Renewing SSL certificate - Printable Version

Renewing SSL certificate - Printable Version

+- Logic Machine Forum (https://forum.logicmachine.net)
+-- Forum: LogicMachine eco-system (https://forum.logicmachine.net/forumdisplay.php?fid=1)
+--- Forum: Scripting (https://forum.logicmachine.net/forumdisplay.php?fid=8)
+--- Thread: Renewing SSL certificate (/showthread.php?tid=3056)

Renewing SSL certificate - buuuudzik - 09.12.2020

How can I replacing current ssl certificate with a new one e.g. from LM ftp?

Let's encrypt suggest to renewing at least one time per three months, so I want add some autoreplacing based on ftp on LM or downloaded from certificate server?

And how can I check certificate expiration date in Lua?

I found some instruction but I don't know how to use it with LM:
https://github.com/auto-ssl/lua-resty-auto-ssl/blob/master/lib/resty/auto-ssl/jobs/renewal.lua

RE: Renewing SSL certificate - admin - 11.12.2020

The script that you've provided won't work on LM. At this point it's not possible to fully automate this process without an external server. We have plans to add a service that uses LetsEncrypt for fully automated certificate issue and renewal but I can't tell you when it's going live.

For now you can replace the current key/certificate like this:

Code:
require('json')

-- data from privkey.pem

key = [[

-----BEGIN PRIVATE KEY-----

...

-----END PRIVATE KEY-----

]]

-- data from fullchain.pem

crt = [[

-----BEGIN CERTIFICATE-----

...

-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----

...

-----END CERTIFICATE-----

]]

json.data = function()

  return {

    values = {

      mode = 'set',

      key = key,

      crt = crt,

    }

  }

end

stat, res = pcall(dofile, '/lib/flashsys/httpd_crt/save.lua')

if stat then

  res = json.pdecode(res)

  log(res)

  os.execute('/etc/init.d/nginx reload')

else

  log('error', res)

end

RE: Renewing SSL certificate - batistacaceres - 06.05.2022

(11.12.2020, 07:39)admin Wrote: The script that you've provided won't work on LM. At this point it's not possible to fully automate this process without an external server. We have plans to add a service that uses LetsEncrypt for fully automated certificate issue and renewal but I can't tell you when it's going live.

For now you can replace the current key/certificate like this:

Code:
require('json') -- data from privkey.pem key = [[ -----BEGIN PRIVATE KEY----- ... -----END PRIVATE KEY----- ]] -- data from fullchain.pem crt = [[ -----BEGIN CERTIFICATE----- ... -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- ... -----END CERTIFICATE----- ]] json.data = function() return { values = { mode = 'set', key = key, crt = crt, } } end stat, res = pcall(dofile, '/lib/flashsys/httpd_crt/save.lua') if stat then res = json.pdecode(res) log(res) os.execute('/etc/init.d/nginx reload') else log('error', res) end

Hello Admin:

Is there anyway to fully automate the LetsEncrypt certificates?
best regards

RE: Renewing SSL certificate - admin - 06.05.2022

Install the SSL certificate app from the LM app store.

RE: Renewing SSL certificate - batistacaceres - 06.05.2022

(06.05.2022, 11:12)admin Wrote: Install the SSL certificate app from the LM app store.

Hello Admin:

I have tried, but SSL certificate app is only from local, and I want to access from outside.

When I try SSL certificate app shows the next error:

Could you help me, please

best regards
Roger

RE: Renewing SSL certificate - admin - 06.05.2022

There was an problem on our side not it should be working. But the certificate is only valid for local LM IP address.
If you need full remote access then you should use ZeroTier or OpenVPN (both are encrypted so HTTPS is not needed). Or you can use LM cloud for remote control.

RE: Renewing SSL certificate - batistacaceres - 06.05.2022

(06.05.2022, 11:33)admin Wrote: There was an problem on our side not it should be working. But the certificate is only valid for local LM IP address.
If you need full remote access then you should use ZeroTier or OpenVPN (both are encrypted so HTTPS is not needed). Or you can use LM cloud for remote control.

Thank you, now it works...

best regards

RE: Renewing SSL certificate - Leo681 - 06.06.2023

I can generate the cert required, is it possible from a LUA Script to write to the Logic MAchine and overwrite the CERTS it already has?