Privacy Policy Cookie Policy Forum: Veleno BBS

  1. Forum
  2. DOVE-Net
  3. Synchronet Discussion

  • letsyncrypt issue

    From Dumas Walker@VERT/CAPCITY2 to All on Thu Feb 12 09:01:49 2026
    This week, I have started having certificate issues. letsyncrypt is enabled, running, and I have not touched the configs for it.

    Firefox users are getting a security warning which, on further inspection, is complaining about a self signed cert. Here is what appears on the BBS side during such a connection:

    2/12 08:46:38 web 0062 TLS WARNING 'Received TLS alert message: Bad certificate' (-26) popping data

    Chrome also throws a security warning. Locally:

    2/12 08:48:49 web 0057 TLS WARNING 'Received TLS alert message: Certificate unknown' (-26) setting session active

    Running the event, or running letsyncrypt from cli, don't offer any clues of a potential issue:

    2/12 08:50:02 evnt BBS Events Semaphore signaled for Timed Event: SYNCRYPT
    2/12 08:50:02 evnt SYNCRYPT Running native timed event: ?letsyncrypt.js
    2/12 08:50:02 evnt SYNCRYPT Timed event: '?letsyncrypt.js' returned 0

    Running from cli produces no clues:

    $ ./jsexec letsyncrypt.js

    JSexec v3.21a-Linux master/123f2d28a - Execute Synchronet JavaScript Module Compiled Jul 12 2025 20:59 with GCC 12.2.0

    Loading configuration files from /home/bbs/ctrl
    JavaScript-C 1.8.5 2011-03-31
    JavaScript: Creating runtime: 8388608 bytes

    Reading script from /home/bbs/repo/exec/letsyncrypt.js /home/bbs/repo/exec/letsyncrypt.js compiled in 0.00 seconds /home/bbs/repo/exec/letsyncrypt.js executed in 0.06 seconds

    JavaScript: Destroying context
    JavaScript: Destroying runtime

    The contents of my ini file:

    ; $Id: letsyncrypt.ini,v 1.1 2019/07/24 22:32:54 rswindell Exp $
    ; For use with exec/letsyncrypt.js
    ; See http://wiki.synchro.net/module:letsyncrypt for details

    Host = acme-v02.api.letsencrypt.org
    Directory = /directory
    TOSAgreed = true
    GroupReadableKeyFile = false

    [Domains]
    capitolcityonline.net = /sbbs/webv4/root
    capcity2.synchro.net = /sbbs/webv4/root
    classic.capitolcityonline.net = /sbbs/webv4/root/classic.capitolcityonline.net

    [key_id] acme-v02.api.letsencrypt.org=https://acme-v02.api.letsencrypt.org/acme /acct/108002992

    [State]
    DomainHash= (redacted)
    Host=acme-v02.api.letsencrypt.org

    Is anyone else having issues?

    $$
    ---
    þ Synchronet þ CAPCITY2 * Capitol City Online
  • From Digital Man@VERT to Dumas Walker on Thu Feb 12 14:11:33 2026
    Re: letsyncrypt issue
    By: Dumas Walker to All on Thu Feb 12 2026 09:01 am

    This week, I have started having certificate issues. letsyncrypt is enabled, running, and I have not touched the configs for it.

    Firefox users are getting a security warning which, on further inspection, is complaining about a self signed cert. Here is what appears on the BBS side during such a connection:

    2/12 08:46:38 web 0062 TLS WARNING 'Received TLS alert message: Bad certificate' (-26) popping data

    Chrome also throws a security warning. Locally:

    2/12 08:48:49 web 0057 TLS WARNING 'Received TLS alert message: Certificate unknown' (-26) setting session active

    Running the event, or running letsyncrypt from cli, don't offer any clues of a potential issue:

    2/12 08:50:02 evnt BBS Events Semaphore signaled for Timed Event: SYNCRYPT 2/12 08:50:02 evnt SYNCRYPT Running native timed event: ?letsyncrypt.js
    2/12 08:50:02 evnt SYNCRYPT Timed event: '?letsyncrypt.js' returned 0

    Running from cli produces no clues:

    $ ./jsexec letsyncrypt.js

    letencrypt.js support command-line options too: https://wiki.synchro.net/module:letsyncrypt

    The contents of my ini file:

    ; $Id: letsyncrypt.ini,v 1.1 2019/07/24 22:32:54 rswindell Exp $
    ; For use with exec/letsyncrypt.js
    ; See http://wiki.synchro.net/module:letsyncrypt for details

    Host = acme-v02.api.letsencrypt.org
    Directory = /directory
    TOSAgreed = true
    GroupReadableKeyFile = false

    [Domains]
    capitolcityonline.net = /sbbs/webv4/root
    capcity2.synchro.net = /sbbs/webv4/root
    classic.capitolcityonline.net = /sbbs/webv4/root/classic.capitolcityonline.net

    [key_id] acme-v02.api.letsencrypt.org=https://acme-v02.api.letsencrypt.org/acme /acct/108002992

    [State]
    DomainHash= (redacted)
    Host=acme-v02.api.letsencrypt.org

    Is anyone else having issues?

