Hey everyone --
For the life of me can't figure out how to create ssl.cert so I can get email going. I checked this site out:
http://wiki.synchro.net/module:certtool

And I ran this which created csr.pem
jsexec certtool --csr --domain totallynerd.com > csr.pem

... and then ran this --
jsexec certtool --import csr.pem

... but it says it is unable to open csr.pem though it's there.

I'm a bit lost from all this where ssl.cert is created. Hope someone can give some insight. Thanks.
Sam

---
þ Synchronet þ -==[ Totally Nerd BBS ]==- (Work in Progress) - totallynerd.com
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Re: Unable to figure out how to create ssl.cert
By: Sam Alexander to All on Sun Jul 06 2025 07:44 pm

For the life of me can't figure out how to create ssl.cert so I can get email going. I checked this site out:

sbbs automatically creates the ssl.cert file (as a self-signed certificate) when it doesn't already exist. You don't actually need this to "get email going" however. If you do actually require SMTPS to send email (e.g. to gmail.com), then you'll need a CA-signed certificate (e.g. from letsencrypt.org). See https://wiki.synchro.net/module:letsyncrypt for details.
--
digital man (rob)

Synchronet "Real Fact" #138:
Synchronet Ad: Accept the inevitable, switch to Synchronet
Norco, CA WX: 71.7øF, 59.0% humidity, 6 mph W wind, 0.00 inches rain/24hrs
--- SBBSecho 3.28-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Re: Unable to figure out how to create ssl.cert
By: Digital Man to Sam Alexander on Sun Jul 06 2025 08:53 pm

sbbs automatically creates the ssl.cert file (as a self-signed certificate) when it doesn't already exist. You don't actually need this to "get email going" however. If you do actually require SMTPS to send email (e.g. to gmail.com),
then you'll need a CA-signed certificate (e.g. from letsencrypt.org). See https://wiki.synchro.net/module:letsyncrypt for details.

I kept getting mail errors saying it couldn't find ssl.cert when mail was sending and receiving, so I assumed this was needed. I actually setup relaying through your site, but it's still not working. But no mail will come in even though the two POP ports are open to the Internet.

I'll try the Lets Encrypt just to see if I can get the ssl.cert error to go away if nothing else.

Thanks --

---
þ Synchronet þ -==[ Totally Nerd BBS ]==- (Work in Progress) - totallynerd.com
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Re: Unable to figure out how to create ssl.cert
By: Sam Alexander to Digital Man on Sun Jul 06 2025 11:06 pm

Re: Unable to figure out how to create ssl.cert
By: Digital Man to Sam Alexander on Sun Jul 06 2025 08:53 pm

sbbs automatically creates the ssl.cert file (as a self-signed certificate) when it doesn't already exist. You don't actually need this to "get email going" however. If you do
actually
require SMTPS to send email (e.g. to gmail.com), then you'll need a CA-signed certificate (e.g. from letsencrypt.org). See https://wiki.synchro.net/module:letsyncrypt for details.

I kept getting mail errors saying it couldn't find ssl.cert when mail was sending and receiving, so I assumed this was needed. I actually setup relaying through your site, but it's
still
not working. But no mail will come in even though the two POP ports are open to the Internet.

I'll try the Lets Encrypt just to see if I can get the ssl.cert error to go away if nothing else.

Another error I'm getting with pop3 which I thought was related to the cert, I've not received any emails yet, but when a connection comes in they all give this error with private key.
7/7 06:43:27 mail 0048 POP3S [162.142.125.118] Connection accepted on 192.168.4.109 port 995 from port 53678
7/7 06:43:27 mail 0048 POP3S [162.142.125.118] Hostname: scanner-19.ch1.censys-scanner.com
7/7 06:43:27 mail 0048 POP3S [162.142.125.118] ERROR 'Bad argument, parameter 3' (-3) setting private key

You'd mentioned the ssl.cert should've been created automatically, but I didn't have it after I built SBBS.

Thanks again for your insight -
Sam

---
þ Synchronet þ -==[ Totally Nerd BBS ]==- (Work in Progress) - totallynerd.com
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Re: Unable to figure out how to create ssl.cert
By: Sam Alexander to Digital Man on Sun Jul 06 2025 11:06 pm

Re: Unable to figure out how to create ssl.cert
By: Digital Man to Sam Alexander on Sun Jul 06 2025 08:53 pm

sbbs automatically creates the ssl.cert file (as a self-signed certificate) when it doesn't already exist. You don't actually need this to "get email going" however. If you do actually require SMTPS to send email (e.g. to gmail.com), then you'll need a CA-signed certificate (e.g. from letsencrypt.org). See https://wiki.synchro.net/module:letsyncrypt for details.

I kept getting mail errors saying it couldn't find ssl.cert when mail was sending and receiving, so I assumed this was needed. I actually setup relaying through your site, but it's still not working. But no mail will come in even though the two POP ports are open to the Internet.

Relaying outbound email through Vertrauen isn't working? Do you have log message related to these failures?

