logo
Welcome Guest! To enable all features please Login or Register.

Notification

Icon
Error

Options
Go to last post Go to first unread
cobash  
#1 Posted : Thursday, August 11, 2016 11:27:29 PM(UTC)
cobash


Rank: Advanced Member

Medals: ScreenConnect Advisor: Focus Group MemberLevel 1: Random Act of Kindness! Received One Thanks!

Joined: 12/10/2011(UTC)
Posts: 132

Thanks: 4 times
Was thanked: 6 time(s) in 6 post(s)
Has anyone successfully used Letsencrypt to get working certs for screenconnect? When you use lets encrypt you get 4 files cert.pem chain.pem fullchain.pem privkey.pem. I looked around for a bit but didn't see any way to get the pem files into the correct pvk format that screenconnect needs. Has anyone done this? I would like to automate the process if possible.


Thanks!
cobash  
#2 Posted : Thursday, August 11, 2016 11:48:55 PM(UTC)
cobash


Rank: Advanced Member

Medals: ScreenConnect Advisor: Focus Group MemberLevel 1: Random Act of Kindness! Received One Thanks!

Joined: 12/10/2011(UTC)
Posts: 132

Thanks: 4 times
Was thanked: 6 time(s) in 6 post(s)
Found it. If anyone needs to use it here it is.

https://community.letsen...are-requiring-pvk/8849/6

openssl rsa -in privkey.pem -outform PVK -out private.pvk -pvk-none
dbsmith  
#3 Posted : Tuesday, September 13, 2016 4:25:10 PM(UTC)
dbsmith


Rank: Newbie

Joined: 3/26/2015(UTC)
Posts: 1
Canada

Thanks: 2 times
Thanks for linking this.

Were you able to automate the whole process? Can you share how you did it?
Jhuggins@bluzonepc.com  
#4 Posted : Monday, January 16, 2017 3:58:03 PM(UTC)
Jhuggins@bluzonepc.com


Rank: Member

Medals: Level 1: Random Act of Kindness! Received One Thanks!

Joined: 10/31/2014(UTC)
Posts: 14

Was thanked: 2 time(s) in 1 post(s)
I run my screenconnect on an EC2 instance (Linux/Mono).

I ran a small apache server to get the initial certs.

After ten hours of trying to convert the certs for screenconnects' use, I gave up. I just do proxying through apache, and use regex to handle forcing everyone to the https port.

The below code does nothing but preserve URLS and push the visitor from HTTP to HTTPS. It belongs in the apache configuration file for the proxied site, not in a .htaccess file.
Code:

RewriteEngine on
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]


I've done this with both Virtualmin and [url=Apachefriends.org]Apachefriends.org[/url] - quite a bit simpler and easier than modifying the certs for Screenconnect's use.


P.S.
The screenconnect configurator kept crapping out trying to convert the intermediate certs, claimed the second intermediate cert lacked the "trusted" moniker.
P.P.S Really, screenconnect, you need to fix this. It should be simple to do, hell's jingling bells, SSL should be required.
Bloo413  
#5 Posted : Thursday, April 27, 2017 4:55:46 PM(UTC)
Bloo413


Rank: Newbie

Joined: 11/16/2015(UTC)
Posts: 2
United States
Location: Chicopee

Thanks: 1 times
+1 for Windows Server 2012.
jeffmorlen  
#6 Posted : Friday, June 9, 2017 7:12:03 PM(UTC)
jeffmorlen


Rank: Newbie

Joined: 5/23/2012(UTC)
Posts: 5
Location: Milwaukee, WI

Okay... guys... figured it out... and it's almost painless.

First, I used this document (https://docs.connectwise.com/ConnectWise_Control_Documentation/On-premises/Advanced_setup/SSL_certificate_installation/Install_and_bind_an_SSL_certificate_on_a_Windows_server) for the manual installation of an SSL with ScreenConnect/ConnectWiseControl.

Second, I used letsencrypt-win-simple (version 1.9.3). You can get that here (https://github.com/Lone-Coder/letsencrypt-win-simple).

So, here is what we do.

