source : https://letsencrypt.org
x86 version : http://www.positiv-it.fr/QNAP/APP/LetsEncrypt_0.5_x86.qpkg.zip
x64 version :http://www.qoolbox.fr/LetsEncrypt_0.6_x86_64.qpkg.zip
Note :
open SSH command line
go in /opt/LetsEncrypt/bin
generate certificate with :
.
Code:
/letsencrypt --help
letsencrypt [SUBCOMMAND] [options] [-d domain] [-d domain] ...
The Let's Encrypt agent can obtain and install HTTPS/TLS/SSL certificates. By
default, it will attempt to use a webserver both for obtaining and installing
the cert. Major SUBCOMMANDS are:
(default) run Obtain & install a cert in your current webserver
certonly Obtain cert, but do not install it (aka "auth")
install Install a previously obtained cert in a server
renew Renew previously obtained certs that are near expiry
revoke Revoke a previously obtained certificate
rollback Rollback server configuration changes made during install
config_changes Show changes made to server config during installation
plugins Display information about installed plugins
Choice of server plugins for obtaining and installing cert:
(the apache plugin is not installed)
--standalone Run a standalone webserver for authentication
(nginx support is experimental, buggy, and not installed by default)
--webroot Place files in a server's webroot folder for authentication
OR use different plugins to obtain (authenticate) the cert and then install it:
--authenticator standalone --installer apache
More detailed help:
-h, --help [topic] print this message, or detailed help on a topic;
the available topics are:
all, automation, paths, security, testing, or any of the subcommands or
plugins (certonly, install, nginx, apache, standalone, webroot, etc)
example :
./letsencrypt certonly -t --webroot -w /share/Web/example -d http://www.example.com
script example with Qapache ( here on legacy MD0_DATA, need to be adapted for HAL with CACHEDEV1_DATA )
/etc is not persistent on QNAP systems. Therefore, you need to change the letsencrypt config-dir to MD0_Data with the --config-dir parameter. My script looks like this:
Code:
#!/bin/sh
export PATH=/opt/LetsEncrypt/bin:$PATH
letsencrypt certonly --rsa-key-size 4096 --renew-by-default --webroot --webroot-path "/share/MD0_DATA/htdocs" -d domain.com,www.domain.com -t --agree-tos --config-dir "/share/MD0_DATA/letsencrypt"
/share/MD0_DATA/.qpkg/Qapache/Qapache.sh restart
Then, your certificates will be located in /share/MD0_DATA/letsencrypt, which is persistent after a restart.
http://wiki.qnap.com/wiki/Add_items_to_crontab shows how to add a cronjob to the QNAP crontab. My script mentioned above runs on my QNAP every month:
Code:
0 3 1 * * /share/MD0_DATA/custom_scripts/letsencrypt_cron.sh
With this QPKG, letsencrypt can run completely automated.
In addition, Apache 2.4 supports OCSP stapling which is very useful. The build-in QNAP Apache has version 2.2. If you use letsencrypt-certificates on your QNAP, you should configure your SSL-Settings to get an A+-Rating on SSLLabs (https://www.ssllabs.com/ssltest/). Here you find how to securely configure your Apache: https://raymii.org/s/tutorials/Strong_SSL_Security_On_Apache2.html