Hello everyone. It feels a little nostalgic being here right now and composing a
message like this--that is NOT an email or FB messenger or texting, lol!
I used to run a Spitfire BBS back in the 80s and 90s called the Mystical Realm B
BS with a secondary "Adults Only" node/board called "After Hours BBS" and a coll
aborative BBS called The Road House. I had Fido-Net and Circuit-Net setup and ha
d a lot of fun running these along with all the doors, etc. Here I am almost 40
years later wanting to get back into it. Sadly I am not able to get my Spitfire
board up and running unless I want to rock it like 2010, lol! Some Turbo Pascal
bug I imagine? Not to mention my Colorado Tape Backup of my BBS is hosed. So, I'
ve set up Sync 3.20e on an old Ubiquiti NVR appliance PC running Debian 12.9 hea
dless.
I've gotten so far as to have set myself up as the Sysop and a guest user in thi
s 2025 redux of Mystical Realm BBS, I still have a lot of configuring to do, ANS
I screens to build, Doors to install, etc. I think I have Dove-Net set up proper
ly? What I had been struggling with was setting up my SSL certificate so that tr
affic to mysticalrealmbbs.com whould be wrapped in an encrypted session. I could
connect to port 80 just fine and telnet in just fine. I moved Sync SSH to port
2222 for now, (though I am thinking about moving it back to 22 and moving my "ad
min the box" port to 2222 for normal ssh sessions). I tried to follow the docume
ntation at:
https://wiki.synchro.net/module:letsyncrypt
...but could not get Let's Encrypt to work either. So I then attempted to get a
SSL cert installed like I would normally do when I set up a regular website, but
I had issues there as well. I tried to follow the documentation found at:
https://wiki.synchro.net/module:certtool
...so, through some trial and error I was able to get my cert installed, but I w
ant to confirm whether or not this was proper or if there was a better way to se
t this up? So I came up with the following documation for myself in case I need
to redo my setup at any time:
-------------------------------------------------------------------------
Synchronet BBS: Setting Up SSL with a PositiveSSL Certificate (Namecheap)
This guide documents the steps I took to generate and install a PositiveSSL cert
ificate (from Namecheap) on a Synchronet BBS instance, bypassing some limitation
s and/or issues (or my inexperience) that I was encountering with certtool.js an
d therefore arrived at this working manual alternative. I had looked over the do
cumentation at https://wiki.synchro.net/module:certtool
I was unable to get the LetSyncrypt client (documented at https://wiki.synchro.n
et/module:letsyncrypt) working so undid/removed my timed event setup based on th
ose instructions and proceeded with the steps below.
Step 1: Generate a Certificate Signing Request (CSR)
I ran the following command to generate a CSR and private key using Synchronet's
certtool.js:
/sbbs/exec/jsexec /sbbs/exec/certtool.js --csr --domain mysticalrealmbbs.com --d
omain www.mysticalrealmbbs.com > /sbbs/csr.pem
- This created a CSR at /sbbs/csr.pem. (perhaps I should have stuck it in /sbbs/
ctrl/csr.pem?)
- It also generated a private key saved as /sbbs/ctrl/cryptlib.key.
Step 2: Submit CSR to Namecheap
1. I then went into my Namecheap account, activated my SSL.
2. I was prompted to submit the contents of /sbbs/csr.pem to generate my Positiv
eSSL certificate.
3. After verification (using the cname method), Namecheap provided two files:
- mysticalrealmbbs_com.crt (your SSL certificate)
- mysticalrealmbbs_com.ca-bundle (intermediate certificate chain)
Step 3: Combine Certificate and CA Bundle
I combined my certificate and bundle into a single file:
cat mysticalrealmbbs_com.crt mysticalrealmbbs_com.ca-bundle > /sbbs/ctrl/bbs.crt
This is the full certificate chain that I surmise Synchronet is expecting.
Step 4: Prepare the Private Key
Since I generated the CSR with certtool.js, my private key was already located a
t:
/sbbs/ctrl/cryptlib.key
I copied it for use with the new cert:
cp /sbbs/ctrl/cryptlib.key /sbbs/ctrl/bbs.key
Step 5: Update Synchronet Configuration (sbbs.ini)
I manually edited sbbs.ini (i.e. nano /sbbs/ctrl/sbbs.ini) and configured SSL (a
dding) for the appropriate services. For example, for HTTPS:
[web]
Secure = true
CertificateFile = bbs.crt
KeyFile = bbs.key
Repeat this block for [ftp], [telnet], etc. if desired.
Step 6: Set File Permissions
Make sure the certificate and key are only readable by the Synchronet user:
chmod 600 /sbbs/ctrl/bbs.*
chown sbbs:sbbs /sbbs/ctrl/bbs.*
Step 7: Restart Synchronet
Restart your BBS to apply the changes:
sudo systemctl restart sbbs
Notes and Troubleshooting
- Why not use certtool.js --import?
- This method failed to create expected .crt or .cert files during testing.
- The key format generated by Cryptlib may be incompatible with OpenSSL tools,
but is accepted by Synchronet directly.
- Verifying key and cert match (optional):
If needed, you can check that your private key and cert match using OpenSSL (o
nly works with compatible key formats):
openssl rsa -in /sbbs/ctrl/bbs.key -modulus -noout | sha256sum
openssl x509 -in /sbbs/ctrl/bbs.crt -modulus -noout | sha256sum
If the hashes match, the key and cert pair correctly. But I beleve that certto
ol.js is using a different format to generte the key.
TL;DR / Summary
This document outlines a full working process for integrating a third-party SSL
certificate with Synchronet BBS, including fallback steps when the built-in cert
tool.js import process does not succeed.
Submitted for review and feedback by Digital Man and the Synchronet community.
---
■ Synchronet ■ Mystical Realm BBS - mysticalrealmbbs.com
|
