This forum uses cookies

buuuudzik · (This post was last modified: 10.12.2020, 07:22 by buuuudzik.)

How can I replacing current ssl certificate with a new one e.g. from LM ftp?

Let's encrypt suggest to renewing at least one time per three months, so I want add some autoreplacing based on ftp on LM or downloaded from certificate server?

And how can I check certificate expiration date in Lua?

I found some instruction but I don't know how to use it with LM:
https://github.com/auto-ssl/lua-resty-au...enewal.lua

***admin*** · 11.12.2020, 07:39

The script that you've provided won't work on LM. At this point it's not possible to fully automate this process without an external server. We have plans to add a service that uses LetsEncrypt for fully automated certificate issue and renewal but I can't tell you when it's going live.

For now you can replace the current key/certificate like this:

Code:
require('json')

-- data from privkey.pem

key = [[

-----BEGIN PRIVATE KEY-----

...

-----END PRIVATE KEY-----

]]

-- data from fullchain.pem

crt = [[

-----BEGIN CERTIFICATE-----

...

-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----

...

-----END CERTIFICATE-----

]]

json.data = function()

  return {

    values = {

      mode = 'set',

      key = key,

      crt = crt,

    }

  }

end

stat, res = pcall(dofile, '/lib/flashsys/httpd_crt/save.lua')

if stat then

  res = json.pdecode(res)

  log(res)

  os.execute('/etc/init.d/nginx reload')

else

  log('error', res)

end

batistacaceres · 06.05.2022, 11:10

(11.12.2020, 07:39)admin Wrote: The script that you've provided won't work on LM. At this point it's not possible to fully automate this process without an external server. We have plans to add a service that uses LetsEncrypt for fully automated certificate issue and renewal but I can't tell you when it's going live.

For now you can replace the current key/certificate like this:

Code:
require('json') -- data from privkey.pem key = [[ -----BEGIN PRIVATE KEY----- ... -----END PRIVATE KEY----- ]] -- data from fullchain.pem crt = [[ -----BEGIN CERTIFICATE----- ... -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- ... -----END CERTIFICATE----- ]] json.data = function() return { values = { mode = 'set', key = key, crt = crt, } } end stat, res = pcall(dofile, '/lib/flashsys/httpd_crt/save.lua') if stat then res = json.pdecode(res) log(res) os.execute('/etc/init.d/nginx reload') else log('error', res) end

Hello Admin:

Is there anyway to fully automate the LetsEncrypt certificates?
best regards

***admin*** · 06.05.2022, 11:12

Install the SSL certificate app from the LM app store.

batistacaceres · (This post was last modified: 06.05.2022, 11:44 by batistacaceres.)

(06.05.2022, 11:12)admin Wrote: Install the SSL certificate app from the LM app store.

Hello Admin:

I have tried, but SSL certificate app is only from local, and I want to access from outside.

When I try SSL certificate app shows the next error:

Could you help me, please

best regards
Roger

***admin*** · 06.05.2022, 11:33

There was an problem on our side not it should be working. But the certificate is only valid for local LM IP address.
If you need full remote access then you should use ZeroTier or OpenVPN (both are encrypted so HTTPS is not needed). Or you can use LM cloud for remote control.

batistacaceres · 06.05.2022, 11:43

(06.05.2022, 11:33)admin Wrote: There was an problem on our side not it should be working. But the certificate is only valid for local LM IP address.
If you need full remote access then you should use ZeroTier or OpenVPN (both are encrypted so HTTPS is not needed). Or you can use LM cloud for remote control.

Thank you, now it works...

best regards

Leo681 · 06.06.2023, 15:23

I can generate the cert required, is it possible from a LUA Script to write to the Logic MAchine and overwrite the CERTS it already has?

Login
Username:
Password:	Lost Password?
	Remember me