----/d'  /etc/letsencrypt/live/$DOMINIO/privkey.pem | tr -d '\n' )

sed -i "s|byte ServerCert.*|byte ServerCert $cert|" /root/vpnserver/vpn_server.config
sed -i "s|byte ServerKey.*|byte ServerKey $key|" /root/vpnserver/vpn_server.config

rm /tmp/newcert

/root/vpnserver/vpnserver stop
/root/vpnserver/vpnserver start

fi

Put a cron, weekly.

Remember, if you use cert-based auth, you need to update it. If not, you're good to go :)

Comments

  • ehabehab Member

    is this why you disappeared forever and came back with this?

    Thanked by 3imok NanoG6 sayem314
  • kasslekassle Member

    it's better to generate the certificate first, and then restart the service when success. to minimize downtime.

  • jvnadrjvnadr Member

    Congratz, @netomx, for your new tag! ;-)

  • netomxnetomx Moderator, Veteran

    ehab said: is this why you disappeared forever and came back with this?

    life's too complicated, for now :/

    kassle said: it's better to generate the certificate first, and then restart the service when success. to minimize downtime.

    Problem is, certbot needs to use port 443. Softether uses it.

    jvnadr said: Congratz

    DankE!

  • ehabehab Member

    @netomx said:
    life's too complicated, for now :/

    if you don't have women problems then you'll be oky.... we all have our bumps what matters is to hold the steering wheel and drive. :) good luck

    Thanked by 1netomx
  • kasslekassle Member

    @netomx said:

    kassle said: it's better to generate the certificate first, and then restart the service when success. to minimize downtime.

    Problem is, certbot needs to use port 443. Softether uses it.

    aah, i see. sorry didn't know about that.

  • @netomx said: Problem is, certbot needs to use port 443. Softether uses it.

    AFAIK, certbot can also use port 80 for the http challenge (as opposed to port 443 for the tls-sni challenge). Will that not help?

    Thanked by 1netomx
  • NomadNomad Member

    Let me guess, your WoSign certificate expired recently as well (:

  • netomxnetomx Moderator, Veteran

    @nullnothere said:

    @netomx said: Problem is, certbot needs to use port 443. Softether uses it.

    AFAIK, certbot can also use port 80 for the http challenge (as opposed to port 443 for the tls-sni challenge). Will that not help?

    It does! Let me check that

  • netomxnetomx Moderator, Veteran

    Added:

    --tls-sni-01-port 5001 --http-01-port 80

    And it works :)

  • @netomx Congratulations on your moderator rank, best wishes!

    Thanked by 1netomx
Sign In or Register to comment.