群晖系统更新到7.1后之前的syno-acme.sh无法跟新证书
查看代码发现https://github.com/andyzhshg/syno-acme使用的还是acme.sh-2.8.6版本
在这里https://github.com/andyzhshg/syno-acme/issues/77找到了无法更新及版本过旧解决方法
iihong大佬的解决方法:
其中 cert-up.sh 按自己 syno-acme v0.2.1 / v0.3.0 DSM 7.0 测试版 对应的版本进行复制代码
1、在 config 配置文件代码
# 你主域名,如 baidu.com sina.com.cn 等 export DOMAIN=your_domain # DNS类型,根据域名服务商而定 export DNS=dns_xxx # DNS API 生效等待时间 值(单位:秒) # 某些域名服务商的API生效时间较大,需要将这个值加大(比如900) export DNS_SLEEP=120 # 阿里云 DNS=dns_ali export Ali_Key="LTqIA87hOKdjevsf5" export Ali_Secret="0p5EYueFNq501xnCPzKNbx6K51qPH2" # Dnspod DNS=dns_dp export DP_Id="1234" export DP_Key="sADDsdasdgdsf" # Godaddy DNS=dns_gd export GD_Key="sdfsdfsdfljlbjkljlkjsdfoiwje" export GD_Secret="asdfsdfsfsdfsdfdfsdf" # AWS DNS=dns_aws export AWS_ACCESS_KEY_ID="sdfsdfsdfljlbjkljlkjsdfoiwje" export AWS_SECRET_ACCESS_KEY="xxxxxxx" # Linode DNS=dns_linode export LINODE_API_KEY="xxxxxxxx" # 证书服务商 zerossl 和 letsencrypt export CERT_SERVER=letsencrypt # ZeroSSL 注册邮箱账户 export ACCOUNT_EMAIL="[email protected]"
2、syno-acme v0.2.1版中 cert-up.sh 文件代码
#!/bin/bash # path of this script BASE_ROOT=$(cd "$(dirname "$0")";pwd) # date time DATE_TIME=`date +%Y%m%d%H%M%S` # base crt path CRT_BASE_PATH="/usr/syno/etc/certificate" PKG_CRT_BASE_PATH="/usr/local/etc/certificate" #CRT_BASE_PATH="/Users/carl/Downloads/certificate" ACME_BIN_PATH=${BASE_ROOT}/acme.sh TEMP_PATH=${BASE_ROOT}/temp CRT_PATH_NAME=`cat ${CRT_BASE_PATH}/_archive/DEFAULT` CRT_PATH=${CRT_BASE_PATH}/_archive/${CRT_PATH_NAME} backupCrt () { echo 'begin backupCrt' BACKUP_PATH=${BASE_ROOT}/backup/${DATE_TIME} mkdir -p ${BACKUP_PATH} cp -r ${CRT_BASE_PATH} ${BACKUP_PATH} cp -r ${PKG_CRT_BASE_PATH} ${BACKUP_PATH}/package_cert echo ${BACKUP_PATH} > ${BASE_ROOT}/backup/latest echo 'done backupCrt' return 0 } versionLt () { test "$(echo "$@" | tr " " "\n" | sort -rV | head -n 1)" != "$1"; } installAcme () { ALLOW_INSTALL=false ACME_SH_FILE=${ACME_BIN_PATH}/acme.sh ACME_SH_NEW_VERSION=$(wget -qO- -t1 -T2 "https://api.github.com/repos/acmesh-official/acme.sh/releases/latest" | grep "tag_name" | head -n 1 | awk -F ":" '{print $2}' | sed 's/\"//g;s/,//g;s/ //g') ACME_SH_ADDRESS=https://mirror.ghproxy.com/https://github.com/acmesh-official/acme.sh/archive/${ACME_SH_NEW_VERSION}.tar.gz if [ -z "${ACME_SH_NEW_VERSION}" ]; then echo 'unable to get new version number' return 0 fi if [ ! -f "${ACME_SH_FILE}" ]; then ALLOW_INSTALL=true echo 'acme not installed, start install' else ACME_SH_VERSION=$(cat ${ACME_SH_FILE} | grep "VER=*" | head -n 1 | awk -F "=" '{print $2}' | sed 's/\"//g;s/,//g;s/ //g') if versionLt ${ACME_SH_VERSION} ${ACME_SH_NEW_VERSION}; then ALLOW_INSTALL=true echo 'acme has a new version, start updating' else echo 'skip acme installation' fi fi if [ ${ALLOW_INSTALL} == true ]; then echo 'in progress...' mkdir -p ${TEMP_PATH} cd ${TEMP_PATH} echo 'begin downloading acme.sh tool...' # ACME_SH_ADDRESS=`curl -L https://cdn.jsdelivr.net/gh/andyzhshg/syno-acme@master/acme.sh.address` SRC_TAR_NAME=acme.sh.tar.gz curl -L -o ${SRC_TAR_NAME} ${ACME_SH_ADDRESS} SRC_NAME=`tar -tzf ${SRC_TAR_NAME} | head -1 | cut -f1 -d"/"` tar zxvf ${SRC_TAR_NAME} echo 'begin installing acme.sh tool...' cd ${SRC_NAME} ./acme.sh --install --nocron --home ${ACME_BIN_PATH} echo 'done installAcme' rm -rf ${TEMP_PATH} fi return 0 } generateCrt () { echo 'begin generateCrt' cd ${BASE_ROOT} source ./config # add register zerossl account if [ ${CERT_SERVER} == 'zerossl' ]; then echo 'register zerossl account' ${ACME_BIN_PATH}/acme.sh --register-account -m ${ACCOUNT_EMAIL} --server zerossl fi echo 'begin updating default cert by acme.sh tool' source ${ACME_BIN_PATH}/acme.sh.env # ${ACME_BIN_PATH}/acme.sh --force --log --issue --dns ${DNS} --dnssleep ${DNS_SLEEP} -d "${DOMAIN}" -d "*.${DOMAIN}" ${ACME_BIN_PATH}/acme.sh --force --log --issue --server ${CERT_SERVER} --dns ${DNS} --dnssleep ${DNS_SLEEP} -d "${DOMAIN}" -d "*.${DOMAIN}" ${ACME_BIN_PATH}/acme.sh --force --installcert -d ${DOMAIN} -d *.${DOMAIN} \ --certpath ${CRT_PATH}/cert.pem \ --key-file ${CRT_PATH}/privkey.pem \ --fullchain-file ${CRT_PATH}/fullchain.pem if [ -s "${CRT_PATH}/cert.pem" ]; then echo 'done generateCrt' return 0 else echo '[ERR] fail to generateCrt' echo "begin revert" revertCrt exit 1; fi } updateService () { echo 'begin updateService' echo 'cp cert path to des' /bin/python2 ${BASE_ROOT}/crt_cp.py ${CRT_PATH_NAME} echo 'done updateService' } reloadWebService () { echo 'begin reloadWebService' echo 'reloading new cert...' /usr/syno/etc/rc.sysv/nginx.sh reload echo 'relading Apache 2.2' stop pkg-apache22 start pkg-apache22 reload pkg-apache22 echo 'done reloadWebService' } revertCrt () { echo 'begin revertCrt' BACKUP_PATH=${BASE_ROOT}/backup/$1 if [ -z "$1" ]; then BACKUP_PATH=`cat ${BASE_ROOT}/backup/latest` fi if [ ! -d "${BACKUP_PATH}" ]; then echo "[ERR] backup path: ${BACKUP_PATH} not found." return 1 fi echo "${BACKUP_PATH}/certificate ${CRT_BASE_PATH}" cp -rf ${BACKUP_PATH}/certificate/* ${CRT_BASE_PATH} echo "${BACKUP_PATH}/package_cert ${PKG_CRT_BASE_PATH}" cp -rf ${BACKUP_PATH}/package_cert/* ${PKG_CRT_BASE_PATH} reloadWebService echo 'done revertCrt' } updateCrt () { echo '------ begin updateCrt ------' backupCrt installAcme generateCrt updateService reloadWebService echo '------ end updateCrt ------' } case "$1" in update) echo "" echo "begin update cert" updateCrt ;; revert) echo "begin revert" revertCrt $2 ;; *) echo "Usage: $0 {update|revert}" exit 1 esac
3、syno-acme v0.3.0 DSM 7.0 测试版中 cert-up.sh 文件代码