1) Unzip letsencrypt-win-simple.Vx.x.x (whereas x.x.x is the version number) to the desktop or other location (for this, I put it right on my desktop).
2) Run letsencrypt-win-simple from the location you unzipped it into (as administrator).
3) Select "M" for "Generate a certificate manually".
4) Follow the prompts... enter the hostname, enter your email address (if it's the first time running it) and agree to the terms (if it's the first time running it).
5) When prompted for the site path, you will use the installation location of ScreenConnect/ConnectWiseControl. Default is, I believe, "C:\Program Files (x86)\ScreenConnect\" (don't forget the trailing "\" in your path).
** At this point, the script should have made a ".well-known" directory under your ScreenConnect/ConnectWiseControl directory and should have authorized you to get certificates **
6) Once done, you will have some certificates... but, ScreenConnect/ConnectWiseControl isn't using them yet. And, they are in a goofy place.
7) Navigate to %userprofile%\appdata\Roaming\letsencrypt-win-simple which is where your certificates are saved. Letsencrypt-win-simple should have already installed the certificate onto your system in the COMPUTER ACCOUNT certificate store.
8) Now, you need to find the thumbprint of the certificate. You can do it manually (see instructions by ScreenConnect/ConnectWiseControl), if you like, or copy/paste the script below. This will put a document on your desktop called thumbprint.txt

GET THUMBPRINT SCRIPT (edit it for your needs)
--- START ---
const certpath = "%USERPROFILE%\AppData\Roaming\letsencrypt-win-simple\httpsacme-v01.api.letsencrypt.org\[your certificate name].der"
dim objStdOut
dim strLine, resString

set objStdOut = CreateObject("WScript.Shell").Exec("certutil " & certpath).StdOut

while not objStdOut.AtEndOfStream
strLine = objStdOut.ReadLine
if InStr(strLine, "(sha1)") > 0 then resString = trim(split(strLine, ":")(1))
wend

resString = Replace(resString, " ", "")

Set objFSO=CreateObject("Scripting.FileSystemObject")

outFile="%USERPROFILE%\Desktop\thumbprint.txt"
Set objFile = objFSO.CreateTextFile(outFile,True)
objFile.Write resString
objFile.Close

wscript.echo resString
--- END ---

** Now you have a registered email address, a verified domain, certificate files, a certificate thumbprint and an installed certificate (into the COMPUTER ACCOUNT certificate store)

9) Now we need to bind the certificate for ScreenConnect/ConnectWiseControl's web server. As per the documentation we need to run this command line:
--- START ---
netsh http add sslcert ipport=0.0.0.0:443 certhash=[ your thumbprint from the thumbprint.txt file ] appid={00000000-0000-0000-0000-000000000000}
--- END ---

10) Now we need to edit the web.config file, located in the ScreenConnect/ConnectWiseControl directory. You SHOULD MAKE A BACKUP BEFORE YOU EDIT IT.
11) Search for the string "WebServerListenUri" in the web.config file.
12) Edit the line to be
<add key="WebServerListenUri" value="https://+:443/" />
and not (anymore)
<add key="WebServerListenUri" value="http://+:80/" />
13) Save the web.config file.
14) To to services and restart the ScreenConnect Web Server service (you can restart your machine if you like).

That's it.


mrsassy  
#7 Posted : Friday, October 20, 2017 7:49:54 PM(UTC)
mrsassy


Rank: Guest

Joined: 10/20/2017(UTC)
Posts: 2
United States

This is great. But what happens in 3 months when the cert expires? How many of these steps must be repeated to renew the cert?
rboatright  
#8 Posted : Wednesday, October 25, 2017 9:11:15 PM(UTC)
rboatright


Rank: Member

Medals: ScreenConnect Advisor: Focus Group MemberLevel 1: Random Act of Kindness! Received One Thanks!

Joined: 10/17/2011(UTC)
Posts: 18
Man
United States
Location: Topeka, KS

Thanks: 1 times
Was thanked: 1 time(s) in 1 post(s)
That script was really useful, but having to paste the thumbprint into a batch file by hand and then run it elevated was both annoying and error prone, so I did a little enhancement to it.

The following vbs script finds the downloaded cert from letsencrypt and runs netsh to register it so that ScreenConnect can use it.

It can't be completely run non-interactive since the netsh command has to be run elevated (run as administrator) so, the first if statement checks that you are, and if not, asks for permission.

Also, if you're one of those annoying admins who turns off Wscript, I can't help you. You could program this in Perl or Python or something, but VBS works fine for me.

Don't miss editing the code to change the path where letsencrypt saved the cert and where your output files will be. The script defaults to the output files being on your desktop.

