simple_lets_nfsn  Documentation

What is this

Let's Encrypt is a certificate authority that provides free domain-validated TLS certificates via an automated process. For various reasons, Let's Encrypt does not issue certificates with lifetimes longer than 3 months. NearlyFreeSpeech.NET is a popular webhost that I happen to use. This project is a fork of lets-nfsn.sh which provides easy-setup fully automated Let's Encrypt TLS certificate renewal on NFSN.

It used to be that the NFSN cron could not call nfsn -i set-tls to upload the new certificates. This project provided a workaround enabling cron to log in via ssh to perform the certificate upload (possibly introducing extra security risks). The NFSN cron limitation has recently been fixed (and the workaround in this repository has been removed), so the main reason I'm keeping this project up is because lets-nfsn.sh auto-updates itself and the dehydrated submodule without signature checking, and I like to have control.

Upgrade security notice

If you were using an older version of this project, you are strongly encouraged to delete (filename "id_ssh_cron_ed25519") and disable (via NFSN web interface, profile, scroll down to "SSH Keys") the ssh key you added for cron purposes, as it may provide an opportunity for attack. You will also need to edit the cron task settings (via the NFSN web interface, on your site, "Manage Scheduled Tasks") so that it runs on the ssh server and not the web server.

How can I use this to my advantage

  1. Configure SSH and use it to log into NFSN.
  2. Install.
    cd /home/private; mkdir lets_nfsn; cd lets_nfsn
    fossil clone https://hydra.ecd.space/f/simple_lets_nfsn/ lets_nfsn.fossil
    fossil open lets_nfsn.fossil release
  3. Run ./nfsn-init.sh and just follow the on-screen instructions.
  4. Enjoy.