If you're talking about mail exchange (inbound email through Vertrauen) services - I don't have any mail forwarding setup for totallynerd.com, so I wouldn't expect that to work. Let me know if you need mail exchange through Vertrauen (mail.synchro.net).

I'll try the Lets Encrypt just to see if I can get the ssl.cert error to go away if nothing else.

And your BBS will get SSH and HTTPS support to boot.
--
digital man (rob)

Steven Wright quote #12:
OK, so what's the speed of dark?
Norco, CA WX: 72.5øF, 66.0% humidity, 2 mph SSW wind, 0.00 inches rain/24hrs --- SBBSecho 3.28-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Re: Unable to figure out how to create ssl.cert
By: Sam Alexander to Digital Man on Mon Jul 07 2025 07:01 am

Re: Unable to figure out how to create ssl.cert
By: Sam Alexander to Digital Man on Sun Jul 06 2025 11:06 pm

Re: Unable to figure out how to create ssl.cert
By: Digital Man to Sam Alexander on Sun Jul 06 2025 08:53 pm

sbbs automatically creates the ssl.cert file (as a self-signed certificate) when it doesn't already exist. You don't actually need this to "get email going" however. If you do actually
require SMTPS to send email (e.g. to gmail.com), then you'll need a CA-signed certificate (e.g. from letsencrypt.org). See https://wiki.synchro.net/module:letsyncrypt for details.

I kept getting mail errors saying it couldn't find ssl.cert when mail was sending and receiving, so I assumed this was needed. I actually setup relaying through your site, but it's still
not working. But no mail will come in even though the two POP ports are open to the Internet.

I'll try the Lets Encrypt just to see if I can get the ssl.cert error to go away if nothing else.

Another error I'm getting with pop3 which I thought was related to the cert, I've not received any emails yet, but when a connection comes in they all give this error with private key.
7/7 06:43:27 mail 0048 POP3S [162.142.125.118] Connection accepted on 192.168.4.109 port 995 from port 53678
7/7 06:43:27 mail 0048 POP3S [162.142.125.118] Hostname: scanner-19.ch1.censys-scanner.com
7/7 06:43:27 mail 0048 POP3S [162.142.125.118] ERROR 'Bad argument, parameter 3' (-3) setting private key

You'd mentioned the ssl.cert should've been created automatically, but I didn't have it after I built SBBS.

The ctrl/cryptlib.key (private key) and ctrl/cert.ssl (self-signed cert) files are automatically created when you *run* (not build) SBBS. Do you have the cryptlib.key file? Note: If you change your system password, these files have to be recreated.
--
digital man (rob)

This Is Spinal Tap quote #35:
Jeanine Pettibone: You don't do heavy metal in Dubly, you know.
Norco, CA WX: 73.1øF, 65.0% humidity, 4 mph WSW wind, 0.00 inches rain/24hrs --- SBBSecho 3.28-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Re: Unable to figure out how to create ssl.cert
By: Digital Man to Sam Alexander on Mon Jul 07 2025 10:34 am

You'd mentioned the ssl.cert should've been created automatically, but I didn't have it after I built SBBS.

The ctrl/cryptlib.key (private key) and ctrl/cert.ssl (self-signed cert) files are automatically created when you *run* (not build) SBBS. Do you have the cryptlib.key file? Note: If you
change your system password, these files have to be recreated.

I don't have /sbbs/ctrl/ssl.cert even after stopping and restarting SBBS, but I do have /sbbs/ctrl/cryptlib.key. I get these often in my sbbs logs.
7/7 20:13:52 mail Failed to open/read TLS certificate: /sbbs/ctrl/ssl.cert

Also I'm trying to use letsyncrypt, and trying to generate a new key: /sbbs/exec/jsexec letsyncrypt --new-key

I see in the logs where Let's Encrypt tries to read into the web server and pull out the file for authenticate, but the file doesn't exist. I have /sbbs/web/root/.well-known/acme-challenge/ but apparently the js isn't creating the file for Let's Encrypt to find.

7/7 20:50:50 web 0011 HTTP [23.178.112.213] Connection accepted on 192.168.4.109 port 80 from port 37161
7/7 20:50:50 web 0011 HTTP [23.178.112.213] Request 1: GET /.well-known/acme-challenge/b1NbeFUniIxhs2GGS_64fM91UKqr2fgDsgmRwJLEgaU HTTP/1.1
7/7 20:50:50 web 0011 HTTP [23.178.112.213] User-Agent: Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)
7/7 20:50:50 web 0011 HTTP [23.178.112.213] !ERROR: 404 Not Found (line 4031) request: /.well-known/acme-challenge/b1NbeFUniIxhs2GGS_64fM91UKqr2fgDsgmRwJLEgaU
7/7 20:50:51 web 0011 HTTP [23.178.112.213] Session thread terminated after 1 requests (0 clients and 2 threads remain, 27 served, 6 concurrently)

For this the script fails:
JSexec v3.21a-Linux master/40daa513e - Execute Synchronet JavaScript Module Compiled Jul 03 2025 19:17 with GCC 13.3.0

Loading configuration files from /sbbs/ctrl
JavaScript-C 1.8.5 2011-03-31
JavaScript: Creating runtime: 167772160 bytes

