Get other programs on QuickBox to use LE certs


#1

#2

Here is the procedure to get other programs using LE certs
Replace USER with your username and DOMAIN with domain

CSF:

service csf stop && service lfd stop
cp /etc/csf/ui/server.crt /etc/csf/ui/server.crt.backup
cp /etc/csf/ui/server.key /etc/csf/ui/server.key.backup
rm -f /etc/csf/ui/server.crt
rm -f /etc/csf/ui/server.key
ln -s /etc/letsencrypt/live/DOMAIN/privkey.pem /etc/csf/ui/server.key
ln -s /etc/letsencrypt/live/DOMAIN/cert.pem /etc/csf/ui/server.crt
service csf start && service lfd start

ZNC:

cp /home/znc/.znc/znc.pem /home/znc/.znc/znc.pem.backup
cat /etc/letsencrypt/live/DOMAIN/{privkey,cert,chain}.pem > /home/znc/.znc/znc.pem

Deluge:

service [email protected] stop && service [email protected] stop
sed -i -- 's/"https": false,/"https": true,/g' /home/USER/.config/deluge/web.conf
cp /home/USER/.config/deluge/ssl/daemon.cert /home/USER/.config/deluge/ssl/daemon.cert.backup
cp /home/USER/.config/deluge/ssl/daemon.pkey /home/USER/.config/deluge/ssl/daemon.pkey.backup
rm -f /home/USER/.config/deluge/ssl/daemon.cert
rm -f /home/USER/.config/deluge/ssl/daemon.pkey
cat /etc/letsencrypt/live/DOMAIN/privkey.pem > /home/USER/.config/deluge/ssl/daemon.pkey
cat /etc/letsencrypt/live/DOMAIN/cert.pem > /home/USER/.config/deluge/ssl/daemon.cert
chmod 0644 /home/USER/.config/deluge/ssl/daemon.pkey
chmod 0644 /home/USER/.config/deluge/ssl/daemon.cert
service [email protected] start && service [email protected] start

Now edit crontab to overwrite znc and deluge certs after renewal

echo "cat /etc/letsencrypt/live/DOMAIN/{privkey,cert,chain}.pem > /home/znc/.znc/znc.pem" >> /home/USER/le-post-hook.sh
echo "cat /etc/letsencrypt/live/DOMAIN/privkey.pem > /home/USER/.config/deluge/ssl/daemon.pkey" >> /home/USER/le-post-hook.sh
echo "chmod 0644 /home/USER/.config/deluge/ssl/daemon.pkey" >> /home/USER/le-post-hook.sh
echo "cat /etc/letsencrypt/live/DOMAIN/cert.pem > /home/USER/.config/deluge/ssl/daemon.cert" >> /home/USER/le-post-hook.sh
echo "chmod 0644 /home/USER/.config/deluge/ssl/daemon.cert" >> /home/USER/le-post-hook.sh
chmod +x /home/USER/le-post-hook.sh

Now edit crontab with crontab -e and contents:

30 2 * * 1 /opt/letsencrypt/letsencrypt-auto renew --post-hook "sudo /home/USER/le-post-hook.sh" >> /var/log/le-renew.log

Install Let's Encrypt on your seedbox
#3

Hi,

Thanks for the wiki!


#4

I managed to install the LE certificate sucessfully for Deluge but I’m wondering if the crontab command for auto-renewal is compatible with the current state of the script?

“30 2 * * 1 /opt/letsencrypt/letsencrypt-auto renew --post-hook “sudo /home/USER/le-post-hook.sh” >> /var/log/le-renew.log”

This doesn’t work if installing LetsEncrypt through “box install letsencrypt”, right? I can’t seem to find “letsencrypt-auto” in /opt/letsencrypt


#5

sudo crontab -l

It should automatically be there if you used the box installer for it.


#6

When editing the BTSync config.json, a comma needs to be added at the end of the above line of the lines being added. This wasn’t mentioned in the Wiki and some may not know. :grin:


#7

Hi,

my box is fresh install with quickbox new version. its seem i cant find letsencrypt folder.

does LE changing folder directory? anyone know that?

cat: /etc/letsencrypt/live/DOMAIN/privkey.pem: No such file or directory
cat: /etc/letsencrypt/live/DOMAIN/cert.pem: No such file or directory
cat: /etc/letsencrypt/live/DOMAIN/chain.pem: No such file or directory

tqvm


#8

Is there a way to adjust plex to use https with the LE certificates?


#9

what would be the crontab for renewing these certs, using the updated way of installing letsencrypt with box install letsencrypt since now there is no /etc/letsencrypt or /opt/letsencrypt

I managed to use the certs using:

cat /etc/apache2/ssl/certs/domain.com-ssl.key > /home/main/.config/deluge/ssl/daemon.pkey
cat /etc/apache2/ssl/certs/domain.com-ssl.pem > /home/main/.config/deluge/ssl/daemon.cert
cat /etc/apache2/ssl/certs/{domain.com-ssl.key,domain.com-ssl.pem} > /home/znc/.znc/znc.pem

But I can’t figure a way to have them auto renew.
I’d appreciate an update on your tutorial. Thanks.