EOL and Let's Encrypt

Hi all,

As you all know, June 2021 will be EOL for version-1.

Now, I install socat and I use the latest version (2.8.9).

Installation command:

As specified by:
I use:

curl | sh


curl | sh -s

But it should be OK as I use as my dns server and I specify my email address with

# export

and I get the certificate, and it’s working correctly.


  • Can somebody confirm the need for version-2 to install socat, as it is not installed by default.
  • The use of without the option -s

To be able to see the certificate in the NethServer Manager, you have to specify in pki DB:

# config setprop pki ChainFile /etc/pki/tls/certs/cert-chain.crt
# config setprop pki CrtFile /etc/pki/tls/certs/cert.crt 
# config setprop pki KeyFile /etc/pki/tls/private/cert.key 

Can I specify the “full chain” file instead of the “chain” file.

In relation with QUESTION #2, what is the best “full chain”:
or ?

Thank you in advance,


1 Like

Irrelevant. The -s parameter specifies the (optional) email address to use to register your Let’s Encrypt account, though that’s something added since I wrote the wiki page. The CF_Email variable is the email address for your account with Cloudflare. They can be the same, but there’s no reason they have to be. (any version) only needs socat if you’re going to use it in standalone mode, which you should never need to do on a Neth server.

No. The version of Apache that ships with Nethserver doesn’t support this.

The “full chain” as saves it is the file called fullchain.cer.


No, not at all. June 2021 will be EOL for ACME v1. This has nothing at all to do with specifically; it affects all ACME clients–except that any reasonably-maintained ACME client has been doing ACME v2 by default for years.

1 Like