UnrealIRCd Forums

Hello all,

I'm not much of a Linux admin, so I'm looking for a little help before I break everything, and potentially destroy the universe.

I have unrealIRCD 6.0.7 on CentOS 7, with DirectAdmin. I have a wildcard cert for the domain through Let's Encrypt.

All the reading I've done shows people using a .pem file - under DirectAdmin we don't get those.

I didn't want to install certbot, since I already have certs. Does that make sense?

I looked at the contents of the locally issued pem files, and they look just like my letsencrypt crt and key files.

I used /usr/local/directadmin/data/.lego/certificates/domain.org.crt and .key - these are working. At first it wouldn't rehash - directory and file permissions.

I changed the groups on the data and .lego subdirs from root:root to diradmin:diradmin and added +r on the cert files so unrealircd could read the files.

Now it rehashes fine, and I can connect with TLS. My main concern is that with the permission changes I may have made my server unsafe. I'm the only user on it, btw. Here's my listen block:
Is there anything I could do differently to use these certfiles in a better way?

Thanks in advance!

The only thing I'd if I were you, would be to copy the cert and ky to the UnrealIRCd TLS folder (never used CentOS but on Ubuntu that'd be "/home/USER/unrealircd/conf/tls") and change the permissions of the files there only.

Other than that, since I've never used CentOS or DirectAdmin, I can't be of much more help.

Cheers!

Thanks, Pegasus - I thought about doing that, but then they wouldn't get updated/reissued automagically. I suppose I could use cron to copy them monthly - that might be a more elegant solution.

Our guide Using Let's Encrypt with UnrealIRCd has this initial step: Setting up certbot for use with UnrealIRCd. In the section "Tweaking permissions on the key file" it does things similar to what you did. It talks about setting permissions (and how), if/when they will be maintained, minimum certbot version for it, etc.