Save the following somewhere as RegisterCert.vbs (or whatever name you like)

=========start======
Code:
'
' Ensure script is being run elevated (as administrator)
'

If WScript.Arguments.Length = 0 Then
  Set ObjShell = CreateObject("Shell.Application")
  ObjShell.ShellExecute "wscript.exe" _
    , """" & WScript.ScriptFullName & """ RunAsAdministrator", , "runas", 1
  WScript.Quit
End if


' Change this to reflect where your certificate files got put
certpath = "C:\ProgramData\letsencrypt-win-simple\httpsacme-v01.api.letsencrypt.org\support.tbcsoftware.com-crt.der"

' Decide where the output files will be. Default is thisUser's Desktop
' you can hard code it by eding the next line and commenting out the 
' following. 

' outPath = "C:\Users\myUserName\Desktop\"
Set WshShell = WScript.CreateObject("WScript.Shell")
outPath=WshShell.ExpandEnvironmentStrings( "%USERPROFILE%\Desktop\" )
Set WshShell = nothing

'
' ok stuff is configured now. 
'

dim objStdOut
dim strLine, objShell, oExec, objFile, wsShell

crlf = chr(13) + chr(10)

set objStdOut = CreateObject("WScript.Shell").Exec("certutil " & certpath).StdOut

while not objStdOut.AtEndOfStream
strLine = objStdOut.ReadLine
if InStr(strLine, "(sha1)") > 0 then resString = trim(split(strLine, ":")(1))
wend

resString = Replace(resString, " ", "")

Set objFSO=CreateObject("Scripting.FileSystemObject")

outFile=outPath + "thumbprint.txt"
Set objFile = objFSO.CreateTextFile(outFile,True)
objFile.Write resString
objFile.Close

batFile=outPath + "RegisterCert.bat"
Set objFile = objFSO.CreateTextFile(batFile,True)
netCommand="netsh http add sslcert ipport=0.0.0.0:443 certhash=" + resString + " appid={00000000-0000-0000-0000-000000000000}"
objFile.Write netCommand + crlf
objFile.Write "IF %ERRORLEVEL% NEQ 0 SET /A errno^|=%ERRORLEVEL%" + crlf
'
'Comment out the next line to have the batch file run without user interaction.
objFile.Write "pause " + crlf
objFile.Write "EXIT /B %errno%" + crlf
objFile.Close

Set objShell = wscript.createobject("wscript.shell")
intReturn=objShell.Run( batFile, 1, true)
If intReturn <> 0 Then
	Wscript.Echo "netsh command returned an error, run the batch file interactively to see it."
Else 
	resultText = "No Errors. Ran netsh, created thumbprint.txt and RegisterCert.bat for " + resString
	wscript.echo resultText

End If

Set objShell = Nothing

======END========
-_ Rick
Sr. Developer
TBC Software
mjthompson  
#9 Posted : Saturday, November 25, 2017 3:19:25 AM(UTC)
mjthompson


Rank: Guest

Joined: 11/25/2017(UTC)
Posts: 1
Location: Perth WA

I hope this doesn't count as a necro, but I just figured out how to fully automate Let's Encrypt with the default webserver (no reverse proxy needed)


1. Getting your LE Certs
I used Let's Encrypt Windows Simple (https://github.com/Lone-Coder/letsencrypt-win-simple). Download it and run it. You'll want to set it to use its internal webserver for verification. (plays nice with the ScreenConnect webserver). It will also configure a scheduled task

After that, it will save the certs to C:\ProgramData\letsencrypt-win-simple\httpsacme-v01.api.letsencrypt.org. The one of interest to me was remotesupport.mydomain-all.pfx - note this filename

2. Modifying the SSL install script
Get ScreenConnect Configurator: https://docs.connectwise...llation/SSL_Configurator

Next I had to modify the ScreenConnect SSL Configurator (to get rid of prompts, so it is automated). It extracts to %TEMP% when run and can be found in there. It goes without saying you need to move it out of %TEMP%.

