通过acme协议更新群晖HTTPS泛域名证书的自动脚本
使用方法参见: http://www.up4dev.com/2018/05/29/synology-ssl-wildcard-cert-update/
通过acme协议更新群晖HTTPS泛域名证书的自动脚本
License: MIT License
通过acme协议更新群晖HTTPS泛域名证书的自动脚本
使用方法参见: http://www.up4dev.com/2018/05/29/synology-ssl-wildcard-cert-update/
done installAcme
begin generateCrt
begin updating default cert by acme.sh tool
[Wed Mar 25 18:59:39 CST 2020] Multi domain='DNS: example.com,DNS:.example.com'
[Wed Mar 25 18:59:39 CST 2020] Getting domain auth token for each domain
[Wed Mar 25 18:59:44 CST 2020] Getting webroot for domain='example.com'
[Wed Mar 25 18:59:44 CST 2020] Getting webroot for domain='. example.com'
[Wed Mar 25 18:59:45 CST 2020] Adding txt value: _LD5--2ni1PV4Bkz7TP8ljk4bxKSoz_S-jX51-o6K8I for domain: _acme-challenge. example.com
[Wed Mar 25 18:59:45 CST 2020] invalid domain
[Wed Mar 25 18:59:45 CST 2020] Error add txt for domain:_acme-challenge. example.com
[Wed Mar 25 18:59:45 CST 2020] Please check log file for more details: /volume1/ssd/script/syno-acme-0.2.0/acme.sh/acme.sh.log
[Wed Mar 25 18:59:48 CST 2020] Installing cert to:/usr/syno/etc/certificate/_archive/k9EADT/cert.pem
cat: /volume1/ssd/script/syno-acme-0.2.0/acme.sh/example.com/example.com.cer: No such file or directory
[ERR] fail to generateCrt
begin revert
已隐藏域名了,请问是域名问题吗,freenom申请的免费域名,已通过dnspod正确解析
我是一个小白,怎么完善,有没有例子可以参考。
vpn套件的证书不会自动更新,有什么办法让他自动更新吗?
当我第一次在执行cert-up.sh update 的时候,出现如下报错:
begin installing acme.sh tool...
cert-up.sh: line 39: ./acme.sh: No such file or directory
done installAcme
begin generateCrt
begin updating default cert by acme.sh tool
[Sat Dec 28 21:06:54 CST 2019] Please refer to https://www.gnu.org/software/wget/manual/html_node/Exit-Status.html for error code: 4
[Sat Dec 28 21:06:54 CST 2019] Can not init api.
每次nas重启,证书会恢复群晖默认证书,必须ssh 执行一次cert-up.sh update,才能恢复Let's Encrypt 的证书,请问这个问题如何解决?
群晖现在运行脚本出现code:60错误,我几个NAS和群友都出现该情况,在网上搜到官方acme.sh有人也遇到该问题:
https://giters.com/acmesh-official/acme.sh/issues/3729
begin generateCrt
begin updating default cert by acme.sh tool
[Tue Oct 19 09:55:38 CST 2021] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 60
[Tue Oct 19 09:55:38 CST 2021] Can not init api.
[Tue Oct 19 09:55:38 CST 2021] Multi domain='DNS:mydomian.tk,DNS:*.mydomian.tk'
[Tue Oct 19 09:55:38 CST 2021] Getting domain auth token for each domain
[Tue Oct 19 09:55:39 CST 2021] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 60
[Tue Oct 19 09:55:39 CST 2021] Could not get nonce, let's try again.
[Tue Oct 19 09:55:43 CST 2021] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 60
[Tue Oct 19 09:55:43 CST 2021] Could not get nonce, let's try again.
[Tue Oct 19 09:55:45 CST 2021] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 60
[Tue Oct 19 09:55:45 CST 2021] Could not get nonce, let's try again.
[Tue Oct 19 09:55:48 CST 2021] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 60
[Tue Oct 19 09:55:48 CST 2021] Could not get nonce, let's try again.
[Tue Oct 19 09:55:51 CST 2021] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 60
[Tue Oct 19 09:55:51 CST 2021] Could not get nonce, let's try again.
[Tue Oct 19 09:55:53 CST 2021] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 60
[Tue Oct 19 09:55:53 CST 2021] Could not get nonce, let's try again.
