× NETGEAR will be terminating ReadyCLOUD service by July 1st, 2023. For more details click here.
Orbi WiFi 7 RBE973
Reply

Letsencrypt/certbot experiments with ReadyNAS OS 6.5.0 on RN202

chrhei
Luminary

Letsencrypt/certbot experiments with ReadyNAS OS 6.5.0 on RN202

See also: LINK

Install letsencrypt/certbot on Readynas OS 6.5.0 (Debian Wheezy):

Docs and inspiration from:
certbot
netgear_581268
netgear_592613

# apt-get install nano (or any other editor you like)

# cd /opt
# mkdir letsencrypt
# cd letsencrypt
# wget https://dl.eff.org/certbot-auto
# chmod a+x certbot-auto

# ./certbot-auto --help all

# apt-get install libaugeas-dev
(to prevent error: Unable to import libaugeas!)

# service apache2 stop

# ./certbot-auto certonly --standalone-supported-challenges tls-sni-01 -d fqdn.yourdomain.com
(to use port 443)

3 Automatically use a temporary ...

- Enter your email address
- Read terms of service

# cd /etc/frontview/apache
# cp apache2.pem apache2.pem.orig
# cp ssl.conf ssl.conf.orig

# nano ssl.conf
add the line
"SSLCertificateChainFile /etc/frontview/apache/chain.pem"
below line
"SSLCertificateFile /etc/frontview/apache/apache2.pem"
save ssl.conf

# rm apache2.pem
# cat /etc/letsencrypt/live/fqdn.yourdomain.com/privkey.pem >> apache2.pem
# cat /etc/letsencrypt/live/fqdn.yourdomain.com/cert.pem >> apache2.pem
# cp /etc/letsencrypt/live/fqdn.yourdomain.com/chain.pem chain.pem

# service apache2 start

Disadvantage: The key is only valid for 3 months and an automatic renewal is somehow complicated.
Maybe a script can help 🙂

Test with:
SSLLABS
SSLSHOPPER

Model: RN202|ReadyNAS202
Message 1 of 3

Accepted Solutions
chrhei
Luminary

Re: Letsencrypt/certbot experiments with ReadyNAS OS 6.5.0 on RN202

And below you'll what I've done to get the certificates easily updated!

 

# cd /opt/letsencrypt
# nano my_renew_hook


Add the following lines to the script:

===== snip =====
#!/bin/sh
rm /etc/frontview/apache/apache2.pem
cat /etc/letsencrypt/live/fqdn.yourdomain.com/privkey.pem >> /etc/frontview/apache/apache2.pem
cat /etc/letsencrypt/live/fqdn.yourdomain.com/cert.pem >> /etc/frontview/apache/apache2.pem
cp /etc/letsencrypt/live/fqdn.yourdomain.com/chain.pem /etc/frontview/apache/chain.pem
===== snap =====

 

Save the script and make it executeable:
# chmod 755 my_renew_hook

 

To renew your certificates run (also possible via a cron-job):
# /opt/letsencrypt/certbot-auto renew --standalone --pre-hook "service apache2 stop" --post-hook "service apache2 start" --renew-hook "/opt/letsencrypt/my_renew_hook"

 

View solution in original post

Message 3 of 3

All Replies
BrianL2
NETGEAR Employee Retired

Re: Letsencrypt/certbot experiments with ReadyNAS OS 6.5.0 on RN202

Hi chrhei,

 

Thank you for sharing this in the community. We hope that you will continue to post suggestions, tips, questions or anything about ReadyNAS that you think needs attention and will help others.

 

 

Kind regards,

 

BrianL
NETGEAR Community Team

Message 2 of 3
chrhei
Luminary

Re: Letsencrypt/certbot experiments with ReadyNAS OS 6.5.0 on RN202

And below you'll what I've done to get the certificates easily updated!

 

# cd /opt/letsencrypt
# nano my_renew_hook


Add the following lines to the script:

===== snip =====
#!/bin/sh
rm /etc/frontview/apache/apache2.pem
cat /etc/letsencrypt/live/fqdn.yourdomain.com/privkey.pem >> /etc/frontview/apache/apache2.pem
cat /etc/letsencrypt/live/fqdn.yourdomain.com/cert.pem >> /etc/frontview/apache/apache2.pem
cp /etc/letsencrypt/live/fqdn.yourdomain.com/chain.pem /etc/frontview/apache/chain.pem
===== snap =====

 

Save the script and make it executeable:
# chmod 755 my_renew_hook

 

To renew your certificates run (also possible via a cron-job):
# /opt/letsencrypt/certbot-auto renew --standalone --pre-hook "service apache2 stop" --post-hook "service apache2 start" --renew-hook "/opt/letsencrypt/my_renew_hook"

 

Message 3 of 3
Top Contributors
Discussion stats
  • 2 replies
  • 8452 views
  • 7 kudos
  • 2 in conversation
Announcements