NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

chrhei's avatar
chrhei
Luminary
May 25, 2016
Solved

Letsencrypt/certbot experiments with ReadyNAS OS 6.5.0 on RN202

See also: LINK

Install letsencrypt/certbot on Readynas OS 6.5.0 (Debian Wheezy):

Docs and inspiration from:
certbot
netgear_581268
netgear_592613

# apt-get install nano (or any other editor you like)

# cd /opt
# mkdir letsencrypt
# cd letsencrypt
# wget https://dl.eff.org/certbot-auto
# chmod a+x certbot-auto

# ./certbot-auto --help all

# apt-get install libaugeas-dev
(to prevent error: Unable to import libaugeas!)

# service apache2 stop

# ./certbot-auto certonly --standalone-supported-challenges tls-sni-01 -d fqdn.yourdomain.com
(to use port 443)

3 Automatically use a temporary ...

- Enter your email address
- Read terms of service

# cd /etc/frontview/apache
# cp apache2.pem apache2.pem.orig
# cp ssl.conf ssl.conf.orig

# nano ssl.conf
add the line
"SSLCertificateChainFile /etc/frontview/apache/chain.pem"
below line
"SSLCertificateFile /etc/frontview/apache/apache2.pem"
save ssl.conf

# rm apache2.pem
# cat /etc/letsencrypt/live/fqdn.yourdomain.com/privkey.pem >> apache2.pem
# cat /etc/letsencrypt/live/fqdn.yourdomain.com/cert.pem >> apache2.pem
# cp /etc/letsencrypt/live/fqdn.yourdomain.com/chain.pem chain.pem

# service apache2 start

Disadvantage: The key is only valid for 3 months and an automatic renewal is somehow complicated.
Maybe a script can help :-)

Test with:
SSLLABS
SSLSHOPPER

  • And below you'll what I've done to get the certificates easily updated!

     

    # cd /opt/letsencrypt
    # nano my_renew_hook


    Add the following lines to the script:

    ===== snip =====
    #!/bin/sh
    rm /etc/frontview/apache/apache2.pem
    cat /etc/letsencrypt/live/fqdn.yourdomain.com/privkey.pem >> /etc/frontview/apache/apache2.pem
    cat /etc/letsencrypt/live/fqdn.yourdomain.com/cert.pem >> /etc/frontview/apache/apache2.pem
    cp /etc/letsencrypt/live/fqdn.yourdomain.com/chain.pem /etc/frontview/apache/chain.pem
    ===== snap =====

     

    Save the script and make it executeable:
    # chmod 755 my_renew_hook

     

    To renew your certificates run (also possible via a cron-job):
    # /opt/letsencrypt/certbot-auto renew --standalone --pre-hook "service apache2 stop" --post-hook "service apache2 start" --renew-hook "/opt/letsencrypt/my_renew_hook"

     

2 Replies

Replies have been turned off for this discussion
  • BrianL2's avatar
    BrianL2
    NETGEAR Employee Retired

    Hi chrhei,

     

    Thank you for sharing this in the community. We hope that you will continue to post suggestions, tips, questions or anything about ReadyNAS that you think needs attention and will help others.

     

     

    Kind regards,

     

    BrianL
    NETGEAR Community Team

  • And below you'll what I've done to get the certificates easily updated!

     

    # cd /opt/letsencrypt
    # nano my_renew_hook


    Add the following lines to the script:

    ===== snip =====
    #!/bin/sh
    rm /etc/frontview/apache/apache2.pem
    cat /etc/letsencrypt/live/fqdn.yourdomain.com/privkey.pem >> /etc/frontview/apache/apache2.pem
    cat /etc/letsencrypt/live/fqdn.yourdomain.com/cert.pem >> /etc/frontview/apache/apache2.pem
    cp /etc/letsencrypt/live/fqdn.yourdomain.com/chain.pem /etc/frontview/apache/chain.pem
    ===== snap =====

     

    Save the script and make it executeable:
    # chmod 755 my_renew_hook

     

    To renew your certificates run (also possible via a cron-job):
    # /opt/letsencrypt/certbot-auto renew --standalone --pre-hook "service apache2 stop" --post-hook "service apache2 start" --renew-hook "/opt/letsencrypt/my_renew_hook"

     

NETGEAR Academy

Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology! 

Join Us!

ProSupport for Business

Comprehensive support plans for maximum network uptime and business peace of mind.

 

Learn More