Mailing List CGatePro@mail.stalker.com Message #106906
From: Shaun Gamble listrdr@redco.com.au <CGatePro@mail.stalker.com>
Subject: Re: Lets Encrypt for CGP on WIndows
Date: Fri, 27 Jul 2018 11:45:32 +1000
To: CommuniGate Pro Discussions <CGatePro@mail.stalker.com>
I'm having another go with your script. I didn't realise you were using DNS.

For Windows, I use LE64.exe to update the Let's Encrypt certificate. I am not using Cygwin like you so I am not sure how I can automate the renewal. I can run the file in a batch file but updating my DNS records (I administer all of my DNS records on my ISP) is beyond me with a script.


The following is the command line to use:

le64.exe --key account.key --csr mail.csr --csr-key mail.key --crt mail.crt --domains "domain" --generate-missing --handle-as dns --renew 10 --issue-code 100 --live

Two things. I am using the script from the Paste Bin URL you posted in this thread. le64.exe uses only one crt and one csr.

I am a little fuzzy on this and may be muddled here but you have listed two crt files, one being the CA. The crt file I get from LE using LE64 actually appears to have two crt files in one. In other words, the --begin-- --end-- appears twice in the one file.

I manually import the crt file at this stage doing the following:

When importing into CGP:

Users->Domains->Domain->Security->SSL/TLS

DO NOT SELECT Remove Key and Certificate.

Under Domain Certificate, select "Remove Certificate"

Then paste the contents of mail.crt into CA response.

Based on this, would I simply comment out the $cafile ? Keep in mind this is a renewal and the CA is optional but appears to be included in the crt file and imported by CGP anyway.

Once I get this, I'll need to work out how to automate renewing the certificate.

Is there anyway we can place a file in the CGP directory to allow http access (ie http://mail.cgpserver.dom/file.html)? While I can place files in the folder to change logos etc. this does not appear possible for http verification.

On 27/07/2018 1:34 AM, Nicolas Hatier nicolas.hatier@niversoft.com wrote:

Earlier in this thread I shared a script I use (on Windows and Linux) to update CGP certificates.

I use getssl on Windows to automate the certificate renewal, hooked to a custom script that does DNS verification. The custom script is specifically designed for my DNS provider, you will need to find or write one for yours.

Nicolas

On 2018-07-25 22:28, Shaun Gamble listrdr@redco.com.au wrote:
It depends upon which OS you use. If it is *nix based then it is not so bad and can be automated. Windows is a bit of a PITA. I have to renew manually. I also have to verify with DNS rather than http which is a PITA.

There are quite a few links pointing you in the right direction. My apologies if you have already seen these.

http://blog.escanav.com/2017/01/using-letsencrypt-ssl-certificate-with-communigate-pro/ https://github.com/do-know/Crypt-LE/releases/tag/0.31

http://www.communigate.com/CommuniGatePro/PKI.html#CertGen



On 25/07/2018 8:19 PM, Andre Mueller andre.mueller@himmel-blau.com wrote:

Hello

I found this discussion thread about "Let's Encrypt" certificates and integration in CGP (last post on 28.12.2017).

I would appreciate it very much if CommuniGate Pro Support could integrate a small how-to for the integration of "Let's Encrypt" certificates in the CommuniGate Pro on-line help and documentation (http://www.communigate.com/CommuniGatePro/PKI.html#DomainKeys).

Of interest would also a how-to for the case that the CommuniGate Pro has to serve different domains.

Many thanks in advance and best regards,

André



#############################################################
This message is sent to you because you are subscribed to
 the mailing list <CGatePro@mail.stalker.com>.
To unsubscribe, E-mail to: <CGatePro-off@mail.stalker.com>
To switch to the DIGEST mode, E-mail to <CGatePro-digest@mail.stalker.com>
To switch to the INDEX mode, E-mail to <CGatePro-index@mail.stalker.com>
Send administrative queries to <CGatePro-request@mail.stalker.com>

--
Shaun
Fitzroy Island <http://www.fitzroyisland.com> Cairns, QLD
Destination Darwin NT <http://www.destinationnt.com> Darwin, NT
MOM Backpackers <http://www.momdarwin.com> Darwin, NT
Value Inn Hotel <http://www.valueinn.com.au> Darwin, NT
Crocosaurus Cove <http://www.croccove.com> Darwin, NT
Please do not send any unsolicited email. It is not wanted.

Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster