I see from the changelog of certbot “support for busybox”
How do you actually run certbot on busybox? I have certbot updating my Letsencrypt certificates on Centos just fine but it was installed via yum. I’m now trying to have this running on my linux based open source router which has Busybox built in. Busybos doesn’t have phyton so ideally I would need a script based on /bin/sh ?
On github there are so many certbot files available, what do I actually need for Busybox?
Can anybody please provide some help on the steps necessary?
I did look into acme.sh briefly (and tried different parameters) but it seems like it’s not working out of the box, asI always get messages like this:
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:–:-- --:–:-- --:–:-- 0curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: http://curl.haxx.se/docs/sslcerts.html
curl performs SSL certificate verification by default, using a “bundle”
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn’t adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you’d like to turn off curl’s verification of the certificate, use
the -k (or --insecure) option.
Rather offtopic, because this isn’t going to help you at all, but it’s rather strange the certbot-auto script fails on the id command, as BusyBox should include an id function. My NAS running BusyBox 1.19.4 does anyway:
~ # ls -l /bin/id
lrwxrwxrwx 1 root root 7 Nov 8 2018 /bin/id -> busybox
That was exactly the reason I developed uacme. Unlike shell/python based solutions, uacme ONLY requires libcurl and one of GnuTLS, OpenSSL or mbedTLS. The latter is particularly well suited to embedded devices.