IRC with ZNC + certbot

Posted on by Jason Gulledge

IRC is still a thriving space for communication. There are a mountain of communities online that still prefer to use IRC. Some of the most technically capable people I’ve met were found on IRC. In 2021, many communities migrated from freenode to Libera after the Andrew Lee drama (I might write about this later). Check out Libera if you want to join communities for #archlinux, #ansible, ##rust, #emacs, #gentoo, #fedora, #linux, #neovim, #ubuntu, #wikipedia just to name a few.

Onto ZNC…

Why ZNC? It’s a very capable and stable IRC Bouncer. It stays connected to IRC, and you connect to it instead of directly to the IRC server. This allows your IRC client to be “always online” in IRC, so you don’t have to miss any action (thanks to ZNC’s buffer), people can always message you, and it also hides your home IP. You will need a server to run it on, and it runs on linux.

Assumptions:

  • znc is installed on your system and your znc config files are in your home directory in ~/.znc (this is the default behavior when installing)
  • You want to connect to IRC with a bind host instead of an IP address.
  • You’ve already configured rDNS for the IP you want to resolve to the domain you want to connect with.
  • You’ve already updated your nameserver’s zone file (A record) so the IP points to the domain (many providers will require the IP to resolve to the hostname before they’ll allow rDNS to point back to the IP).
  • You want to connect securely to your znc (and you should!)

Here we go. Use a package manager to install certbot. for instance, yum, if you’re on CentOS.

sudo yum install certbot

Before you actually generate a cert, setup a renewal hook deployment script. This will make sure that when the cert is renewed the files get installed into the right spot to make znc work correctly. 

cd /etc/letsencrypt/renewal-hooks/deploy/
vi update-znc.pem

Contents:

#!/bin/bash
YOURDOMAIN="some.bind.host.com"

[[ $RENEWED_LINEAGE != "/etc/letsencrypt/live/$YOURDOMAIN" ]] && exit 0
echo "Updating certs"
cat /etc/letsencrypt/live/$YOURDOMAIN/{privkey,fullchain}.pem > /home/YOURNUSERNAME/.znc/znc.pem

You’ll need to update the YOURDOMAIN line to change ‘some.bind.host.com’ to your actual domain. Then generate your cert:

sudo certbot certonly --standalone -d your.bind.host.here.com -m [email protected] --agree-tos

Same here – “your.bind.host.here.com” should match whatever domain you put in the update-znc.pem file. That’s it. Assuming rDNS has propagated across the internet (this can take up to 48 hours in some cases) you should now be able to launch znc, configure it to connect to the IRC networks you want, and then you should be able to connect to your znc using the domain name you specified, with SSL properly configured for the domain name.

Read more on the znc website for details on setting up connections from znc to IRC. https://wiki.znc.in/ZNC

Good luck and happy IRC’ing.