The changes I made were

ScreenConnectConfigurator.cmd

Change the bottom to be:
Code:

set COMMAND=1
if "%COMMAND%"=="1" call ProcedureWindowsSslMenu.cmd
if "%COMMAND%"=="2" call ProcedureLinuxSslMenu.cmd
if "%COMMAND%"=="3" goto EXIT
rem goto PROMPT_COMMAND

This automates the first menu

ProcedureWindowsSslMenu.cmd

Code:
 set COMMAND=5
if "%COMMAND%"=="0" start "" "openssl.exe"
if "%COMMAND%"=="1" call ProcedureChangeWorkingDirectory.cmd
if "%COMMAND%"=="2" call ProcedureChangeScreenConnectDirectory.cmd
if "%COMMAND%"=="3" call ProcedureGenerateCsr.cmd
if "%COMMAND%"=="4" call ProcedureWindowsApplyCert.cmd
if "%COMMAND%"=="5" call ProcedureWindowsInstallPfxFile.cmd
if "%COMMAND%"=="6" start "" "notepad.exe" "%TEMP%\%LOG_FILE%"
rem if "%COMMAND%"=="7" (goto EXIT) else ( goto PROMPT_COMMAND)


That automates the second menu


ProcedureWindowsInstallPfxFile.cmd
Here's the tricky one

First, hardcode the PFX path instead of the set /p
Code:

set PFX_PATH="C:\ProgramData\letsencrypt-win-simple\httpsacme-v01.api.letsencrypt.org\remotesupport.mydomain-all.pfx"

Second, specify the password for the pfx file in the certutil command so it doesn't prompt for it. Unless you changed the letsencrypt-win-simple config file, by default the pfx password is blank.
Code:

certutil -f -p "" -importpfx "%PFX_PATH%"

Third, specify the pass again, slightly different for the openssl command
Code:

openssl pkcs12 -in "%PFX_PATH%" -nokeys -out "%TEMP%\ExtractedCert.cer" -passin pass:


This last step was needed for me, although probably is not needed for most users. I run the relay off a seperate internal IP so it can also use port 443. As such, the "webserveruri" command is bound to a specific internal IP and not to all interfaces. So the change I made was
Code:

rem call ProcedureWindowsModifyWebConfig.cmd "webserveruri=https://+:443/"

If you do this step you'll need to make sure that webserveruri is already setup properly


ProcedureWindowsBindCertificate.cmd

At the start of the file, add
Code:

netsh http delete sslcert 0.0.0.0:443

That will delete the previous certificate binding, otherwise an error will be thrown that one already exists.


Scheduled tasks
Modify the Windows scheduled task created by letsencrypt-win

Add the following:
Program: Point it to ScreenConnectConfigurator.cmd

Order it below the Let's Encrypt script

Add the following:
Program: net
Arguments: stop "ScreenConnect Web Server"

Move it to the top of the priority, above the Let's Encrypt commands

Then add another

Add the following:

Program: net
Arguments: start "ScreenConnect Web Server"

And make sure it is last

Finally, change the time so that it runs overnight and not 9am.


LE is fully automated and will renew by itself and install the certs

Hope this helps someone

Edited by user Saturday, November 25, 2017 4:33:19 AM(UTC)  | Reason: formatting

Slacker  
#10 Posted : Saturday, December 2, 2017 6:39:16 PM(UTC)
Slacker


Rank: Member

Medals: Level 1: Random Act of Kindness! Received One Thanks!

Joined: 4/26/2014(UTC)
Posts: 30
Brazil
Location: RN

Thanks: 3 times
Was thanked: 1 time(s) in 1 post(s)
Here's something I cooked up for using AutoSSL/LE certs in a WHM server. (https://github.com/Cacasapo/SC_LE_WHM/)
Cron it to run once or twice per day.

Code:

#!/bin/bash
# Slacker 2017 - Use and modify at your own risk.
# Script for using certificates in a WHM install with Screenconnect.
# Screenconnect must already be configured to use SSL. 
# Schedule to run 1-2 times per day if using LE/AutoSSL.

#### CHANGE THE VARIABLES BELOW TO MATCH YOUR INSTALL
SCREENCONNECT_SSL_PORT="8040"
DOMAIN=domainname.com
SCREENCONNECT_DIRECTORY="/opt/screenconnect"
####

HTTPLISTENER_DIRECTORY="$SCREENCONNECT_DIRECTORY/App_Runtime/etc/.mono/httplistener"
COMBINED="/var/cpanel/ssl/apache_tls/$DOMAIN/combined"
KEY_NAME="$DOMAIN".key
CERT_NAME="$DOMAIN".cert

mkdir /tmp/sc_le
chmod 700 /tmp/sc_le
cd /tmp/sc_le

csplit -k -f both $COMBINED '/END CERTIFICATE/+1' {1}  > /dev/null 2>&1
csplit -k -f split both00 '/END /+1' {1}  > /dev/null 2>&1
mv split00 $KEY_NAME
mv split01 $CERT_NAME