#!/bin/bash # path of this script BASE_ROOT=$(cd "$(dirname "$0")";pwd) # date time DATE_TIME=`date +%Y%m%d%H%M%S` # base crt path CRT_BASE_PATH="/usr/syno/etc/certificate" PKG_CRT_BASE_PATH="/usr/local/etc/certificate" #CRT_BASE_PATH="/Users/carl/Downloads/certificate" ACME_BIN_PATH=${BASE_ROOT}/acme.sh TEMP_PATH=${BASE_ROOT}/temp CRT_PATH_NAME=`cat ${CRT_BASE_PATH}/_archive/DEFAULT` CRT_PATH=${CRT_BASE_PATH}/_archive/${CRT_PATH_NAME} FIND_MAJORVERSION_FILE="/etc/VERSION" FIND_MAJORVERSION_STR="majorversion=\"7\"" backupCrt () { echo 'begin backupCrt' BACKUP_PATH=${BASE_ROOT}/backup/${DATE_TIME} mkdir -p ${BACKUP_PATH} cp -r ${CRT_BASE_PATH} ${BACKUP_PATH} cp -r ${PKG_CRT_BASE_PATH} ${BACKUP_PATH}/package_cert echo ${BACKUP_PATH} > ${BASE_ROOT}/backup/latest echo 'done backupCrt' return 0 } versionLt () { test "$(echo "$@" | tr " " "\n" | sort -rV | head -n 1)" != "$1"; } installAcme () { ALLOW_INSTALL=false ACME_SH_FILE=${ACME_BIN_PATH}/acme.sh ACME_SH_NEW_VERSION=$(wget -qO- -t1 -T2 "https://api.github.com/repos/acmesh-official/acme.sh/releases/latest" | grep "tag_name" | head -n 1 | awk -F ":" '{print $2}' | sed 's/\"//g;s/,//g;s/ //g') ACME_SH_ADDRESS=https://mirror.ghproxy.com/https://github.com/acmesh-official/acme.sh/archive/${ACME_SH_NEW_VERSION}.tar.gz if [ -z "${ACME_SH_NEW_VERSION}" ]; then echo 'unable to get new version number' return 0 fi if [ ! -f "${ACME_SH_FILE}" ]; then ALLOW_INSTALL=true echo 'acme not installed, start install' else ACME_SH_VERSION=$(cat ${ACME_SH_FILE} | grep "VER=*" | head -n 1 | awk -F "=" '{print $2}' | sed 's/\"//g;s/,//g;s/ //g') if versionLt ${ACME_SH_VERSION} ${ACME_SH_NEW_VERSION}; then ALLOW_INSTALL=true echo 'acme has a new version, start updating' else echo 'skip acme installation' fi fi if [ ${ALLOW_INSTALL} == true ]; then echo 'in progress...' mkdir -p ${TEMP_PATH} cd ${TEMP_PATH} echo 'begin downloading acme.sh tool...' # ACME_SH_ADDRESS=`curl -L https://cdn.jsdelivr.net/gh/andyzhshg/syno-acme@master/acme.sh.address` SRC_TAR_NAME=acme.sh.tar.gz curl -L -o ${SRC_TAR_NAME} ${ACME_SH_ADDRESS} SRC_NAME=`tar -tzf ${SRC_TAR_NAME} | head -1 | cut -f1 -d"/"` tar zxvf ${SRC_TAR_NAME} echo 'begin installing acme.sh tool...' cd ${SRC_NAME} ./acme.sh --install --nocron --home ${ACME_BIN_PATH} echo 'done installAcme' rm -rf ${TEMP_PATH} fi return 0 } generateCrt () { echo 'begin generateCrt' cd ${BASE_ROOT} source ./config # add register zerossl account if [ ${CERT_SERVER} == 'zerossl' ]; then echo 'register zerossl account' ${ACME_BIN_PATH}/acme.sh --register-account -m ${ACCOUNT_EMAIL} --server zerossl fi echo 'begin updating default cert by acme.sh tool' source ${ACME_BIN_PATH}/acme.sh.env # ${ACME_BIN_PATH}/acme.sh --force --log --issue --dns ${DNS} --dnssleep ${DNS_SLEEP} -d "${DOMAIN}" -d "*.${DOMAIN}" ${ACME_BIN_PATH}/acme.sh --force --log --issue --server ${CERT_SERVER} --dns ${DNS} --dnssleep ${DNS_SLEEP} -d "${DOMAIN}" -d "*.