$ openssl req -nodes -newkey rsa:2048 -keyout <nick>-<network>.key -x509 -days 3650 -out <nick>-<network>.cer
# Provide a value for at least the country code
$ chmod 400 <nick>-<network>.key
$ cat <nick>-<network>.cer <nick>-<network>.key > <nick>-<network>.pem
$ chmod 400 <nick>-<network>.pem
$ mkdir -p ~/.irssi/certs
$ mv <nick>-<network>.* ~/.irssi/certs] /server add -auto -ssl -ssl_cert ~/.irssi/certs/<nick>-<network>.pem -ssl_verify -network <network> <server> <port>
] /save
] /reload
] /connect <network>
] /msg nickserv identify <password>
] /msg nickserv cert add
] /saveUse web frontend to add the following ports:
6697 SSL, IPv4, IRC 8080 SSL, IPv4, HTTP 8008 IPv4, HTTP
Allow ports 6697, 443 and 80 through provider firewall
Configure host firewall:
$ sudo firewall-cmd --zone=trusted --add-forward-port=port=443:proto=tcp:toport=8080
$ sudo firewall-cmd --zone=trusted --add-forward-port=port=80:proto=tcp:toport=8008
$ sudo firewall-cmd --runtime-to-permanentmkcert and a cronjob
This should be automated everytime I generate a new cert
znc$ cat ~/.znc/znc.pem | openssl x509 -sha512 -fingerprint -noout | tr -d ':' | tr 'A-Z' 'a-z' | cut -d = -f 2
# quit weechat?
local$ sed -i 's/ssl_fingerprint.*/ssl_fingerprint = "<FINGERPRINT>"/' ~/.weechat/irc.conf
# restart weechat?