1. Forum
  2. Fidonet
  3. SYNC SYSOPS

  • convert letsencryp cert

    From Mindsurfer@1:103/705 to All on Tue Mar 31 22:27:00 2026
    Hi there,

    Has anyone successfully managed to convert external LetsEncrypt certificate files into a format (pkcs .p12 files?) that the Synchronet certtool.js can successfully import?

    Those are the files that i have from the letsencrypt certificates functionality on nginx proxy manager plus:
    cert.pem chain.pem fullchain.pem privkey.pem

    Everything i have tried led to errors on the import of the .p12 file via certtool.js

    Mindsurfer

    ---
    þ Synchronet þ FuNToPiA BBS - telnet://funtopia.synchro.net:3023 ssh:3022
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From phigan@1:103/705 to Mindsurfer on Wed Apr 1 12:02:16 2026
    Re: convert letsencryp cert
    By: Mindsurfer to All on Tue Mar 31 2026 10:27 pm

    Everything i have tried led to errors on the import of the .p12 file via certtool.js

    Are you using openssl to convert to .p12? See if it has a --legacy option that you can pass when converting.

    ---
    þ Synchronet þ TIRED of waiting 2 hours for a taco? GO TO TACOPRONTO.bbs.io
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Mindsurfer@1:103/705 to phigan on Thu Apr 2 02:08:00 2026
    Re: convert letsencryp cert
    By: phigan to Mindsurfer on Wed Apr 01 2026 12:02:16

    Everything i have tried led to errors on the import of the .p12 file via
    certtool.js

    Are you using openssl to convert to .p12? See if it has a --legacy option that you can pass when converting.

    I tried that too, adding -legacy. btw, NPM+ creates shortlived letsencrypt certficates by default. they are valid for 6 days only. Could that be an issue?

    I tried so much, also worked with claude ai to figure something out.

    While testing it seemed that self generated test certs could be imported successfully. Just not the ones from NPM+ letsencrypt certbot.

    From my bash script (SYSPASS is pulled directly out of main.ini):

    openssl pkcs12 -export -out "$P12_FILE" -inkey "$CERT_DIR/privkey.pem" -in "$CERT_DIR/fullchain.pem" -passout 'pass:$SYSPASS'

    ./jsexec certtool.js --import-pkcs12 "$P12_FILE"

    Thats the error i mostly get. i think it means the password is wrong while trying to access the privat key.
    !JavaScript /sbbs/repo/exec/certtool.js line 106: Error: Error -22 calling cryptGetPrivateKey()


    I was hoping someone else had already had the exact same problem and figured out how to solve it.

    Mindsurfer

    ---
    þ Synchronet þ FuNToPiA BBS - telnet://funtopia.synchro.net:3023 ssh:3022
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)