[Tue Oct 19 09:55:56 CST 2021] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 60
[Tue Oct 19 09:55:56 CST 2021] Could not get nonce, let's try again.
[Tue Oct 19 09:55:59 CST 2021] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 60
[Tue Oct 19 09:55:59 CST 2021] Could not get nonce, let's try again.
[Tue Oct 19 09:56:01 CST 2021] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 60
[Tue Oct 19 09:56:01 CST 2021] Could not get nonce, let's try again.
[Tue Oct 19 09:56:05 CST 2021] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 60
[Tue Oct 19 09:56:05 CST 2021] Could not get nonce, let's try again.
[Tue Oct 19 09:56:08 CST 2021] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 60
[Tue Oct 19 09:56:08 CST 2021] Could not get nonce, let's try again.
[Tue Oct 19 09:56:10 CST 2021] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 60
[Tue Oct 19 09:56:10 CST 2021] Could not get nonce, let's try again.
[Tue Oct 19 09:56:14 CST 2021] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 60
[Tue Oct 19 09:56:14 CST 2021] Could not get nonce, let's try again.
[Tue Oct 19 09:56:16 CST 2021] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 60
[Tue Oct 19 09:56:16 CST 2021] Could not get nonce, let's try again.
[Tue Oct 19 09:56:19 CST 2021] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 60
[Tue Oct 19 09:56:19 CST 2021] Could not get nonce, let's try again.
[Tue Oct 19 09:56:22 CST 2021] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 60
[Tue Oct 19 09:56:22 CST 2021] Could not get nonce, let's try again.
[Tue Oct 19 09:56:24 CST 2021] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 60
[Tue Oct 19 09:56:24 CST 2021] Could not get nonce, let's try again.
[Tue Oct 19 09:56:27 CST 2021] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 60
[Tue Oct 19 09:56:27 CST 2021] Could not get nonce, let's try again.
[Tue Oct 19 09:56:30 CST 2021] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 60
[Tue Oct 19 09:56:30 CST 2021] Could not get nonce, let's try again.
[Tue Oct 19 09:56:33 CST 2021] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 60
[Tue Oct 19 09:56:33 CST 2021] Could not get nonce, let's try again.
[Tue Oct 19 09:56:35 CST 2021] Giving up sending to CA server after 20 retries.
[Tue Oct 19 09:56:35 CST 2021] Create new order error.
[Tue Oct 19 09:56:35 CST 2021] Please check log file for more details: /volume1/Sys/acme/acme.sh/acme.sh.log
[Tue Oct 19 09:56:36 CST 2021] Installing cert to:/usr/syno/etc/certificate/_archive/oBsm7t/cert.pem
[Tue Oct 19 09:56:36 CST 2021] Installing key to:/usr/syno/etc/certificate/_archive/oBsm7t/privkey.pem
[Tue Oct 19 09:56:36 CST 2021] Installing full chain to:/usr/syno/etc/certificate/_archive/oBsm7t/fullchain.pem
done generateCrt
begin updateService
cp cert path to des
Copy cert for FTPS
Copy cert for DSM Desktop Service
Copy cert for MailPlus-Server-postfix
Copy cert for MailPlus-Server-dovecot
Copy cert for Synology Drive Server
Copy cert for Hyper Backup Vault
Copy cert for Replication Service
Copy cert for Log Receiving
Copy cert for WebDAVServer
done updateService
begin reloadWebService
reloading new cert...
alias-register stop/waiting
relading Apache 2.2
stop: Unknown job: pkg-apache22
start: Unknown job: pkg-apache22
reload: Unknown job: pkg-apache22
done reloadWebService
------ end updateCrt ------
你好,我是在VPS上自动通过acme更新证书,并通过renew -hook在更新后自动同步到群晖。
参考你的脚本,获益匪浅,非常感谢。
有一个疑问:
我在群晖上开启了WebDav服务,观察/usr/local/etc/certificate目录下的目录为/WebDAVServer/webdav/,其下为我设置为默认的证书文件。
那么:
新证书我复制到/usr/syno/etc/certificate/_archive/xxxx 目录下就够了,复制后它会自己同步到/usr/local/etc/certificate的对应目录下,还是需要手工在/usr/local/etc/certificate目录下也复制一份?
以上,盼您解答,谢谢!
