The server is using LetsEncrypt certificates and I'm hoping to use that same certificate for the fTelnetProxy application, but thus far I've been unable to come up with a working configuration. It looks like .net/mono needs a PFX format certificate, which I can generate, but it does't work when I do. I either get "--Error loading cert file", or it throws an error in SSL.AuthenticateAsServer.It won't help much but I host fTelnet under Win32 and it's using a PFX
Hi All,
I've been trying to get fTelnet working in a fully self-hosted arrangement. I'm coming unstuck trying to work out how to configure the WSS certificate for the proxy.
The server is using LetsEncrypt certificates and I'm hoping to use that same certificate for the fTelnetProxy application, but thus far I've
been unable to come up with a working configuration. It looks like .net/mono needs a PFX format certificate, which I can generate, but it does't work when I do. I either get "--Error loading cert file", or it throws an error in SSL.AuthenticateAsServer.
The proxy application definitely has permission to read the required files. I've tested my client config against a public proxy and it works fine, so I'm 99% sure the problem is with my own proxy config. The
client host can reach the proxy on the WSS port (confirmed with telnet).
Has anyone else out there made this work, using a LetsEncrypt
certificate (or a conversion from an LE certificate), on Linux? Ubuntu 22.04.5 LTS if it matters.
Hi All,
I've been trying to get fTelnet working in a fully self-hosted arrangement. I'm coming unstuck trying to work out how to configure the WSS certificate for the proxy.
The server is using LetsEncrypt certificates and I'm hoping to use that same certificate for the fTelnetProxy application, but thus far I've been unable to come up with a working configuration. It looks like .net/mono needs a PFX format certificate, which I can generate, but it does't work when I do. I either get "--Error loading cert file", or it throws an error in SSL.AuthenticateAsServer.
The proxy application definitely has permission to read the required files. I've tested my client config against a public proxy and it works fine, so I'm 99% sure the problem is with my own proxy config. The client host can reach the proxy on the WSS port (confirmed with telnet).
Has anyone else out there made this work, using a LetsEncrypt certificate (or a conversion from an LE certificate), on Linux? Ubuntu 22.04.5 LTS if it matters.
Hi All,
I've been trying to get fTelnet working in a fully self-hosted arrangement. I'm coming unstuck trying to work out how to configure the WSS certificate for the proxy.
The server is using LetsEncrypt certificates and I'm hoping to use that same certificate for the fTelnetProxy application, but thus far I've been unable to come up with a working configuration. It looks like .net/mono needs a PFX format certificate, which I can generate, but it does't work when I do. I either get "--Error loading cert file", or it throws an error in SSL.AuthenticateAsServer.
The proxy application definitely has permission to read the required files. I've tested my client config against a public proxy and it works fine, so I'm 99% sure the problem is with my own proxy config. The client host can reach the proxy on the WSS port (confirmed with telnet).
Has anyone else out there made this work, using a LetsEncrypt certificate (or a conversion from an LE certificate), on Linux? Ubuntu 22.04.5 LTS if it matters.
--- Mystic BBS v1.12 A49 2024/05/29 (Linux/64) * Origin: TassieBob
BBS, Hobart, Tasmania (21:3/169)
I receive the same error on my Linux Mystic BBS. **** I am going to
follow this thread.
I ended up using fTelnet embedded on mine. https://embed-v2.ftelnet.ca/
It won't help much but I host fTelnet under Win32 and it's using a PFX file from Lets Encrypt just fine. Didn't do anything special, and it renews when necessary using WACS.
Yep. This is the command I use in a bash script to get Websockify and Let's Encrypt working:
https://pastebin.com/7e2A3EDL
websockify --cert=c:\apache24\conf\bundle.pem 192.168.0.4:8080 192.168.0.3:24
Again, point ftelnet to the hostname and socket port number, and don't supply proxy information.
I already have LE managing a cert for the hostname in question (the web clie is hosted there) - I suspect the issue is working out how to convert it from PEM to PFX format such that fTelnetProxy is happy to use it. Once I work th out I can automate it...
Yep. This is the command I use in a bash script to get Websockify and Let's Encrypt working:
https://pastebin.com/7e2A3EDL
Hmmm, so you're using Websockify instead of the fTelnetProxy? I will
try this - thanks for the suggestion!
websockify --cert=c:\apache24\conf\bundle.pem 192.168.0.4:8080 192.168.0.3:24
Again, point ftelnet to the hostname and socket port number, anddon't
supply proxy information.
Thanks for the pointer - I have this working, but still have a couple of things to try and solve...
* websockify needs to access the private key for the certificate, but that by default requires root to access the file. Obviously I don't want to run websockify as root :-) I suspect I'll have to drop in a hook in certbot to either copy it somewhere websockify can access, or set the permissions so a group websockify is in has read access. The former is probably safer, in case something else checks the file mode and bails if it's too open.
* If I read the documentation correctly, websockify won't notice when the certificate is updated, so the certbot hook will probably have to restart wensockify as well, which will break existing sessions. Probably not too much of an issue - not like we're being buried with BBS users these days :-(
Thanks again for the pointer!
Have you tried OpenSSL to do the conversion?
Have you tried OpenSSL to do the conversion?
I did, but fTelnetProxy didn't like the result so I was obviously not doing it the way it wanted (and that was part of the problem - I didn't know precisely what it wanted).
I got there with Websockify though - using fTelnet via that to type this message :-)
Hi All,Its on my bucket list. For now I use the proxies supplied through a self hosted fTelnet client @ bbs.theforze.eu.
I've been trying to get fTelnet working in a fully self-hosted arrangement coming unstuck trying to work out how to configure the WSS certificate for proxy.
Has anyone else out there made this work, using a LetsEncrypt certificate conversion from an LE certificate), on Linux? Ubuntu 22.04.5 LTS if it ma
When you figure this out please do share! ^^
When you figure this out please do share! ^^
websockify --cert /etc/letsencrypt/live/xxx.com/fullchain.pem --key=/etc/letsencrypt/live/xxx.com/privkey.pem
--ssl-only --log-file=/var/log/websockify/websockify.log --daemon 192.46.220.211:2443 bbs.tassiebob.com:2323
This is basically what I'm using thanks to a previous poster.
This is basically what I'm using thanks to a previous poster.
When you figure this out please do share! ^^
websockify --cert /etc/letsencrypt/live/xxx.com/fullchain.pem --key=/etc/letsencrypt/live/xxx.com/privkey.pem --ssl-only --log-file=/var/log/websockify/websockify.log --daemon
192.46.220.211:2443 bbs.tassiebob.com:2323
This is basically what I'm using thanks to a previous poster.
--- Mystic BBS v1.12 A49 2024/05/29 (Linux/64) * Origin: TassieBob
BBS, Hobart, Tasmania (21:3/169)
websockify --cert /etc/letsencrypt/live/xxx.com/fullchain.pem --key=/etc/letsencrypt/live/xxx.com/privkey.pem --ssl-only --log-file=/var/log/websockify/websockify.log --daemon 192.46.220.211:2443 bbs.tassiebob.com:2323
This is basically what I'm using thanks to a previous poster.
I would suggest that your target ip is internal to avoid leaking the security.
Sysop: | Angel Ripoll |
---|---|
Location: | Madrid, Spain |
Users: | 11 |
Nodes: | 8 (0 / 8) |
Uptime: | 161:07:43 |
Calls: | 476 |
Calls today: | 1 |
Files: | 14,051 |
Messages: | 66,578 |