[Freedombox-discuss] SOLVED! Refresh/reset infinoted certificate?

A. F. Cano afc54 at comcast.net
Fri Dec 16 19:49:33 GMT 2022 

On Fri, Dec 16, 2022 at 07:43:18AM -0500, James Valleroy via Freedombox-discuss wrote:
> On 12/15/22 3:40 PM, A. F. Cano wrote:
> > 
> > > Something like the page for "Let's Encrypt", that shows the status of
> > > the certificate and alllows one to Re-obtain, Delete or Revoke would be
> > > helpful for the infinoted page.  It would even be better if it could be
> > > re-generated automatically when it expired.
> 
> Do you know if infinoted can use the Let's Encrypt certificate, instead of
> its own?
> 
> https://salsa.debian.org/freedombox-team/freedombox/-/issues/710

Here's what I tried:

The letsencrypt certificate situation is more complex than the
one-certificate one-key setup of infinoted.  There are many different
certificates and keys under /etc/letsencrypt.  It appears that the
current one (and key) for the specific domain I'm using is at

/etc/letsencrypt/live/<domain>.freedombox.rocks/cert.pem
/etc/letsencrypt/live/<domain>.freedombox.rocks/privkey.pem

which are links to cert8.pem and privkey8.pem in
/etc/letsencrypt/archive/<domain>.freedombox.rocks/

I've copied them to an internal machine for testing.  Then ran

sudo infinoted --key-file=/tmp/privkey.pem --certificate-file=/tmp/cert.pem

and started the infinoted server.  Connecting from gobby showed
multiple entries of the form:

root (via docker0 on IPv4)
root (via docker0 on IPv6)
root (via enp5s0 on IPv4)
root (via enp5s0 on IPv6)
root (via lo on IPv4)
root (via veth59c9aed on IPv6)
root (via wlp4s0 on IPv4)
root (via wlp4s0 on IPv6)

Double clicking on 

root (via enp5s0 on IPv4)

gave a warning about the certificate the first time but allowed the
connection.  I didn't get an error that stopped connecting.

So, it appears that the letsencrypt certificates work with infinoted.
The internal machine runs debian stable and infinoted 0.7.2-1, which is
the same as in the FreedomBox stable that I run.

Now, deciding which one to use, considering that multiple domains might
exist could be as simple as creating links, but I'm not sure what
side-effects that might have.

Augustine

More information about the Freedombox-discuss mailing list