    I'm not having issues. When I check your domain with this tool: https://www.ssllabs.com/ssltest/analyze.html?d=capitolcityonline.net
    it reports that you have a Certificate name mismatch, clicking ignore/continue it then reports that it's self-signed.

    If I try https://www.ssllabs.com/ssltest/analyze.html?d=capcity2.synchro.net it also reports a self-signed cert. So it definitely seems like the certificate being sent out doesn't match your letsyncrypt.cfg.

    One thing you can do is disable self-signed cert generation by setting SCFG->System->Security->Create Self-signed Certificate to "No".
    --
    digital man (rob)

    Synchronet "Real Fact" #130:
    Synchronet v3.20b was released on January 3, 2025 (3 years after v3.19b)
    Norco, CA WX: 65.7øF, 49.0% humidity, 6 mph WNW wind, 0.00 inches rain/24hrs ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From Dumas Walker@VERT/CAPTEST to DIGITAL MAN on Fri Feb 13 09:14:47 2026
    I'm not having issues. When I check your domain with this tool: https://www.ssllabs.com/ssltest/analyze.html?d=capitolcityonline.net
    it reports that you have a Certificate name mismatch, clicking ignore/continue
    it then reports that it's self-signed.

    If I try https://www.ssllabs.com/ssltest/analyze.html?d=capcity2.synchro.net i
    also reports a self-signed cert. So it definitely seems like the certificate being sent out doesn't match your letsyncrypt.cfg.

    Based on my config (requoted below), do you see anything that would cause a name mismatch or a cert that doesn't match my config?

    One thing you can do is disable self-signed cert generation by setting SCFG->System->Security->Create Self-signed Certificate to "No".

    OK I have changed that and will see what happens.

    Config file contents:

    Host = acme-v02.api.letsencrypt.org
    Directory = /directory
    TOSAgreed = true
    GroupReadableKeyFile = false

    [Domains]
    capitolcityonline.net = /sbbs/webv4/root
    capcity2.synchro.net = /sbbs/webv4/root
    classic.capitolcityonline.net = /sbbs/webv4/root/classic.capitolcityonline.net

    [key_id] acme-v02.api.letsencrypt.org=https://acme-v02.api.letsencrypt.org/acme /acct/108002992

    [State]
    DomainHash= (redacted)
    Host=acme-v02.api.letsencrypt.org


    * SLMR 2.1a * OS/2 VirusScan - "Windows found: Remove it? [Y/y]"
    ---
    þ Synchronet þ moe's tavern * 1-5028758938 * moetiki.ddns.net:27
  • From Dumas Walker@VERT/CAPCITY2 to Digital Man on Fri Feb 13 12:17:55 2026
    Update... trying some of the command lines do return errors:

    $ ./jsexec letsyncrypt.js --revoke

    JSexec v3.21a-Linux master/123f2d28a - Execute Synchronet JavaScript Module Compiled Jul 12 2025 20:59 with GCC 12.2.0

    Loading configuration files from /home/bbs/ctrl
    JavaScript-C 1.8.5 2011-03-31
    JavaScript: Creating runtime: 8388608 bytes

    Reading script from /home/bbs/repo/exec/letsyncrypt.js /home/bbs/repo/exec/letsyncrypt.js compiled in 0.00 seconds
    !JavaScript /home/bbs/exec/load/acmev2.js line 360: Error: revokeCert did not return 200
    /home/bbs/repo/exec/letsyncrypt.js executed in 1.67 seconds
    !Module (letsyncrypt.js) set exit_code: 1

    JavaScript: Destroying context
    JavaScript: Destroying runtime

    Returning error code: 1

    $ ./jsexec letsyncrypt.js --force

    JSexec v3.21a-Linux master/123f2d28a - Execute Synchronet JavaScript Module Compiled Jul 12 2025 20:59 with GCC 12.2.0

    Loading configuration files from /home/bbs/ctrl
    JavaScript-C 1.8.5 2011-03-31
    JavaScript: Creating runtime: 8388608 bytes

    Reading script from /home/bbs/repo/exec/letsyncrypt.js /home/bbs/repo/exec/letsyncrypt.js compiled in 0.00 seconds
    !JavaScript : uncaught exception: Authorization failed... https://acme-v02.api.letsencrypt.org/acme/authz/108002992/658142411146 /home/bbs/repo/exec/letsyncrypt.js executed in 3.76 seconds
    !Module (letsyncrypt.js) set exit_code: 1