Web Station虛擬主機 使用Apache
证书不会自动更新
Line 32 in c655e5a
https://gitee.com/vc5/syno-acme/raw/master/acme.sh.address
目前已经在测试分支支持了DSM 7.0的证书更新: https://github.com/andyzhshg/syno-acme/releases/tag/v0.3.0_dsm7_beta
大家使用过程遇到的相关问题可以在此贴反馈,请重点关注如下问题:
目前只能实现一个域名和一个同名泛域名证书,希望作者能实现在一张证书里加入不同DNS服务商的多域名的功能
如题
建议添加支持cloudflare
运行后成功获得证书,证书使用一切正常。唯一的问题是该下载目录及已下载的文件都不见了。
[Thu Jul 25 12:57:23 CST 2019] Good, bash is found, so change the shebang to use bash as preferred.
[Thu Jul 25 12:57:25 CST 2019] OK
done installAcme
begin generateCrt
begin updating default cert by acme.sh tool
[Thu Jul 25 12:57:25 CST 2019] Unknown parameter :
[Thu Jul 25 12:57:25 CST 2019] '-d' is not a valid domain for parameter '-d'
/volume1/web/acme/cert-up.sh: line 54: cd: /volume1/web/acme/temp/acme.sh-2.8.1: No such file or directory
done generateCrt
begin updateService
cp cert path to des
我的Nas中安装了syno-acme,之后为了统一目录结构,修改过两次目录,脚本中任然有之前目录地址的运行脚本在执行,且有报错。
我的操作是已删除了定时任务,重新添加并执行的是最新地址的脚本,任然不能解决以下两项的报错。
-ash: /volume1/nas/certs/syno-acme/acme.sh/acme.sh.env:no such file or directory
-ash: /volume2/nas/ssl-certs/acme.sh/acme.sh.env:no such file or directory
最新定时脚本,执行最新目录的syno-acme一切正常,就是修改目录前的两次执行的定时任务,任然在执行且报错 acme.sh.env:no such file or directory,重启系统也没用;
请问我要如何移除掉之前两次的执行脚本和这个报错?
是否可以通过本地acme.sh.address文件,控制acme.sh的版本?若可以请告知方法,谢谢
https://github.com/andyzhshg/syno-acme/blob/master/acme.sh.address
line 49 and 50,better for ssl-wildcard-cert and add ecc
${ACME_BIN_PATH}/acme.sh --issue --dns ${DNS} --dnssleep ${DNS_SLEEP} -d "${DOMAIN}" -d "*.${DOMAIN}" -k ec-256
${ACME_BIN_PATH}/acme.sh --installcert -d ${DOMAIN} --ecc \
abc.com
1、设置了HTTP Tokens
2、设置了SSH Public Keys
3、使用putty生成的public key使用openssh格式保存为文件名“dynv6”并上传到/roor/.ssh/dynv6下
4、config配置为:
export DOMAIN=123.v6.rocks
export DNS=dns_dynv6
export DNS_SLEEP=120
export KEY="/root/.ssh/dynv6"
export DYNV6_TOKEN="123456"
运行后log内容为:
[Thu Feb 4 17:41:01 CST 2021] Using dynv6 api
[Thu Feb 4 17:41:01 CST 2021] using keyfile /root/.ssh/dynv6
[Thu Feb 4 17:41:01 CST 2021] The hosts does not seem to be a dynv6 host
Host key verification failed.
Host key verification failed.
[Thu Feb 4 17:41:06 CST 2021] Something went wrong! it does not seem like the record was added succesfully
[Thu Feb 4 17:41:06 CST 2021] Error add txt for domain:_acme-challenge.123.v6.rocks
[Thu Feb 4 17:41:06 CST 2021] Please check log file for more details: /volume1/homes/xx/syno-acme-0.2.1-dnspod/acme.sh/acme.sh.log
[Thu Feb 4 17:41:14 CST 2021] Installing cert to:/usr/syno/etc/certificate/_archive/56zYyt/cert.pem
cat: /volume1/homes/11/syno-acme-0.2.1-dnspod/acme.sh/123.v6.rocks/123.v6.rocks.cer: No such file or directory
[ERR] fail to generateCrt
begin revert
begin revertCrt
/volume1/homes/11/syno-acme-0.2.1-dnspod/backup/20210204173959/certificate /usr/syno/etc/certificate
/volume1/homes/11/syno-acme-0.2.1-dnspod/backup/20210204173959/package_cert /usr/local/etc/certificate
begin reloadWebService
reloading new cert...
