open
https://gitlab.synchro.net/main/sbbs/-/issues/1111
Hi,
I want to use certtool.js to import an external Letsencrypt certificate for funtopia.synchro.net into SynchronetBBS.
The letsencrypt certificate is created by Nginx Proxy Manager Plus.
To create an pkcs12 container that can be used with certtool.js i use openssl, but certtool.js only responds with Error -22 whenever i try to import the resulting p12 file.
Something with the certificate seems different or incompatible with cryptlib, because tests with self generated certificates of all kinds showed that imports with certtool.js do work in general.
here is the script that i use to import or try to import the certificate.
Best Regards,
Stepahn
```
#!/bin/bash
# Pfade definieren
SBBS_CTRL="/sbbs/ctrl"
SBBS_EXEC="/sbbs/exec"
CERT_DIR="/mnt/shared-certs"
P12_FILE="/tmp/ssl.p12"
MAIN_INI="$SBBS_CTRL/main.ini"
# 1. Passwort automatisch aus der main.ini extrahieren
# Wir suchen nach "Password=" im Abschnitt [Global] oder am Anfang #SYSPASS=$(grep -i "^Password=" "$MAIN_INI" | cut -d'=' -f2 | tr -d '\r\n') SYSPASS="XXXXXXXXXX"
if [ -z "$SYSPASS" ]; then
echo "FEHLER: Konnte System-Passwort nicht in $MAIN_INI finden!"
exit 1
fi
process_certs() {
echo "Zertifikats-Update gestartet: $(date)"
# 2. PKCS12 Datei erstellen
# Wir nutzen die Legacy-Flags, da die Cryptlib von Synchronet oft
# mit modernen OpenSSL 3.x Standard-Verschlsselungen Probleme hat.
openssl pkcs12 \
-export -out "$P12_FILE" \
-inkey "$CERT_DIR/privkey.pem" \
-in "$CERT_DIR/cert.pem" \
-certfile "$CERT_DIR/chain.pem" \
-passout pass:"$SYSPASS" \
-name "ssl_cert" \
-keypbe PBE-SHA1-3DES -certpbe PBE-SHA1-3DES \
-nomaciter -noiter
if [ $? -eq 0 ]; then
echo "PKCS12 erfolgreich erstellt."
# 3. Import ber certtool.js
# Wir wechseln ins exec-Verzeichnis, damit jsexec alle Abhngigkeiten findet
cd "$SBBS_EXEC"
./jsexec certtool.js --import-pkcs12 "$P12_FILE"
echo "Import-Vorgang abgeschlossen."
# 4. Cleanup (Optional: lsche die p12 nach dem Import fr mehr Sicherheit)
rm "$P12_FILE"
else
echo "FEHLER: OpenSSL Konvertierung fehlgeschlagen!"
fi
}
# Initialer Lauf beim Start
process_certs
# berwachung des Shared Mounts
echo "berwachung von $CERT_DIR gestartet..."
inotifywait -m -e close_write,moved_to "$CERT_DIR" | while read path action file; do
if [[ "$file" == "privkey.pem" || "$file" == "fullchain.pem" ]]; then
# Kurze Pause, falls beide Dateien gleichzeitig kommen
sleep 2
process_certs
fi
done
```
---
Synchronet Vertrauen Home of Synchronet [vert/cvs/bbs].synchro.net