Reading script from /sbbs/exec/letsyncrypt.js
/sbbs/exec/letsyncrypt.js compiled in 0.00 seconds
!JavaScript /sbbs/exec/load/acmev2.js line 307: Error: keyChange did not return 200
/sbbs/exec/letsyncrypt.js executed in 1.73 seconds
!Module (letsyncrypt) set exit_code: 1

JavaScript: Destroying context
JavaScript: Destroying runtime

Returning error code: 1

So either route i'm not having much luck getting the certs setup for email. I even ran chmod 775 on /.well-known/acme-challenge folders which I'm running the jsexec as my sbbs user, owner of the sbbs folder, so I don't think it's a permissions thing. Thanks for any advise.

---
þ Synchronet þ -==[ Totally Nerd BBS ]==- (Work in Progress) - totallynerd.com
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Re: Unable to figure out how to create ssl.cert
By: Sam Alexander to Digital Man on Mon Jul 07 2025 09:01 pm

Re: Unable to figure out how to create ssl.cert
By: Digital Man to Sam Alexander on Mon Jul 07 2025 10:34 am

You'd mentioned the ssl.cert should've been created automatically, but I didn't have it after I built SBBS.

The ctrl/cryptlib.key (private key) and ctrl/cert.ssl (self-signed cert) files are automatically created when you *run* (not build) SBBS. Do you have the cryptlib.key file? Note: If you change your system password, these files have to be recreated.

I don't have /sbbs/ctrl/ssl.cert even after stopping and restarting SBBS, but I do have /sbbs/ctrl/cryptlib.key.

You should probably resolve that issue first.

I get these often in my sbbs logs.
7/7 20:13:52 mail Failed to open/read TLS certificate: /sbbs/ctrl/ssl.cert

Also I'm trying to use letsyncrypt, and trying to generate a new key: /sbbs/exec/jsexec letsyncrypt --new-key

I see in the logs where Let's Encrypt tries to read into the web server and pull out the file for authenticate, but the file doesn't exist. I have /sbbs/web/root/.well-known/acme-challenge/ but apparently the js isn't creating the file for Let's Encrypt to find.

Did you set up your letsyncrypt.ini file?
--
digital man (rob)

Breaking Bad quote #35:
You ever smoke anything else, Wendy? Sausages don't count - ha ha - Hank Norco, CA WX: 70.1øF, 65.0% humidity, 4 mph W wind, 0.00 inches rain/24hrs
--- SBBSecho 3.28-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Re: Unable to figure out how to create ssl.cert
By: Digital Man to Sam Alexander on Mon Jul 07 2025 09:13 pm

I don't have /sbbs/ctrl/ssl.cert even after stopping and restarting SBBS, but I do have /sbbs/ctrl/cryptlib.key.

You should probably resolve that issue first.

What creates this or how can I troubleshoot this? I don't see any errors or messages in the logs about this being created or not.

Did you set up your letsyncrypt.ini file?

Yes, I left the KeyID as is and there wasn't anything under STATE:

Host = acme-v02.api.letsencrypt.org
Directory = /directory
TOSAgreed = true
GroupReadableKeyFile = false

[Domains]
totallynerd.com = /sbbs/web/root



Thanks again for your help --
Sam

---
þ Synchronet þ -==[ Totally Nerd BBS ]==- (Work in Progress) - totallynerd.com
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Re: Unable to figure out how to create ssl.cert
By: Sam Alexander to Digital Man on Tue Jul 08 2025 12:06 am

Re: Unable to figure out how to create ssl.cert
By: Digital Man to Sam Alexander on Mon Jul 07 2025 09:13 pm

I don't have /sbbs/ctrl/ssl.cert even after stopping and restarting SBBS, but I do have /sbbs/ctrl/cryptlib.key.

You should probably resolve that issue first.

What creates this or how can I troubleshoot this?

sbbs will create a self-signed cert, but only when SCFG->System->Security->Create Self-signed Certificate is set to "Yes" (which is a new option, that defaults to "No" since self-signed certs were confusing sysops).

I don't see any errors or
messages in the logs about this being created or not.

I forgot about that (new) option, but that's likely why.

You likely don't want a self-signed certificate anyway.

Did you set up your letsyncrypt.ini file?

Yes, I left the KeyID as is and there wasn't anything under STATE:

Host = acme-v02.api.letsencrypt.org
Directory = /directory
TOSAgreed = true
GroupReadableKeyFile = false

[Domains]
totallynerd.com = /sbbs/web/root

What is the [Web] RootDirectory set to in your ctrl/sbbs.ini file?
The default value for this key is:

RootDirectory = ../webv4/root

which doesn't match the path for your domain in your letsyncrypt.ini file.
--
digital man (rob)

Synchronet "Real Fact" #128:
Synchronet v3.19b was released on January 2, 2022 (15 months after v3.18b) Norco, CA WX: 79.3øF, 49.0% humidity, 3 mph WNW wind, 0.00 inches rain/24hrs --- SBBSecho 3.28-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)