    JavaScript: Destroying context
    JavaScript: Destroying runtime

    Returning error code: 1

    $ ./jsexec letsyncrypt.js --new-key

    JSexec v3.21a-Linux master/123f2d28a - Execute Synchronet JavaScript Module Compiled Jul 12 2025 20:59 with GCC 12.2.0

    Loading configuration files from /home/bbs/ctrl
    JavaScript-C 1.8.5 2011-03-31
    JavaScript: Creating runtime: 8388608 bytes

    Reading script from /home/bbs/repo/exec/letsyncrypt.js /home/bbs/repo/exec/letsyncrypt.js compiled in 0.00 seconds
    !JavaScript /home/bbs/exec/load/acmev2.js line 307: Error: keyChange did not return 200
    /home/bbs/repo/exec/letsyncrypt.js executed in 1.50 seconds
    !Module (letsyncrypt.js) set exit_code: 1

    JavaScript: Destroying context
    JavaScript: Destroying runtime

    Returning error code: 1

    Config:


    ; $Id: letsyncrypt.ini,v 1.1 2019/07/24 22:32:54 rswindell Exp $
    ; For use with exec/letsyncrypt.js
    ; See http://wiki.synchro.net/module:letsyncrypt for details

    Host = acme-v02.api.letsencrypt.org
    Directory = /directory
    TOSAgreed = true
    GroupReadableKeyFile = false

    [Domains]
    capitolcityonline.net = /sbbs/webv4/root
    capcity2.synchro.net = /sbbs/webv4/root
    classic.capitolcityonline.net = /sbbs/webv4/root/classic.capitolcityonline.net

    [key_id] acme-v02.api.letsencrypt.org=https://acme-v02.api.letsencrypt.org/acme /acct/108002992

    [State]
    DomainHash= (redacted)
    Host=acme-v02.api.letsencrypt.org


    $$
    ---
    þ Synchronet þ CAPCITY2 * Capitol City Online
  • From Digital Man@VERT to Dumas Walker on Fri Feb 13 14:40:43 2026
    Re: letsyncrypt issue
    By: Dumas Walker to DIGITAL MAN on Fri Feb 13 2026 09:14 am

    I'm not having issues. When I check your domain with this tool: https://www.ssllabs.com/ssltest/analyze.html?d=capitolcityonline.net
    it reports that you have a Certificate name mismatch, clicking ignore/continue
    it then reports that it's self-signed.

    If I try https://www.ssllabs.com/ssltest/analyze.html?d=capcity2.synchro.net i
    also reports a self-signed cert. So it definitely seems like the certificate being sent out doesn't match your letsyncrypt.cfg.

    Based on my config (requoted below), do you see anything that would cause a name mismatch or a cert that doesn't match my config?

    No, but I'd rerun letsyncrypt.js with some of the command-line options I pointed out (using jsexec) and see what it says.
    --
    digital man (rob)

    Synchronet "Real Fact" #97:
    Synchronet v3.13a was released in September of 2005 (9 months after v3.12a) Norco, CA WX: 67.3øF, 52.0% humidity, 13 mph WNW wind, 0.00 inches rain/24hrs ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From Digital Man@VERT to Dumas Walker on Fri Feb 13 14:48:35 2026
    Re: Re: letsyncrypt issue
    By: Dumas Walker to Digital Man on Fri Feb 13 2026 12:17 pm

    Update... trying some of the command lines do return errors:

    $ ./jsexec letsyncrypt.js --revoke

    !JavaScript /home/bbs/exec/load/acmev2.js line 360: Error: revokeCert did not return 200

    What about the other commands, do they return errors? Any change to your certificate?

    Deuce is the author of letsyncrypt and you can find him #synchronet at irc.synchro.net.
    --
    digital man (rob)

    This Is Spinal Tap quote #27:
    As long as there's, y'know, sex and drugs, I can do without the rock and roll. Norco, CA WX: 67.3øF, 52.0% humidity, 13 mph WNW wind, 0.00 inches rain/24hrs ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From Dumas Walker@VERT/CAPCITY2 to FUSION on Sun Feb 15 10:21:44 2026
    And, of course, the irc is broken, too:

    Looking up irc.synchro.net
    ^^^^^^^^^^^^^^^
    * * Subject: /CN=endofthelinebbs.com
    ^^^^^^^^^^^^^^^^^^^
    this will never work because the hosts don't match

    I noticed that but that is what happend when I plugged irc.synchro.net into hexchat in the server name field and told it to connect. I did *not* put
    *any* info in there for endofthelinebbs.com.

