Letsencrypt/certbot experiments with ReadyNAS OS 6.5.0 on RN202

chrhei · ‎2016-05-25

See also: LINK

Install letsencrypt/certbot on Readynas OS 6.5.0 (Debian Wheezy):

Docs and inspiration from:
certbot
netgear_581268
netgear_592613

# apt-get install nano (or any other editor you like)

# cd /opt
# mkdir letsencrypt
# cd letsencrypt
# wget https://dl.eff.org/certbot-auto
# chmod a+x certbot-auto

# ./certbot-auto --help all

# apt-get install libaugeas-dev
(to prevent error: Unable to import libaugeas!)

# service apache2 stop

# ./certbot-auto certonly --standalone-supported-challenges tls-sni-01 -d fqdn.yourdomain.com
(to use port 443)

3 Automatically use a temporary ...

- Enter your email address
- Read terms of service

# cd /etc/frontview/apache
# cp apache2.pem apache2.pem.orig
# cp ssl.conf ssl.conf.orig

# nano ssl.conf
add the line
"SSLCertificateChainFile /etc/frontview/apache/chain.pem"
below line
"SSLCertificateFile /etc/frontview/apache/apache2.pem"
save ssl.conf

# rm apache2.pem
# cat /etc/letsencrypt/live/fqdn.yourdomain.com/privkey.pem >> apache2.pem
# cat /etc/letsencrypt/live/fqdn.yourdomain.com/cert.pem >> apache2.pem
# cp /etc/letsencrypt/live/fqdn.yourdomain.com/chain.pem chain.pem

# service apache2 start

Disadvantage: The key is only valid for 3 months and an automatic renewal is somehow complicated.
Maybe a script can help 🙂

Test with:
SSLLABS
SSLSHOPPER

chrhei · ‎2016-05-26

And below you'll what I've done to get the certificates easily updated!

# cd /opt/letsencrypt
# nano my_renew_hook

Add the following lines to the script:

===== snip =====
#!/bin/sh
rm /etc/frontview/apache/apache2.pem
cat /etc/letsencrypt/live/fqdn.yourdomain.com/privkey.pem >> /etc/frontview/apache/apache2.pem
cat /etc/letsencrypt/live/fqdn.yourdomain.com/cert.pem >> /etc/frontview/apache/apache2.pem
cp /etc/letsencrypt/live/fqdn.yourdomain.com/chain.pem /etc/frontview/apache/chain.pem
===== snap =====

Save the script and make it executeable:
# chmod 755 my_renew_hook

To renew your certificates run (also possible via a cron-job):
# /opt/letsencrypt/certbot-auto renew --standalone --pre-hook "service apache2 stop" --post-hook "service apache2 start" --renew-hook "/opt/letsencrypt/my_renew_hook"

View solution in original post

BrianL2 · ‎2016-05-25

Hi chrhei,

Thank you for sharing this in the community. We hope that you will continue to post suggestions, tips, questions or anything about ReadyNAS that you think needs attention and will help others.

Kind regards,

BrianL
NETGEAR Community Team

chrhei · ‎2016-05-26

And below you'll what I've done to get the certificates easily updated!

# cd /opt/letsencrypt
# nano my_renew_hook

Add the following lines to the script:

===== snip =====
#!/bin/sh
rm /etc/frontview/apache/apache2.pem
cat /etc/letsencrypt/live/fqdn.yourdomain.com/privkey.pem >> /etc/frontview/apache/apache2.pem
cat /etc/letsencrypt/live/fqdn.yourdomain.com/cert.pem >> /etc/frontview/apache/apache2.pem
cp /etc/letsencrypt/live/fqdn.yourdomain.com/chain.pem /etc/frontview/apache/chain.pem
===== snap =====

Save the script and make it executeable:
# chmod 755 my_renew_hook

To renew your certificates run (also possible via a cron-job):
# /opt/letsencrypt/certbot-auto renew --standalone --pre-hook "service apache2 stop" --post-hook "service apache2 start" --renew-hook "/opt/letsencrypt/my_renew_hook"

Letsencrypt/certbot experiments with ReadyNAS OS 6.5.0 on RN202

Letsencrypt/certbot experiments with ReadyNAS OS 6.5.0 on RN202

Re: Letsencrypt/certbot experiments with ReadyNAS OS 6.5.0 on RN202

Re: Letsencrypt/certbot experiments with ReadyNAS OS 6.5.0 on RN202

Re: Letsencrypt/certbot experiments with ReadyNAS OS 6.5.0 on RN202