NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
Letsencrypt/certbot experiments with ReadyNAS OS 6.5.0 on RN202
See also: LINK
Install letsencrypt/certbot on Readynas OS 6.5.0 (Debian Wheezy):
Docs and inspiration from:
certbot
netgear_581268
netgear_592613
# apt-get install nano (or any other editor you like)
# cd /opt
# mkdir letsencrypt
# cd letsencrypt
# wget https://dl.eff.org/certbot-auto
# chmod a+x certbot-auto
# ./certbot-auto --help all
# apt-get install libaugeas-dev
(to prevent error: Unable to import libaugeas!)
# service apache2 stop
# ./certbot-auto certonly --standalone-supported-challenges tls-sni-01 -d fqdn.yourdomain.com
(to use port 443)
3 Automatically use a temporary ...
- Enter your email address
- Read terms of service
# cd /etc/frontview/apache
# cp apache2.pem apache2.pem.orig
# cp ssl.conf ssl.conf.orig
# nano ssl.conf
add the line
"SSLCertificateChainFile /etc/frontview/apache/chain.pem"
below line
"SSLCertificateFile /etc/frontview/apache/apache2.pem"
save ssl.conf
# rm apache2.pem
# cat /etc/letsencrypt/live/fqdn.yourdomain.com/privkey.pem >> apache2.pem
# cat /etc/letsencrypt/live/fqdn.yourdomain.com/cert.pem >> apache2.pem
# cp /etc/letsencrypt/live/fqdn.yourdomain.com/chain.pem chain.pem
# service apache2 start
Disadvantage: The key is only valid for 3 months and an automatic renewal is somehow complicated.
Maybe a script can help :-)
Test with:
SSLLABS
SSLSHOPPER
And below you'll what I've done to get the certificates easily updated!
# cd /opt/letsencrypt
# nano my_renew_hook
Add the following lines to the script:===== snip =====
#!/bin/sh
rm /etc/frontview/apache/apache2.pem
cat /etc/letsencrypt/live/fqdn.yourdomain.com/privkey.pem >> /etc/frontview/apache/apache2.pem
cat /etc/letsencrypt/live/fqdn.yourdomain.com/cert.pem >> /etc/frontview/apache/apache2.pem
cp /etc/letsencrypt/live/fqdn.yourdomain.com/chain.pem /etc/frontview/apache/chain.pem
===== snap =====Save the script and make it executeable:
# chmod 755 my_renew_hookTo renew your certificates run (also possible via a cron-job):
# /opt/letsencrypt/certbot-auto renew --standalone --pre-hook "service apache2 stop" --post-hook "service apache2 start" --renew-hook "/opt/letsencrypt/my_renew_hook"
2 Replies
Replies have been turned off for this discussion
Hi chrhei,
Thank you for sharing this in the community. We hope that you will continue to post suggestions, tips, questions or anything about ReadyNAS that you think needs attention and will help others.
Kind regards,
BrianL
NETGEAR Community TeamAnd below you'll what I've done to get the certificates easily updated!
# cd /opt/letsencrypt
# nano my_renew_hook
Add the following lines to the script:===== snip =====
#!/bin/sh
rm /etc/frontview/apache/apache2.pem
cat /etc/letsencrypt/live/fqdn.yourdomain.com/privkey.pem >> /etc/frontview/apache/apache2.pem
cat /etc/letsencrypt/live/fqdn.yourdomain.com/cert.pem >> /etc/frontview/apache/apache2.pem
cp /etc/letsencrypt/live/fqdn.yourdomain.com/chain.pem /etc/frontview/apache/chain.pem
===== snap =====Save the script and make it executeable:
# chmod 755 my_renew_hookTo renew your certificates run (also possible via a cron-job):
# /opt/letsencrypt/certbot-auto renew --standalone --pre-hook "service apache2 stop" --post-hook "service apache2 start" --renew-hook "/opt/letsencrypt/my_renew_hook"
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
