[ LEGo ][4.7.0.0 ] Let's Encrypt client and ACME library

Discussion on apps, protocols, APIs, specifications, and more. You are welcome to join us as a TOS app developer!
Post Reply
User avatar
outkastm
Posts: 1185
Joined: 29 Dec 2020, 23:52

[ LEGo ][4.7.0.0 ] Let's Encrypt client and ACME library

Post by outkastm »

Image

About : https://github.com/go-acme/lego

Last version: 4.7.0.0
Applicable models: TerraMaster x.64 series
Applicable TOS: 4.1.27 or later versions
App download: https://bit.ly/3wKPfXR

How to manully install this app on TerraMaster application store?

About:

Let’s Encrypt client and ACME library written in Go to create free SSL certificates from Let’s Encrypt Certificate Authority (CA).

ACME v2 RFC 8555
Register with CA
Obtain certificates, both from scratch or with an existing CSR
Renew certificates
Revoke certificates
Robust implementation of all ACME challenges
HTTP (http-01)
DNS (dns-01)
TLS (tls-alpn-01)
SAN certificate support
Comes with multiple optional DNS providers
Custom challenge solvers
Certificate bundling
OCSP helper function

Code: Select all

[root@TNAS-9684 ~]# lego --help
NAME:
   lego - Let's Encrypt client written in Go

USAGE:
   lego [global options] command [command options] [arguments...]

VERSION:
   4.5.3

COMMANDS:
   run      Register an account, then create and install a certificate
   revoke   Revoke a certificate
   renew    Renew a certificate
   dnshelp  Shows additional help for the '--dns' global option
   list     Display certificates and accounts information.
   help, h  Shows a list of commands or help for one command

GLOBAL OPTIONS:
   --domains value, -d value    Add a domain to the process. Can be specified multiple times.
   --server value, -s value     CA hostname (and optionally :port). The server certificate must be trusted in order to avoid further modifications to the client. (default: "https://acme-v02.api.letsencrypt.org/directory")
   --accept-tos, -a             By setting this flag to true you indicate that you accept the current Let's Encrypt terms of service.
   --email value, -m value      Email used for registration and recovery contact.
   --csr value, -c value        Certificate signing request filename, if an external CSR is to be used.
   --eab                        Use External Account Binding for account registration. Requires --kid and --hmac.
   --kid value                  Key identifier from External CA. Used for External Account Binding.
   --hmac value                 MAC key from External CA. Should be in Base64 URL Encoding without padding format. Used for External Account Binding.
   --key-type value, -k value   Key type to use for private keys. Supported: rsa2048, rsa4096, rsa8192, ec256, ec384. (default: "ec256")
   --filename value             (deprecated) Filename of the generated certificate.
   --path value                 Directory to use for storing the data. (default: "/root/.lego") [$LEGO_PATH]
   --http                       Use the HTTP challenge to solve challenges. Can be mixed with other types of challenges.
   --http.port value            Set the port and interface to use for HTTP based challenges to listen on.Supported: interface:port or :port. (default: ":80")
   --http.proxy-header value    Validate against this HTTP header when solving HTTP based challenges behind a reverse proxy. (default: "Host")
   --http.webroot value         Set the webroot folder to use for HTTP based challenges to write directly in a file in .well-known/acme-challenge. This disables the built-in server and expects the given directory to be publicly served with access to .well-known/acme-challenge
   --http.memcached-host value  Set the memcached host(s) to use for HTTP based challenges. Challenges will be written to all specified hosts.
   --tls                        Use the TLS challenge to solve challenges. Can be mixed with other types of challenges.
   --tls.port value             Set the port and interface to use for TLS based challenges to listen on. Supported: interface:port or :port. (default: ":443")
   --dns value                  Solve a DNS challenge using the specified provider. Can be mixed with other types of challenges. Run 'lego dnshelp' for help on usage.
   --dns.disable-cp             By setting this flag to true, disables the need to wait the propagation of the TXT record to all authoritative name servers.
   --dns.resolvers value        Set the resolvers to use for performing recursive DNS queries. Supported: host:port. The default is to use the system resolvers, or Google's DNS resolvers if the system's cannot be determined.
   --http-timeout value         Set the HTTP timeout value to a specific value in seconds. (default: 0)
   --dns-timeout value          Set the DNS timeout value to a specific value in seconds. Used only when performing authoritative name servers queries. (default: 10)
   --pem                        Generate a .pem file by concatenating the .key and .crt files together.
   --cert.timeout value         Set the certificate timeout value to a specific value in seconds. Only used when obtaining certificates. (default: 30)
   --help, -h                   show help
   --version, -v                print the version
User avatar
outkastm
Posts: 1185
Joined: 29 Dec 2020, 23:52

Re: [ LEGo ][4.5.3.0 ] Let's Encrypt client and ACME library

Post by outkastm »

added initial version
User avatar
davidmcdougal
Posts: 2
Joined: 20 Jun 2022, 11:07

Re: [ LEGo ][4.7.0.0 ] Let's Encrypt client and ACME library

Post by davidmcdougal »

I installed the package on my FS-423 in the NVME slot and when I try and run either the internal http server, or using cloudflare I am getting this error message. Using the steps from here: https://go-acme.github.io/lego/usage/cl ... rtificate/

2022/06/20 11:05:39 Could not create client: get directory at 'https://acme-v02.api.letsencrypt.org/directory': Get "https://acme-v02.api.letsencrypt.org/directory": x509: certificate signed by unknown authority

Here is the command that I am running (blurred out senstive)
[img]https://www.dropbox.com/s/g2njqu835xzse ... 18.png/img]
User avatar
outkastm
Posts: 1185
Joined: 29 Dec 2020, 23:52

Re: [ LEGo ][4.7.0.0 ] Let's Encrypt client and ACME library

Post by outkastm »

run these commands in ssh and let me know if it works after

Code: Select all

sudo -i
ter_curl --insecure https://curl.se/ca/cacert.pem -o /etc/ssl/certs/ca-certificates.crt
ln -sf /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-bundle.crt
User avatar
Toxster
Posts: 19
Joined: 29 Jun 2021, 17:19

Re: [ LEGo ][4.7.0.0 ] Let's Encrypt client and ACME library

Post by Toxster »

Is this going to be transferred to TOS 5 or is there any good alternative for TOS 5?
Post Reply