Softethervpn: Let's Encrypt / Certbot integration
For proper SSTP need valid HTTPS certificate. It's possible to obtain certificate for xxxx.softether.net only if 443 port is open. There are ability to register certificate without exposing 443 port - just via DNS records:
https://community.letsencrypt.org/t/dns-based-challange-for-verification-of-letsencrypt-ssl-certs/28561/6
So need to modify SoftEther DynDns implementation
dimzon
All 3 comments
I think you are confused, as Let's Encrypt HTTP challenge requires you to listen the port 80, not 443. Put a web server such as NGINX, it won't interfere with SSTP 443 and let certbot put his challenges there with the webroot method. It will work like a charm.
Furthermore, if you want to automatically renew your SoftEther VPN SSTP certificate, you can automate it via CRON and vpncmdclient, though you will have to expose your server password in a file, that is dangerous. More information here (sorry, spanish only)
cmilanf
on 30 Jun 2018
the question is answered. can we close the issue ?
or maybe you are going to do some PR ?
chipitsine
on 25 Jul 2018
Looks like SoftEther isn't well-integrated with Let's Encrypt at the moment, which could be a nice feature for those VPNs which require a valid cert (say, SSTP).
The reply above mentions nginx, certbot, cron and vpncmd in one combination, which is four pieces of software too many for managing such a routine task as getting a required cert from a de-facto standard provider for running SoftEther primary features.
It feels like SoftEther could listen on 80 and do the full trick on its own, every two months. I mean, it's already a great swiss army knife with many servers inside, would be nice to enable cert handling with just setting a few more options.
hypersw
on 27 May 2019
Related issues
halloamt
·
12Comments
scandox
·
4Comments
suyash95
·
4Comments
TheNomad11
·
5Comments
AdroitAdorKhan
·
13Comments
Most helpful comment
Looks like SoftEther isn't well-integrated with Let's Encrypt at the moment, which could be a nice feature for those VPNs which require a valid cert (say, SSTP).
The reply above mentions nginx, certbot, cron and vpncmd in one combination, which is four pieces of software too many for managing such a routine task as getting a required cert from a de-facto standard provider for running SoftEther primary features.
It feels like SoftEther could listen on 80 and do the full trick on its own, every two months. I mean, it's already a great swiss army knife with many servers inside, would be nice to enable cert handling with just setting a few more options.