I’m looking for someone to help me with improving the documentation. There are some aspects of GenieACS that could use more detailed docs, and some aspects that aren’t documented at all. So the goal is to have a more complete documentation of just about everything including: troubleshooting CPE issues, security, performance and scalability, best practices, etc. If you’re interested and have the technical writing skills, drop me an email at zaid@genieacs.com. I’m looking for someone from within the community so only email me if you’re a GenieACS user. If you’re a technical writer by trade, perfect. If not, maybe share a link or two to something you’ve written be it a blog post, some forum discussion, a wiki page, etc. It goes without saying that this is a paid project.
Hi Zaidka
I’m not after any work but I kept notes on getting https working with Letsencrypt which you may be able use in the https section of the docs which is currently empty.
This is Ubuntu 20.04 without using Nginx or Apache2 so it was harder to find info on setting it up and I want the certs to renew automatically.
If you have nothing else running on port 80 you can run certbot in “standalone” mode. In standalone mode certbot will listen itself on port 80 for the authorization.
Make sure you have your domain name pointing at your servers IP
sudo apt update
sudo apt install certbot
Change MyDomainExample.com everywhere below to your domain name
sudo certbot certonly --standalone --preferred-challenges http -d MyDomainExample.com
Enter your email address when prompted and answer the questions.
Edit the /opt/genieacs/genieacs.env and add these 2 lines
GENIEACS_UI_SSL_CERT=/etc/letsencrypt/live/MyDomainExample.com/fullchain.pem
GENIEACS_UI_SSL_KEY=/etc/letsencrypt/live/MyDomainExample.com/privkey.pem
These permissions need to be changed to allow Genieacs to access the certificate and key. These permissions are reset every renewal so you have to script it to reset them each renewal. See below.
sudo chmod 710 /etc/letsencrypt/live/
sudo chmod 710 /etc/letsencrypt/archive/
sudo chgrp genieacs /etc/letsencrypt/live
sudo chgrp genieacs /etc/letsencrypt/archive
sudo chown genieacs /etc/letsencrypt/live/MyDomainExample.com/privkey.pem
sudo chown genieacs /etc/letsencrypt/live/MyDomainExample.com/fullchain.pem
Get the renewal to auto restart the genieacs.ui you need to edit the /etc/letsencrypt/renewal/MyDomainExample.com.conf and add this as the last line
renew_hook = systemctl restart genieacs-ui
Test the renewal
sudo certbot renew --dry-run
Test gui with
#add a script containing the following and make it executable to the /etc/letsencrypt/renewal-hooks/post/ folder to auto change permissions on new certificates after renewal
#!/bin/bash
chmod 710 /etc/letsencrypt/live/
chmod 710 /etc/letsencrypt/archive/
chgrp genieacs /etc/letsencrypt/live
chgrp genieacs /etc/letsencrypt/archive
chown genieacs /etc/letsencrypt/live/MyDomainExample.com/privkey.pem
chown genieacs /etc/letsencrypt/live/MyDomainExample.com/fullchain.pem
echo “CertRenew $(date)” >> /var/log/certrenew