시놀로지 나스 Cloudflare DNS Let's Encrypt WildCard SSL 적용
페이지 정보
본문
sudo -i
cd ~
wget https://github.com/Neilpang/acme.sh/archive/master.tar.gz
tar xvf master.tar.gz
cd acme.sh-master
./acme.sh --install --nocron --home /usr/local/share/acme.sh --accountemail "이메일" --server letsencrypt
cd /usr/local/share/acme.sh/
export CF_Key="글로벌 API 키"
export CF_Email="이메일"
export CERT_DNS="dns_cf"
./acme.sh --issue -d *.도메인 -d 도메인 --dns $CERT_DNS --cert-file /usr/syno/etc/certificate/system/default/cert.pem --key-file /usr/syno/etc/certificate/system/default/privkey.pem --fullchain-file /usr/syno/etc/certificate/system/default/fullchain.pem --reloadcmd "/usr/syno/sbin/synoservicectl --reload nginx" --dnssleep 30 --force --server letsencrypt
export CERT_FOLDER="$(find /usr/syno/etc/certificate/_archive/ -maxdepth 1 -mindepth 1 -type d)"
export CERT_DNS="dns_cf"
./acme.sh --issue -d *.도메인 -d 도메인 --dns "$CERT_DNS" --cert-file "$CERT_FOLDER/cert.pem" --key-file "$CERT_FOLDER/privkey.pem" --fullchain-file "$CERT_FOLDER/fullchain.pem" --capath "$CERT_FOLDER/chain.pem" --reloadcmd "/usr/syno/sbin/synoservicectl --reload nginx" --dnssleep 30 --force --server letsencrypt
제어판 > 작업 스케줄러 > 예약된 작업 > 사용자 정의 스크립트
# Note: The $CERT_FOLDER must be hardcoded here since the running environment is unknown. Don't blindly copy&paste!
# if you used the normal method the certificate will be installed in the system/default directory CERTDIR="system/default"
# if you used the alternative method it is copied to an unknown path, change the following example to the output of the creation process and uncomment.
#CERTDIR="_archive/AsDFgH"
# do not change anything beyond this line!
CERTROOTDIR="/usr/syno/etc/certificate"
PACKAGECERTROOTDIR="/usr/local/etc/certificate"
FULLCERTDIR="$CERTROOTDIR/$CERTDIR"
# renew certificates, this used to be explained as a custom cronjob but works just as well within this script according to the output of the task.
/usr/local/share/acme.sh/acme.sh --cron --home /usr/local/share/acme.sh/
# find all subdirectories containing cert.pem files
PEMFILES=$(find $CERTROOTDIR -name cert.pem)
if [ ! -z "$PEMFILES" ]; then
for DIR in $PEMFILES; do
# replace the certificates, but never the ones in the _archive folders as those are all the unique
# certificates on the system.
if [[ $DIR != *"/_archive/"* ]]; then
rsync -avh "$FULLCERTDIR/" "$(dirname $DIR)/"
fi
done
fi
# reload
/usr/syno/sbin/synoservicectl --reload nginx
# update and restart all installed packages
PEMFILES=$(find $PACKAGECERTROOTDIR -name cert.pem)
if [ ! -z "$PEMFILES" ]; then
for DIR in $PEMFILES; do
#active directory has it's own certificate so we do not update that package
if [[ $DIR != *"/ActiveDirectoryServer/"* ]]; then
rsync -avh "$FULLCERTDIR/" "$(dirname $DIR)/"
/usr/syno/bin/synopkg restart $(echo $DIR | awk -F/ '{print $6}')
fi
done
fi
댓글목록
등록된 댓글이 없습니다.