1. Forum
  2. FidoNet
  3. SYNC SYSOPS

  • Import of external Letsencrypt Certificates from NPM+ as pkcs12 contai

    From Deucе@1:103/705 to GitLab note in main/sbbs on Sat Apr 11 21:21:58 2026
    https://gitlab.synchro.net/main/sbbs/-/issues/1111#note_8789

    Ok, I just tried this with some Let's Encrypt certs I have laying around and it works. Hit me up on IRC and we'll figure out how to get me a copy of your certs for testing.
    --- SBBSecho 3.37-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Deucе@1:103/705 to GitLab note in main/sbbs on Sun Apr 12 00:13:50 2026
    https://gitlab.synchro.net/main/sbbs/-/issues/1111#note_8792

    Also, the full error message is always useful. I assume it's "Error -22 calling cryptGetPrivateKey()"
    --- SBBSecho 3.37-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Stephan Gebbers@1:103/705 to GitLab note in main/sbbs on Sun Apr 12 00:49:34 2026
    https://gitlab.synchro.net/main/sbbs/-/issues/1111#note_8793

    I have shared the needed files in a DM (dropbox link) on synchronet IRC.

    by default npm+ does create shortlived letsencrypt certificates.
    --- SBBSecho 3.37-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Deucе@1:103/705 to GitLab note in main/sbbs on Wed Apr 22 08:28:06 2026
    https://gitlab.synchro.net/main/sbbs/-/issues/1111#note_8843

    So, the root cause here appears to be that you can't import a certificate without a subjectName DN. TLS since 2017 has not, by itself, required a DN and Let's Encrypt, when creating the short-lived for https certs, does not include one.

    The TLS cert for Synchronet is used by a fairly large number of "things" though, some of which may actually require a DN... a full audit needs to be done before blindly chopping that requirement out of Cryptlib.
    --- SBBSecho 3.37-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Stephan Gebbers@1:103/705 to GitLab note in main/sbbs on Wed Apr 22 09:24:36 2026
    https://gitlab.synchro.net/main/sbbs/-/issues/1111#note_8844

    Ok, thanks for taking care of it. In the meantime i try to switch the letsencrypt ACME_profile that NPMplus is using from shortlived/tlsserver to classic.

    https://letsencrypt.org/docs/profiles/
    --- SBBSecho 3.37-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)