This forum uses cookies
This forum makes use of cookies to store your login information if you are registered, and your last visit if you are not. Cookies are small text documents stored on your computer; the cookies set by this forum can only be used on this website and pose no security risk. Cookies on this forum also track the specific topics you have read and when you last read them. Please confirm that you accept these cookies being set.

Renewing SSL certificate
#1
How can I replacing current ssl certificate with a new one e.g. from LM ftp?

Let's encrypt suggest to renewing at least one time per three months, so I want add some autoreplacing based on ftp on LM or downloaded from certificate server?

And how can I check certificate expiration date in Lua?

I found some instruction but I don't know how to use it with LM:
https://github.com/auto-ssl/lua-resty-au...enewal.lua
Done is better than perfect
Reply
#2
The script that you've provided won't work on LM. At this point it's not possible to fully automate this process without an external server. We have plans to add a service that uses LetsEncrypt for fully automated certificate issue and renewal but I can't tell you when it's going live.

For now you can replace the current key/certificate like this:
Code:
require('json')

-- data from privkey.pem
key = [[
-----BEGIN PRIVATE KEY-----
...
-----END PRIVATE KEY-----
]]

-- data from fullchain.pem
crt = [[
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
]]

json.data = function()
  return {
    values = {
      mode = 'set',
      key = key,
      crt = crt,
    }
  }
end

stat, res = pcall(dofile, '/lib/flashsys/httpd_crt/save.lua')

if stat then
  res = json.pdecode(res)
  log(res)
  os.execute('/etc/init.d/nginx reload')
else
  log('error', res)
end
Reply
#3
(11.12.2020, 07:39)admin Wrote: The script that you've provided won't work on LM. At this point it's not possible to fully automate this process without an external server. We have plans to add a service that uses LetsEncrypt for fully automated certificate issue and renewal but I can't tell you when it's going live.

For now you can replace the current key/certificate like this:
Code:
require('json')

-- data from privkey.pem
key = [[
-----BEGIN PRIVATE KEY-----
...
-----END PRIVATE KEY-----
]]

-- data from fullchain.pem
crt = [[
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
]]

json.data = function()
  return {
    values = {
      mode = 'set',
      key = key,
      crt = crt,
    }
  }
end

stat, res = pcall(dofile, '/lib/flashsys/httpd_crt/save.lua')

if stat then
  res = json.pdecode(res)
  log(res)
  os.execute('/etc/init.d/nginx reload')
else
  log('error', res)
end

Hello Admin:

Is there anyway to fully automate the LetsEncrypt certificates?
best regards
Reply
#4
Install the SSL certificate app from the LM app store.
Reply
#5
(06.05.2022, 11:12)admin Wrote: Install the SSL certificate app from the LM app store.

Hello Admin:

I have tried, but SSL certificate app is only from local, and I want to access from outside.

When I try  SSL certificate app shows the next error:



Could you help me, please

best regards
Roger
Reply
#6
There was an problem on our side not it should be working. But the certificate is only valid for local LM IP address.
If you need full remote access then you should use ZeroTier or OpenVPN (both are encrypted so HTTPS is not needed). Or you can use LM cloud for remote control.
Reply
#7
(06.05.2022, 11:33)admin Wrote: There was an problem on our side not it should be working. But the certificate is only valid for local LM IP address.
If you need full remote access then you should use ZeroTier or OpenVPN (both are encrypted so HTTPS is not needed). Or you can use LM cloud for remote control.

Thank you, now it works...

best regards
Reply
#8
I can generate the cert required, is it possible from a LUA Script to write to the Logic MAchine and overwrite the CERTS it already has?
Reply


Forum Jump: