New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Softether with certbot
Create a script in your vps, change paths:
#!/bin/sh DOMINIO="my.domain" /root/certbot/certbot-auto certonly --standalone --register-unsafely-without-email --non-interactive --agree-tos --tls-sni-01-port 5001 --http-01-port 80 -d $DOMINIO --renew-hook "touch /tmp/newcert" if [ -f /tmp/newcert ]; then cert=$( sed '/----/d' /etc/letsencrypt/live/$DOMINIO/cert.pem | tr -d '\n' ) key=$( sed '/----/d' /etc/letsencrypt/live/$DOMINIO/privkey.pem | tr -d '\n' ) sed -i "s|byte ServerCert.*|byte ServerCert $cert|" /root/vpnserver/vpn_server.config sed -i "s|byte ServerKey.*|byte ServerKey $key|" /root/vpnserver/vpn_server.config rm /tmp/newcert /root/vpnserver/vpnserver stop /root/vpnserver/vpnserver start fi
Put a cron, weekly.
Remember, if you use cert-based auth, you need to update it. If not, you're good to go
Comments
is this why you disappeared forever and came back with this?
it's better to generate the certificate first, and then restart the service when success. to minimize downtime.
Congratz, @netomx, for your new tag! ;-)
life's too complicated, for now
Problem is, certbot needs to use port 443. Softether uses it.
DankE!
if you don't have women problems then you'll be oky.... we all have our bumps what matters is to hold the steering wheel and drive. good luck
aah, i see. sorry didn't know about that.
AFAIK, certbot can also use port 80 for the http challenge (as opposed to port 443 for the tls-sni challenge). Will that not help?
Let me guess, your WoSign certificate expired recently as well (:
It does! Let me check that
Added:
And it works
@netomx Congratulations on your moderator rank, best wishes!