Hello everyone. It feels a little nostalgic being here right now and composing a message like this--that is NOT an email or FB messenger or texting, lol!
I used to run a Spitfire BBS back in the 80s and 90s called the Mystical Realm BBS with a secondary "Adults Only" node/board called "After Hours BBS" and a collaborative BBS called The Road House. I had Fido-Net and Circuit-Net setup and had a lot of fun running these along with all the doors, etc. Here I am almost 40 years later wanting to get back into it. Sadly I am not able to get my Spitfire board up and running unless I want to rock it like 2010, lol! Some Turbo Pascal bug I imagine? Not to mention my Colorado Tape Backup of my BBS is hosed. So, I've set up Sync 3.20e on an old Ubiquiti NVR appliance PC running Debian 12.9 headless.
I've gotten so far as to have set myself up as the Sysop and a guest user in this 2025 redux of Mystical Realm BBS, I still have a lot of configuring to do, ANSI screens to build, Doors to install, etc. I think I have Dove-Net set up properly? What I had been struggling with was setting up my SSL certificate so that traffic to mysticalrealmbbs.com whould be wrapped in an encrypted session. I could connect to port 80 just fine and telnet in just fine. I moved Sync SSH to port 2222 for now, (though I am thinking about moving it back to 22 and moving my "admin the box" port to 2222 for normal ssh sessions). I tried to follow the documentation at:
https://wiki.synchro.net/module:letsyncrypt
...but could not get Let's Encrypt to work either. So I then attempted to get a SSL cert installed like I would normally do when I set up a regular website, but I had issues there as well. I tried to follow the documentation found at:
https://wiki.synchro.net/module:certtool
...so, through some trial and error I was able to get my cert installed, but I want to confirm whether or not this was proper or if there was a better way to set this up? So I came up with the following documation for myself in case I need to redo my setup at any time:
------------------------------------------------------------------------- Synchronet BBS: Setting Up SSL with a PositiveSSL Certificate (Namecheap)
This guide documents the steps I took to generate and install a PositiveSSL certificate (from Namecheap) on a Synchronet BBS instance, bypassing some limitations and/or issues (or my inexperience) that I was encountering with certtool.js and therefore arrived at this working manual alternative. I had looked over the documentation at
https://wiki.synchro.net/module:certtool
I was unable to get the LetSyncrypt client (documented at
https://wiki.synchro.net/module:letsyncrypt) working so undid/removed my timed event setup based on those instructions and proceeded with the steps below.
Step 1: Generate a Certificate Signing Request (CSR)
I ran the following command to generate a CSR and private key using Synchronet's certtool.js:
/sbbs/exec/jsexec /sbbs/exec/certtool.js --csr --domain mysticalrealmbbs.com --domain www.mysticalrealmbbs.com > /sbbs/csr.pem
- This created a CSR at /sbbs/csr.pem. (perhaps I should have stuck it in /sbbs/ctrl/csr.pem?)
- It also generated a private key saved as /sbbs/ctrl/cryptlib.key.
Step 2: Submit CSR to Namecheap
1. I then went into my Namecheap account, activated my SSL.
2. I was prompted to submit the contents of /sbbs/csr.pem to generate my PositiveSSL certificate.
3. After verification (using the cname method), Namecheap provided two files:
- mysticalrealmbbs_com.crt (your SSL certificate)
- mysticalrealmbbs_com.ca-bundle (intermediate certificate chain)
Step 3: Combine Certificate and CA Bundle
I combined my certificate and bundle into a single file:
cat mysticalrealmbbs_com.crt mysticalrealmbbs_com.ca-bundle > /sbbs/ctrl/bbs.crt
This is the full certificate chain that I surmise Synchronet is expecting.
Step 4: Prepare the Private Key
Since I generated the CSR with certtool.js, my private key was already located at:
/sbbs/ctrl/cryptlib.key
I copied it for use with the new cert:
cp /sbbs/ctrl/cryptlib.key /sbbs/ctrl/bbs.key
Step 5: Update Synchronet Configuration (sbbs.ini)
I manually edited sbbs.ini (i.e. nano /sbbs/ctrl/sbbs.ini) and configured SSL (adding) for the appropriate services. For example, for HTTPS:
[web]
Secure = true
CertificateFile = bbs.crt
KeyFile = bbs.key
Repeat this block for [ftp], [telnet], etc. if desired.
Step 6: Set File Permissions
Make sure the certificate and key are only readable by the Synchronet user:
chmod 600 /sbbs/ctrl/bbs.*
chown sbbs:sbbs /sbbs/ctrl/bbs.*
Step 7: Restart Synchronet
Restart your BBS to apply the changes:
sudo systemctl restart sbbs
Notes and Troubleshooting
- Why not use certtool.js --import?
- This method failed to create expected .crt or .cert files during testing.
- The key format generated by Cryptlib may be incompatible with OpenSSL tools, but is accepted by Synchronet directly.
- Verifying key and cert match (optional):
If needed, you can check that your private key and cert match using OpenSSL (only works with compatible key formats):
openssl rsa -in /sbbs/ctrl/bbs.key -modulus -noout | sha256sum
openssl x509 -in /sbbs/ctrl/bbs.crt -modulus -noout | sha256sum
If the hashes match, the key and cert pair correctly. But I beleve that certtool.js is using a different format to generte the key.
TL;DR / Summary
This document outlines a full working process for integrating a third-party SSL certificate with Synchronet BBS, including fallback steps when the built-in certtool.js import process does not succeed.
Submitted for review and feedback by Digital Man and the Synchronet community.
---
■ Synchronet ■ Mystical Realm BBS - mysticalrealmbbs.com