${DOMAIN}" ${ACME_BIN_PATH}/acme.sh --force --installcert -d ${DOMAIN} -d *.${DOMAIN} \ --certpath ${CRT_PATH}/cert.pem \ --key-file ${CRT_PATH}/privkey.pem \ --fullchain-file ${CRT_PATH}/fullchain.pem if [ -s "${CRT_PATH}/cert.pem" ]; then echo 'done generateCrt' return 0 else echo '[ERR] fail to generateCrt' echo "begin revert" revertCrt exit 1; fi } updateService () { echo 'begin updateService' echo 'cp cert path to des' if [ `grep -c "$FIND_MAJORVERSION_STR" $FIND_MAJORVERSION_FILE` -ne '0' ];then echo "MajorVersion = 7, use system default python2" python2 ${BASE_ROOT}/crt_cp.py ${CRT_PATH_NAME} else echo "MajorVersion < 7" /bin/python2 ${BASE_ROOT}/crt_cp.py ${CRT_PATH_NAME} fi echo 'done updateService' } reloadWebService () { echo 'begin reloadWebService' echo 'reloading new cert...' if [ `grep -c "$FIND_MAJORVERSION_STR" $FIND_MAJORVERSION_FILE` -ne '0' ];then echo "MajorVersion = 7" synow3tool --gen-all && systemctl reload nginx else echo "MajorVersion < 7" /usr/syno/etc/rc.sysv/nginx.sh reload fi if [ `grep -c "$FIND_MAJORVERSION_STR" $FIND_MAJORVERSION_FILE` -ne '0' ];then echo "MajorVersion = 7, no need to reload apache" else echo 'relading Apache on DSM 6.x' stop pkg-apache22 start pkg-apache22 reload pkg-apache22 fi echo 'done reloadWebService' } revertCrt () { echo 'begin revertCrt' BACKUP_PATH=${BASE_ROOT}/backup/$1 if [ -z "$1" ]; then BACKUP_PATH=`cat ${BASE_ROOT}/backup/latest` fi if [ ! -d "${BACKUP_PATH}" ]; then echo "[ERR] backup path: ${BACKUP_PATH} not found." return 1 fi echo "${BACKUP_PATH}/certificate ${CRT_BASE_PATH}" cp -rf ${BACKUP_PATH}/certificate/* ${CRT_BASE_PATH} echo "${BACKUP_PATH}/package_cert ${PKG_CRT_BASE_PATH}" cp -rf ${BACKUP_PATH}/package_cert/* ${PKG_CRT_BASE_PATH} reloadWebService echo 'done revertCrt' } updateCrt () { echo '------ begin updateCrt ------' backupCrt installAcme generateCrt updateService reloadWebService echo '------ end updateCrt ------' } case "$1" in update) echo "begin update cert" updateCrt ;; revert) echo "begin revert" revertCrt $2 ;; *) echo "Usage: $0 {update|revert}" exit 1 esac
经过测试应该是书写时有问题会报错:
下载acme.sh是提示curl无法解析域名
Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 6
查看代码发现
ACME_SH_ADDRESS=https://mirror.ghproxy.com/https://github.com/acmesh-official/acme.sh/archive/${ACME_SH_VERSION}.tar.gz
多了“https://mirror.ghproxy.com/”将其删除即可,修改后的代码:
ACME_SH_ADDRESS=https://github.com/acmesh-official/acme.sh/archive/${ACME_SH_VERSION}.tar.gz
你也可以通过以下连接进行下载,测试过7.1.1版本的可以正常更新证书其他版本没有测试
https://github.com/nixonli/syno-acme
关注公众号『窗外天空』
获取更多建站运营运维新知!互联网创业、前沿技术......
最新评论
想要aarch64_generic架构的,用的是Rockchip RK3308 ARMv8 Cortex-A35
水淀粉vdfv
有其他下载方式么,网站上的点击下载后没有任何反应,或者直接发给我一下?[email protected]
你好,我的型号ELECOM WRC-X3200GST3,ARMv8 Processor rev 4构架,CPU mediatek/mt7622,找了很久没有找到
我的也是这样。一直无法确认ARCH架构,或是不支持。一直没办法用。不知道怎么办了