    I can only assume that came from the host end as I only saw that response
    the one time it connected. The other few times, when it got other errors
    or timed-out, that erroneous address didn't show up.


    * SLMR 2.1a * He does the work of 3 men.... Larry Moe & Curly.
    ---
    þ Synchronet þ CAPCITY2 * Capitol City Online
  • From Digital Man@VERT to Dumas Walker on Sun Feb 15 14:57:24 2026
    Re: Re: letsyncrypt issue
    By: Dumas Walker to FUSION on Sun Feb 15 2026 10:21 am

    And, of course, the irc is broken, too:

    Looking up irc.synchro.net
    ^^^^^^^^^^^^^^^
    * * Subject: /CN=endofthelinebbs.com
    ^^^^^^^^^^^^^^^^^^^
    this will never work because the hosts don't match

    I noticed that but that is what happend when I plugged irc.synchro.net into hexchat in the server name field and told it to connect. I did *not* put *any* info in there for endofthelinebbs.com.

    irc.synchro.net is a rotating hostname, it points to *all* of the IRC servers (and there's a lot of them). That can be seen using tools like nslookup, host, dig, etc.:

    Name: irc.synchro.net
    Addresses: 2600:6c88:8c40:5b:f1d0:1:103:705
    2604:880:52:866:f1d0:1:124:5016
    2001:19f0:6000:94c9::68:234
    2001:19f0:6000:94c9::81:241
    71.95.196.34
    51.75.174.224
    158.220.122.223
    192.138.210.158
    45.32.81.241
    138.197.129.1
    108.242.55.251
    203.191.174.253
    59.167.142.49
    45.32.68.234

    I can only assume that came from the host end as I only saw that response the one time it connected. The other few times, when it got other errors
    or timed-out, that erroneous address didn't show up.

    Simple turn off TLS in the IRC client and it'll use TCP port 6667 (didn't I already explani this?) and work. Or heck, just use the IRC option from the chat menu on your own BBS!
    --
    digital man (rob)

    Synchronet "Real Fact" #67:
    SEXYZ is as a 32-bit replacement for [F]DSZ, CE-XYZ and other protocol drivers Norco, CA WX: 59.8øF, 58.0% humidity, 6 mph WNW wind, 0.00 inches rain/24hrs ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From Accession@VERT/PHARCYDE to Dumas Walker on Mon Feb 16 05:52:06 2026
    Hey Dumas!

    On Sun, Feb 15 2026 09:21:44 -0600, you wrote:

    I noticed that but that is what happend when I plugged
    irc.synchro.net into hexchat in the server name field and told it to
    connect. I did *not* put *any* info in there for
    endofthelinebbs.com.

    FYI, in hexchat you need to type "/server -insecure irc.synchro.net" in order to connect to port 6667, otherwise it will (by default) try the TLS port. If you setup the connection in the server list, and specify the port, it will also connect just fine.

    Regards,
    Nick

    ... Sarcasm, because beating people up is illegal.
    ---
    þ Synchronet þ _thePharcyde telnet://bbs.pharcyde.org (Wisconsin)
  • From Dumas Walker@VERT/CAPCITY2 to DIGITAL MAN on Mon Feb 16 09:27:23 2026
    I can only assume that came from the host end as I only saw that response the one time it connected. The other few times, when it got other errors or timed-out, that erroneous address didn't show up.

    Simple turn off TLS in the IRC client and it'll use TCP port 6667 (didn't I already explani this?) and work. Or heck, just use the IRC option from the cha
    menu on your own BBS!

    Yes, you explained it in a message that I read after reading and responding
    to this one. ;)


    * SLMR 2.1a * EBCDIC: Erase Backup Chew Disk Ignite Cards
    ---
    þ Synchronet þ CAPCITY2 * Capitol City Online
  • From nelgin@VERT/EOTLBBS to Digital Man on Mon Feb 16 15:52:28 2026
    Re: Re: letsyncrypt issue
    By: Digital Man to Dumas Walker on Sun Feb 15 2026 14:57:24

    I noticed that but that is what happend when I plugged irc.synchro.net into hexchat in the server name field and told it to connect. I did *not* put *any* info in there for endofthelinebbs.com.

    irc.synchro.net is a rotating hostname, it points to *all* of the IRC servers (and there's a lot of them). That can be seen using tools like nslookup, host, dig, etc.:

    If Dumas wishes to use secure IRC then he's going to need to pick a server rather than relying on the irc.synchro.net alias since, as he discovered, it's not likely to work.

    irc.endofthelinebbs.com is a reliable server than can be used for secure connections on port 6697.

    ---
    þ Synchronet þ End Of The Line BBS - endofthelinebbs.com