1. Forum
  2. Fidonet
  3. SYNC SYSOPS

  • Import of external Letsencrypt Certificates from NPM+ as pkcs12 contai

    From Stephan Gebbers@1:103/705 to GitLab issue in main/sbbs on Sat Apr 4 14:51:21 2026
    open https://gitlab.synchro.net/main/sbbs/-/issues/1111

    Hi,

    I want to use certtool.js to import an external Letsencrypt certificate for funtopia.synchro.net into SynchronetBBS.

    The letsencrypt certificate is created by Nginx Proxy Manager Plus.

    To create an pkcs12 container that can be used with certtool.js i use openssl, but certtool.js only responds with Error -22 whenever i try to import the resulting p12 file.

    Something with the certificate seems different or incompatible with cryptlib, because tests with self generated certificates of all kinds showed that imports with certtool.js do work in general.

    here is the script that i use to import or try to import the certificate.

    Best Regards,

    Stepahn

    ```
    #!/bin/bash

    # Pfade definieren
    SBBS_CTRL="/sbbs/ctrl"
    SBBS_EXEC="/sbbs/exec"
    CERT_DIR="/mnt/shared-certs"
    P12_FILE="/tmp/ssl.p12"
    MAIN_INI="$SBBS_CTRL/main.ini"

    # 1. Passwort automatisch aus der main.ini extrahieren
    # Wir suchen nach "Password=" im Abschnitt [Global] oder am Anfang #SYSPASS=$(grep -i "^Password=" "$MAIN_INI" | cut -d'=' -f2 | tr -d '\r\n') SYSPASS="XXXXXXXXXX"

    if [ -z "$SYSPASS" ]; then
    echo "FEHLER: Konnte System-Passwort nicht in $MAIN_INI finden!"
    exit 1
    fi

    process_certs() {
    echo "Zertifikats-Update gestartet: $(date)"

    # 2. PKCS12 Datei erstellen
    # Wir nutzen die Legacy-Flags, da die Cryptlib von Synchronet oft
    # mit modernen OpenSSL 3.x Standard-Verschlüsselungen Probleme hat.
    openssl pkcs12 \
    -export -out "$P12_FILE" \
    -inkey "$CERT_DIR/privkey.pem" \
    -in "$CERT_DIR/cert.pem" \
    -certfile "$CERT_DIR/chain.pem" \
    -passout pass:"$SYSPASS" \
    -name "ssl_cert" \
    -keypbe PBE-SHA1-3DES -certpbe PBE-SHA1-3DES \
    -nomaciter -noiter

    if [ $? -eq 0 ]; then
    echo "PKCS12 erfolgreich erstellt."

    # 3. Import über certtool.js
    # Wir wechseln ins exec-Verzeichnis, damit jsexec alle Abhängigkeiten findet
    cd "$SBBS_EXEC"
    ./jsexec certtool.js --import-pkcs12 "$P12_FILE"

    echo "Import-Vorgang abgeschlossen."

    # 4. Cleanup (Optional: lösche die p12 nach dem Import für mehr Sicherheit)
    rm "$P12_FILE"
    else
    echo "FEHLER: OpenSSL Konvertierung fehlgeschlagen!"
    fi
    }

    # Initialer Lauf beim Start
    process_certs

    # Überwachung des Shared Mounts
    echo "Überwachung von $CERT_DIR gestartet..."
    inotifywait -m -e close_write,moved_to "$CERT_DIR" | while read path action file; do
    if [[ "$file" == "privkey.pem" || "$file" == "fullchain.pem" ]]; then
    # Kurze Pause, falls beide Dateien gleichzeitig kommen
    sleep 2
    process_certs
    fi
    done
    ```
    --- SBBSecho 3.37-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)