TZUTC: -0400
MSGID: 58802.sync_sys@1:103/705 2d73c3dc
REPLY: 58801.sync_sys@1:103/705 2d735aae
PID: Synchronet 3.21a-Linux master/c1820d521 Oct 31 2025 GCC 12.2.0
TID: SBBSecho 3.31-Linux master/d39e01091 Nov 03 2025 GCC 12.2.0
BBSID: OVERFIT
CHRS: ASCII 1
FORMAT: flowed
On Thu, 6 Nov 2025 16:36:13 -0800
"Digital Man" (VERT)  wrote:

>   Re: How do  I install an Lets Encrypt Certificate.
>   By: Mojo to DOVE-Net.Synchronet_Sysops on Thu Nov 06 2025 11:50 am
> 
>  > Hi all,
> 
>  > I am trying to install a lets encrypt certificate generated via
>  > certbot that comes with debian/ubuntu.
> 
>  > It gives me the following files
>  > cert.pem
>  > chain.pem
>  > fullchain.pem (a combination of the previous two it looks like)
>  > privkey.pam
> 
>  > I disabled the generate self-signed key in scfg.  But I left both
>  > cryptlib.key and ssl.cert in place.
> 
>  > Things that i have tried.
>  > 1.
>  > jsexec certtool --import ./fullchain.pem
>  > result: "!JavaScript  /home/synchronet/sbbs/exec/certtool.js line
>  > 70: Error: CryptLib error -43"
> 
> cryptlib.h:#define CRYPT_ERROR_NOTFOUND ( -43 ) /* Requested item not
> found in object */
> 
> I'd try that again with a different/bogus path to the pem file to see
> if the error changes (i.e. it's complaining about an object *within*
> the file instead of the file itself).

Yes I tried that and it fails with bogus paths too.
```
if (argv.indexOf('--import') > -1) {
	ks = new CryptKeyset(csr_fname,
CryptKeyset.KEYOPT.READONLY);	
	rsa = ks.get_private_key("ssl_cert", syspass);
	ks.close();

	i = argv.indexOf('--import') + 1;
	if (i>=argc)
		throw("No cert filename specified");
	f = new File(argv[i]);
	if (!f.open("rb"))
		throw("Unable to open "+f.name);
	cert = f.read();
	f.close();
	cert = ACMEv2.prototype.create_pkcs7(cert);
	cert = new CryptCert(cert);
	//cert.check();

	for (i=0; i < 10; i++) {
		if (file_remove(sks_fname))
			break;
		mswait(100);
	}
	if (i == 10)
		throw("Unable to delete file "+sks_fname);

	ks = new CryptKeyset(sks_fname, CryptKeyset.KEYOPT.CREATE);
	ks.add_private_key(rsa, syspass);
	ks.add_public_key(cert);
	ks.close();
	print("Certificate imported, delete "+csr_fname+" after
	verifying.");
	file_touch(recycle_sem);
}
```

see there?  Its looking for a csr file in the ctrl dir. Not sure why it
is doing that for just importing a cert. Or maybe certtool isn't meant
to just import a plain pem file.  I think the tool itself is not for
this use case.  I was looking at the letsyncript and that to see if i
can hack something simple together that can genearte a ssl.cert in
the format that sbbs expects (from exiting fullchain.pem and
privkey.pem) to replae the self generated one in ctrl.



> 
>  > The fullchain.pem looks the same as the example here
>  > https://wiki.synchro.net/module:certtool
> 
> That's promising.
> 
>  > 2.
>  > I tried adding the folloing to the bottom of the [Mail] section in
>  > sbbs.ini:
>  >      Secure = true
>  >      CertificateFile = ./ssl_certs/fullchain.pem
>  >      KeyFile = ./cryptlib.key
> 
> Those keys don't seem to be supported or documented anywhere. How'd
> you come up with that?
> 
I saw them here so just tried them.
https://nettwerked.synchronetbbs.org/?page=001-forum.ssjs&sub=do
e-syncdisc&thread=1575

>  > result: cannot connenct to port 995
> 
> That just suggests that your TCP port 995 isn't open or sbbs isn't
> listening on it. The [mail] Options TLS_POP3 option must be included
> (which is by default) and the TLSPOP3Port option must be set to 995
> (also the default) and your sbbs log output (e.g. syslog) would tell
> if if it's in fact listening on that port or not. This is completely
> unrelated to any certificate or key file.
Its failing due to the keys I added to the [Mail] section.  
*** SSL/TLShandshake failed ***
I was attempting to see if sbbs would accept a straight cert and key

---
 * Synchronet * Overfit! Bringing back the golden era of BBS Networking.
[telnet://playmate.dynu
 * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
SEEN-BY: 10/0 1 102/401 103/1 13 17 705 105/81 106/201 124/5016 128/187
SEEN-BY: 129/14 153/7715 154/110 214/22 218/0 1 215 601 610 700 840
SEEN-BY: 218/860 880 226/30 227/114 229/110 112 206 317 400 426 428
SEEN-BY: 229/470 700 705 266/512 280/464 291/111 301/1 320/219 322/757
SEEN-BY: 342/200 396/45 460/58 633/280 712/848 902/26 5075/35
PATH: 103/705 218/700 229/426