Hi NethSecurity,
Is there a possible demand for Let’s Ecrypt certificate ?
Michel-André
Introduction — NethSecurity documentation.
If you’re looking for more technical details, take a look to the developer manual.
Michel-André
Hi @giacomo
[OpenWrt Wiki] Get a free HTTPS certificate from LetsEncrypt for OpenWrt with ACME.sh.
If you want to use DNS-based certificate verification, also install the DNS providers:
opkg install acme-dnsapi
The package acme-dnsapi is missing…
Michel-André
Hi @giacomo
Thank you very much.
The installation for @sarz4fun should work now.
That is why the developers of OpenWrt installed acme-dnsapi and all the packages that go with it.
You can not say the same thing of the developers of NS8 as there is nothing about acme-dns in it… (This is not a criticism but an observation.) I hope they will install it in NS8b3 or NS8RC.
Without it, the testers of NS8 can not use Let’s Encrypt without quite a lot of difficulties if not impossible…
That is one of the main reasons I stopped testing NS8b2…
Respectfully,
Michel-André
I think no ACME package is included in any OpenWrt image: you must install it from the software center.
Discussion moved here: NS8 DNS validation for Let's Encrypt
Hi @giacomo
What do you call this on NethSecurity Alpha?
dns_cf is to use Cloudflare.com for the challenges…
DNS API credentials is the Cloudflare API key to enable acme to login to cloudflare.com to write the entries for the challenges.
It is not working properly because the NethSecurity developers installed it but didn’t include acme-dnsapi.
Michel-André
Ok, now I’ve got better your point.
The package should already be there: Blaming nethsecurity/config/acme.conf at main · NethServer/nethsecurity · GitHub (I totally didn’t remember it).
But in the one of the latest images, it’s not present:
# opkg list | grep acme
acme - 4.0.0
acme-acmesh - 3.0.6-1
acme-common - 1.0.3
luci-app-acme - git-23.286.38803-76fae0b
I’m pretty sure it was present on 22.03, something broke on 23.05 
So this is a bug, thanks for spending time on it!
Hi @giacomo
Please look again.
This is from the NethSecurity image I installed.
root@NethSec:/etc# ls -als *rel*
0 -rw-r--r-- 1 root root 228 Oct 9 21:45 openwrt_release
0 lrwxrwxrwx 1 root root 21 Oct 9 21:45 os-release -> ../usr/lib/os-release
root@NethSec:/etc# cat openwrt_release
DISTRIB_ID='NethSecurity'
DISTRIB_RELEASE='23.05.0' <===========================================
DISTRIB_REVISION='r23497-6637af95aa'
DISTRIB_TARGET='x86/64'
DISTRIB_ARCH='x86_64'
DISTRIB_DESCRIPTION='NethSecurity 23.05.0 r23497-6637af95aa'
DISTRIB_TAINTS='no-all busybox'
root@NethSec:/etc#
Michel-André
Hi @giacomo
acme-dnsapi is there but why NethSecurity is complaining that it is missing when using acme ?
Michel-André
You installed the right one, I’ve tested it more than a year ago with a different OpenWrt release.
Really no idea, I will need to spend time on it.
Hi @giacomo
As shown above, it is suppose to be there, but it is not.
I think it was not included when NethSecurity was built.
Michel-André
1 Like
My fault, I tested the new acme implementation but missed the change in the DNS API package name:
CONFIG_PACKAGE_acme-dnsapi=y
became
CONFIG_PACKAGE_acme-acmesh-dnsapi
I’m building the fix. If you want to install now, you can use the openwrt package:
cd /tmp
wget https://downloads.openwrt.org/releases/23.05.0/packages/x86_64/packages/acme-acmesh-dnsapi_3.0.6-1_all.ipk
opkg install acme-acmesh-dnsapi_3.0.6-1_all.ipk
Thank you.
1 Like
Hi all,
I have another problem, the log is not there…
So I can not know if Let’s Encrypt worked.
I rebooted and it looks like the Let’s Encrypt is not there…
Michel-André
The fix has been merged 
You need to check the logs from the new web interface or from command line, check /var/log/messages.
OpenWrt used logd, while NethSecurity uses syslog-ng.
2 Likes