시놀로지 나스 Cloudflare DNS Let's Encrypt WildCard SSL 적용 > 자유게시판

sudo -i

cd ~

wget https://github.com/Neilpang/acme.sh/archive/master.tar.gz

tar xvf master.tar.gz

cd acme.sh-master

./acme.sh --install --nocron --home /usr/local/share/acme.sh --accountemail "이메일" --server letsencrypt

cd /usr/local/share/acme.sh/

export CF_Key="글로벌 API 키"

export CF_Email="이메일"

export CERT_DNS="dns_cf"

./acme.sh --issue -d *.도메인 -d 도메인 --dns $CERT_DNS --cert-file /usr/syno/etc/certificate/system/default/cert.pem --key-file /usr/syno/etc/certificate/system/default/privkey.pem --fullchain-file /usr/syno/etc/certificate/system/default/fullchain.pem --reloadcmd "/usr/syno/sbin/synoservicectl --reload nginx" --dnssleep 30 --force --server letsencrypt

export CERT_FOLDER="$(find /usr/syno/etc/certificate/_archive/ -maxdepth 1 -mindepth 1 -type d)"

export CERT_DNS="dns_cf"

./acme.sh --issue -d *.도메인 -d 도메인 --dns "$CERT_DNS" --cert-file "$CERT_FOLDER/cert.pem" --key-file "$CERT_FOLDER/privkey.pem" --fullchain-file "$CERT_FOLDER/fullchain.pem" --capath "$CERT_FOLDER/chain.pem" --reloadcmd "/usr/syno/sbin/synoservicectl --reload nginx" --dnssleep 30 --force --server letsencrypt

제어판 > 작업 스케줄러 > 예약된 작업 > 사용자 정의 스크립트

# Note: The $CERT_FOLDER must be hardcoded here since the running environment is unknown. Don't blindly copy&paste!
# if you used the normal method the certificate will be installed in the system/default directory CERTDIR="system/default"
# if you used the alternative method it is copied to an unknown path, change the following example to the output of the creation process and uncomment.
#CERTDIR="_archive/AsDFgH"

# do not change anything beyond this line!
CERTROOTDIR="/usr/syno/etc/certificate"
PACKAGECERTROOTDIR="/usr/local/etc/certificate"
FULLCERTDIR="$CERTROOTDIR/$CERTDIR"

# renew certificates, this used to be explained as a custom cronjob but works just as well within this script according to the output of the task.
/usr/local/share/acme.sh/acme.sh --cron --home /usr/local/share/acme.sh/

# find all subdirectories containing cert.pem files
PEMFILES=$(find $CERTROOTDIR -name cert.pem)
if [ ! -z "$PEMFILES" ]; then
        for DIR in $PEMFILES; do
                # replace the certificates, but never the ones in the _archive folders as those are all the unique
                # certificates on the system.
                if [[ $DIR != *"/_archive/"* ]]; then
                        rsync -avh "$FULLCERTDIR/" "$(dirname $DIR)/"
                fi
        done
fi

# reload
/usr/syno/sbin/synoservicectl --reload nginx

# update and restart all installed packages
PEMFILES=$(find $PACKAGECERTROOTDIR -name cert.pem)
if [ ! -z "$PEMFILES" ]; then
        for DIR in $PEMFILES; do
                #active directory has it's own certificate so we do not update that package
                if [[ $DIR != *"/ActiveDirectoryServer/"* ]]; then
                        rsync -avh "$FULLCERTDIR/" "$(dirname $DIR)/"
                        /usr/syno/bin/synopkg restart $(echo $DIR | awk -F/ '{print $6}')
                fi
        done
fi