C1=$(cksum $HTTPLISTENER_DIRECTORY/$SCREENCONNECT_SSL_PORT.cer | colrm 16)
C2=$(cksum  $CERT_NAME | colrm 16)

	if [[ "$C1" != "$C2" ]]
		then
			openssl rsa -in "$KEY_NAME" -inform PEM -outform PVK -pvk-none -out "$SCREENCONNECT_SSL_PORT.pvk"
			[[ ! -d "$HTTPLISTENER_DIRECTORY/backup" ]] && mkdir $HTTPLISTENER_DIRECTORY/backup
			\cp $HTTPLISTENER_DIRECTORY/$SCREENCONNECT_SSL_PORT.* $HTTPLISTENER_DIRECTORY/backup
			\cp $CERT_NAME $HTTPLISTENER_DIRECTORY/$SCREENCONNECT_SSL_PORT.cer
			mv $SCREENCONNECT_SSL_PORT.pvk $HTTPLISTENER_DIRECTORY
			service screenconnect restart
		fi
cd
rm -fr /tmp/sc_le


elbel86  
#11 Posted : Tuesday, December 5, 2017 5:31:34 PM(UTC)
elbel86


Rank: Newbie

Joined: 8/17/2015(UTC)
Posts: 5
United States

Thanks: 1 times
Wondering if anybody has figured out an easy way to get this set up on a linux server? I've been messing with it for 2 days now and have yet to make any progress...
Ben B  
#12 Posted : Tuesday, December 19, 2017 8:45:42 PM(UTC)
Ben B


Rank: Administration

Medals: Level 2: Lent a Helping Hand! 10 Thanks!

Joined: 10/2/2015(UTC)
Posts: 329

Thanks: 1 times
Was thanked: 69 time(s) in 62 post(s)
Originally Posted by: elbel86 Go to Quoted Post
Wondering if anybody has figured out an easy way to get this set up on a linux server? I've been messing with it for 2 days now and have yet to make any progress...


Are you attempting to install a Lets Encrypt cert onto a mono server? For testing purposes, I just installed a Let's Encrypt cert on an Ubuntu 16.04 server on version 6.4.15787 via the following steps:

Run the following commands to install certbot:

$ sudo apt-get update
$ sudo apt-get install software-properties-common
$ sudo add-apt-repository ppa:certbot/certbot
$ sudo apt-get update
$ sudo apt-get install certbot

To create the private key and cert:

$ sudo certbot certonly

Enter option 1 for "Spin up a temporary webserver (standalone)"
Enter email address
Agree to terms
Enter domain name

Certbot creates the private key and cert:

Certificate location: /etc/letsencrypt/archive/[domain]/cert1.pem
Private key location: /etc/letsencrypt/archive/[domain]/privkey1.pem

Copy cert1.pem to your working directory and rename it to ScreenConnectCertificate.cer
Copy privkey1.pem to your working directory and rename it to ScreenConnectPrivateKey.key

Download the SSL Configurator shell script for Linux from here to your working directory.

Run the configurator script:

Change working directory or installation directory if necessary (options 1 and 2)
Select option 4 to rename ScreenConnectCertificate.cer and ScreenConnectPrivateKey.key
Select option 5 to install the certificate and private key
Select option 6 to edit the web.config so the Control web server listens on port 443

Restart your services by running the command "/etc/init.d/screenconnect restart"

Your Linux server should now be set up to use the Let's Encrypt cert.
ScreenConnect Team
thanks 2 users thanked Ben B for this useful post.
elbel86 on 12/20/2017(UTC), benjohnson on 12/20/2017(UTC)
elbel86  
#13 Posted : Wednesday, December 20, 2017 1:33:22 AM(UTC)
elbel86


Rank: Newbie

Joined: 8/17/2015(UTC)
Posts: 5
United States

Thanks: 1 times
That does indeed work! I'm not sure where I screwed up before, but having all laid out step by step sure does help. Thanks!
benjohnson  
#14 Posted : Wednesday, December 20, 2017 6:55:00 PM(UTC)
benjohnson


Rank: Member

Medals: Level 1: Random Act of Kindness! Received One Thanks!

Joined: 6/28/2012(UTC)
Posts: 24

Thanks: 2 times
Was thanked: 1 time(s) in 1 post(s)
Originally Posted by: Ben B Go to Quoted Post
Originally Posted by: elbel86 Go to Quoted Post


Download the SSL Configurator shell script for Linux from here to your working directory.




