INFO...As from fw 3.02.02, Letsencrypt is implemented in Thecus OS7 WebUI. This module can still be installed on OS7 but not needed.
Module is available for:
x64_OS5/OS7 - last version 1.25.0.0
x86_OS5/OS6 - last version 1.0.0.0
ppc_OS6 - last version 0.13.0.1
Download:
"You have not unlocked the download links. Read here to check how you can unlock them."
Require:
FaJoCron > 1.02.01
FaJoSSHD > 1.10.02 optional
x64
Python3 > 3.8.13.0
x86
Python2 > 2.05.04
Guides to use certificates on different modules, after they've been created:
apache and modules depending on apache - http://s.go.ro/k4qvegm0
Create SSL Certificate using Let’s Encrypt
Requirements:
SSH enabled on your NAS or FaJoSSHD module installed (NAS SSH will be used on this guide)
For PC, you need Putty or any SSH client to connect on you NAS
On your router forward port 80 and 443 to your NAS IP
A DNS which is pointed to your external IP, you can get one from http://freeddns.noip.com and configure it on your NAS or router for automatic update, when you external IP changed. Then you can access your NAS remotely at http://example.ddns.net or securely at https://example.ddns.net
Enable SSH in your NAS
Enable HTTP and HTTPS service
Start Putty and connect on you NAS (HOST name select your NAS IP):
Login as : root and password: youradminpassword
We consider in this tutorial your domain is example.ddns.net or *.example.ddns.net for wildcard certificate
Type this command to add your domain, replace example.ddns.net with your DNS
Code:
echo example.ddns.net > /raid/data/MOD_CONFIG/letsencrypt/domain
or for wildcard certificate
Code:
echo *.example.ddns.net > /raid/data/MOD_CONFIG/letsencrypt/domain
Then type this command to register:
Code:
/raid/data/module/Letsencrypt/shell/module.rc register
It will ask you for email address to register, type your email address and hit enter.
Code:
Saving debug log to /raid/data/MOD_CONFIG/letsencrypt/log/letsencrypt.log
Enter email address (used for urgent renewal and security notices) (Enter 'c' to
cancel):john.doe@gmail.com
-------------------------------------------------------------------------------
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about EFF and
our work to encrypt the web, protect its users and defend digital rights.
-------------------------------------------------------------------------------
(Y)es/(N)o: N
IMPORTANT NOTES:
- Your account credentials have been saved in your Certbot
configuration directory at /raid/data/MOD_CONFIG/letsencrypt. You
should make a secure backup of this folder now. This configuration
directory will also contain certificates and private keys obtained
by Certbot so making regular backups of this folder is ideal.
Now let's create the certificates, enter the following command:
Code:
/raid/data/module/Letsencrypt/shell/module.rc certonly
or for wildcard certificate:
Code:
/raid/data/module/Letsencrypt/shell/module.rc certonly_dns_challenge
Certificates will be created and saved to /raid/data/MOD_CONFIG/letsencrypt/live/example.ddns.net
Code:
Saving debug log to /raid/data/MOD_CONFIG/letsencrypt/log/letsencrypt.log
Obtaining a new certificate
Performing the following challenges:
tls-sni-01 challenge for example.ddns.net
Waiting for verification...
Cleaning up challenges
Generating key (2048 bits): /raid/data/MOD_CONFIG/letsencrypt/keys/0000_key-certbot.pem
Creating CSR: /raid/data/MOD_CONFIG/letsencrypt/csr/0000_csr-certbot.pem
Non-standard path(s), might not work with crontab installed by your operating system package manager
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at
/raid/data/MOD_CONFIG/letsencrypt/live/example.ddns.net/fullchain.pem.
Your cert will expire on 2017-07-30. To obtain a new or tweaked
version of this certificate in the future, simply run certbot
again. To non-interactively renew *all* of your certificates, run
"certbot renew"
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
wildcard certificates have to be renewed manually using:
Code:
/raid/data/module/Letsencrypt/shell/module.rc renew_dns_challenge
For the standard certificate we need to setup a crontab job so that the certificates are checked for automatic renew twice a month. Due to the fact the renew process need access to port 80 and 443, Thecus WebUI is stoped and restarted after the check process.
Open FaJoCron WebUI and add the following line in crontab file:
PHP Code:
0 5 */15 * * root /raid/data/module/Letsencrypt/shell/module.rc renew
Should look like below
Now we should configure Thecus WebUI to use our certificates. This is needed just once.
Copy the certificates from NAS somewhere locally on your PC. Certicates are stored to /raid/data/MOD_CONFIG/letsencrypt/archive/example.ddns.net, so copy the folder example.ddns.net somewhere on your PC.
Copy also /raid/data/MOD_CONFIG/letsencrypt/live/example.ddns.net/ca-bundle.crt somewhere on your PC
You can use any client you want, WinSCP or modules like eXTPlorer or MonstaFTP. Folder contain the following files:
In Thecus WebUI go to Services >> Web Service >> Advanced
Certifcate file: select cert1.pem
Certificate Key file: select privkey1.pem
CA Certificate file: chain1.pem
OS7
OS5
Click apply and reboot your NAS
Enjoy secure connection