Since I had last posted about using Let's Encrypt with NearlyFreeSpeech, NFS has changed their process for setting TLS info. Instead of putting the various files in /home/protected/ssl and submitting an assistance request, now there is a command to submit the certificate info and a webpage for submitting the certificate info.
The webpage is https://members.nearlyfreespeech.net/{username}/sites/{sitename}/add_tls
and has a textbox for you to paste in all the cert info in PEM form into the textbox. The
domain key, the domain certificate, and the Let's Encrypt intermediate cert must be pasted into the textbox and submitted.
Alternatively, that same info may be provided as standard input to nfsn -i set-tls
To renew my certificate with the updated NFS process I followed the commands from Andrei Damian-Fekete's script which depends on acme_tiny.py:
python acme_tiny.py --account-key account.key --csr domain.csr --acme-dir /home/public/.well-known/acme-challenge/ > signed.crt
wget -O - https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem > intermediate.pem
cat domain.key signed.crt intermediate.pem > chained.pem
nfsn -i set-tls < chained.pem
Because
my certificate had already expired I needed to comment out the section in acme_tiny.py that validates the challenge file. The filenames in the above map to the following:
I wrote my HTML against IE9 and continually validated with Chrome as I went. Afterward I tried it in FireFox and found out that FireFox has textContent whereas IE9 & Chrome have innerText
var createNewXMLObj = function() {
var result = new ActiveXObject("MSXML2.FreeThreadedDOMDocument");
result.validateOnParse = false;
result.async = false;
return result;
}
var args = WScript.arguments;
var ofs = WScript.CreateObject("Scripting.FileSystemObject");
var xslParams = [];
var xmlStyle = null;
var xmlInput = null;
var inputFile = null;
var outputFile = null;
var error = false;
for (var idx = 0; idx < args.length && !error; ++idx)
if (args.item(idx) == "-o") {
if (idx + 1 < args.length) {
outputFile = ofs.GetAbsolutePathName(args.item(idx + 1));
++idx;
}
else
error = true;
}
else if (args.item(idx) == "--param" || args.item(idx) == "-param") {
if (idx + 2 < args.length) {
xslParams[args.item(idx + 1)] = args.item(idx + 2);
idx += 2;
}
else
error = true;
}
else if (xmlStyle == null) {
xmlStyle = createNewXMLObj();
xmlStyle.load(ofs.GetAbsolutePathName(args.item(idx)));
}
else if (xmlInput == null) {
inputFile = ofs.GetAbsolutePathName(args.item(idx));
xmlInput = createNewXMLObj();
xmlInput.load(inputFile);
}
if (xmlStyle == null || xmlInput == null || error) {
WScript.Echo('Usage:\n\t"xsltproc" xsl-stylesheet input-file\n\t\t["-o" output-file] *["--param" name value]');
}
else {
var xslt = new ActiveXObject("MSXML2.XSLTemplate.3.0");
xslt.stylesheet = xmlStyle;
var xslProc = xslt.createProcessor();
xslProc.input = xmlInput;
for (var keyVar in xslParams)
xslProc.addParameter(keyVar, xslParams[keyVar]);
xslProc.transform();
if (outputFile == null)
WScript.Echo(xslProc.output);
else {
var xmlOutput = createNewXMLObj();
xmlOutput.loadXML(xslProc.output);
xmlOutput.save(outputFile);
}
}