I apparently don't have the correct ConnectWise University access to get this file - can you post it somewhere else?

The website comes back with "We are sorry that we are not able to provide ConnectWise University access at this time." and I've gone through changing my password.
Ben B  
#15 Posted : Wednesday, December 20, 2017 7:58:12 PM(UTC)
Ben B


Rank: Administration

Medals: Level 2: Lent a Helping Hand! 10 Thanks!

Joined: 10/2/2015(UTC)
Posts: 329

Thanks: 1 times
Was thanked: 69 time(s) in 62 post(s)
Quote:
I apparently don't have the correct ConnectWise University access to get this file - can you post it somewhere else?

The website comes back with "We are sorry that we are not able to provide ConnectWise University access at this time." and I've gone through changing my password.


That link shouldn't require ConnectWise University access.

In any case, I've attached a copy of the configurator shell script to this post.

sslConfiguratorScriptForLinux.sh (6kb) downloaded 47 time(s).

Edited by user Wednesday, December 20, 2017 7:58:52 PM(UTC)  | Reason: Not specified

ScreenConnect Team
thanks 1 user thanked Ben B for this useful post.
benjohnson on 12/20/2017(UTC)
tbare  
#16 Posted : Friday, February 23, 2018 1:56:11 PM(UTC)
tbare


Rank: Guest

Joined: 2/23/2018(UTC)
Posts: 1
United States

Originally Posted by: Ben B Go to Quoted Post

Copy cert1.pem to your working directory and rename it to ScreenConnectCertificate.cer
Copy privkey1.pem to your working directory and rename it to ScreenConnectPrivateKey.key


Which working directory are we talking about here? Is there a specific directory, or do you mean like ~/screenconnect?

Also, does the SSL Config script auto-renew the LE cert, or will that need to be done manually?

Thanks for the great writeup!
elbel86  
#17 Posted : Tuesday, March 20, 2018 9:27:59 PM(UTC)
elbel86


Rank: Newbie

Joined: 8/17/2015(UTC)
Posts: 5
United States

Thanks: 1 times
Ok, so it worked great. For 90 days.

Now I'm back because the cert expired, and even when certbot renewed it, screenconnect still seems to be using the expired cert.

I already have certbot setup to autorenew and my cert is good.

I know I can probably just do this whole process again, and it will be fine for another 90 days, but is there a way to automate screenconnect getting the renewed cert?

Edited by user Tuesday, March 20, 2018 9:28:45 PM(UTC)  | Reason: Not specified

cobash20  
#18 Posted : Thursday, March 22, 2018 1:59:50 PM(UTC)
cobash20


Rank: Guest

Joined: 3/22/2018(UTC)
Posts: 1
United States

Here is what I used to update my certs. There is an Apache proxy server on the front end and the Screenconnect server on the back end. Below is the script I use to auto renew the cert and then ssh to the screenconnect server, convert the certs, and then restart the screenconnect service. I have bolded the parts that you will need to change to fit your setup. ( the info there is just generic. )
Oh and this runs from the proxy server.


Let me know if it helps or if you have any questions.





# Starts the renewal process
certbot renew --quiet

####################################################################################

# Uncomment the line below if you need to add additional domains.
#certbot --apache certonly

######################################################################################

# Change Directory to Letsencrypt

cd /etc/letsencrypt/live/support.screenconnect.com/

#######################################################################################

# Creates the correct files for screenconnect and copies it to the screenconnect server.

openssl rsa -in /etc/letsencrypt/live/support.screenconnect.com/privkey.pem -outform PVK -out /etc/letsencrypt/live/support.screenconnect.com/443.pvk -pvk-none
scp cert.pem root@192.168.1.50:/opt/screenconnect/App_Runtime/etc/.mono/httplistener/443.cer
scp 443.pvk root@192.168.1.50:/opt/screenconnect/App_Runtime/etc/.mono/httplistener/443.pvk
rm -f /etc/letsencrypt/live/support.screenconnect.com/443.pvk
scp cert.pem chain.pem fullchain.pem privkey.pem root@192.168.1.50:/etc/pki/tls/certs/

#######################################################################################

# Restart Services

systemctl restart httpd
ssh root@192.168.1.50 "systemctl restart screenconnect.service"

Users browsing this topic
Forum Jump  
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.