alias-register stop/waiting
relading Apache 2.2
stop: Unknown job: pkg-apache22
start: Unknown job: pkg-apache22
reload: Unknown job: pkg-apache22
done reloadWebService
done revertCrt
请问如何解决~谢谢~
脚本很好用,我用来更新群晖的泛域名证书。目前群晖版本是 6.2.1 。系统运行更新后除了复制到部分文件夹报错以外其他都正常,可是还有一个比较奇怪的问题:
运行以后通过 Nginx 反向代理服务,访问始终读到的都是更新之前,已经过期了的证书。
看了所有的证书储存路径都已经替换了证书,不确定 Nginx 是从哪里读取的这个证书。
不得已只能暂时停用了反向代理,直接将端口映射到了5001了。
begin downloading acme.sh tool...
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
不知道什么原因,在6.2.1的时候用的挺好,升级成6.2.3就不行了
建议直接从
https://github.com/Neilpang/acme.sh/archive/master.tar.gz
这个地址获取最新版的acme.sh,避免频繁更新下载地址。acme.sh自身的自动更新机制也是从这个地址获取最新版的。
用的是dnspod的特别版,能够正常更新证书,但是证书没有替换掉群辉自带的
系统版本:DSM 6.1.7-15284
begin update cert
------ begin updateCrt ------
begin backupCrt
done backupCrt
begin installAcme
begin downloading acme.sh tool...
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
100 63 100 63 0 0 191 0 --:--:-- --:--:-- --:--:-- 190
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
100 129 100 129 0 0 164 0 --:--:-- --:--:-- --:--:-- 164
100 10329 0 10329 0 0 5548 0 --:--:-- 0:00:01 --:--:-- 5548
100 185k 0 185k 0 0 77987 0 --:--:-- 0:00:02 --:--:-- 304k
acme.sh-dnspod-tmp/
acme.sh-dnspod-tmp/.github/
acme.sh-dnspod-tmp/.github/FUNDING.yml
acme.sh-dnspod-tmp/.github/ISSUE_TEMPLATE.md
acme.sh-dnspod-tmp/.github/PULL_REQUEST_TEMPLATE.md
acme.sh-dnspod-tmp/.github/auto-comment.yml
acme.sh-dnspod-tmp/.travis.yml
acme.sh-dnspod-tmp/Dockerfile
acme.sh-dnspod-tmp/LICENSE.md
acme.sh-dnspod-tmp/README.md
acme.sh-dnspod-tmp/acme.sh
acme.sh-dnspod-tmp/deploy/
acme.sh-dnspod-tmp/deploy/README.md
acme.sh-dnspod-tmp/deploy/apache.sh
acme.sh-dnspod-tmp/deploy/cpanel_uapi.sh
acme.sh-dnspod-tmp/deploy/docker.sh
acme.sh-dnspod-tmp/deploy/dovecot.sh
acme.sh-dnspod-tmp/deploy/exim4.sh
acme.sh-dnspod-tmp/deploy/fritzbox.sh
acme.sh-dnspod-tmp/deploy/gcore_cdn.sh
acme.sh-dnspod-tmp/deploy/gitlab.sh
acme.sh-dnspod-tmp/deploy/haproxy.sh
acme.sh-dnspod-tmp/deploy/keychain.sh
acme.sh-dnspod-tmp/deploy/kong.sh
acme.sh-dnspod-tmp/deploy/mailcow.sh
acme.sh-dnspod-tmp/deploy/myapi.sh
acme.sh-dnspod-tmp/deploy/mydevil.sh
acme.sh-dnspod-tmp/deploy/mysqld.sh
acme.sh-dnspod-tmp/deploy/nginx.sh
acme.sh-dnspod-tmp/deploy/opensshd.sh
acme.sh-dnspod-tmp/deploy/panos.sh
acme.sh-dnspod-tmp/deploy/pureftpd.sh
acme.sh-dnspod-tmp/deploy/qiniu.sh
acme.sh-dnspod-tmp/deploy/routeros.sh
acme.sh-dnspod-tmp/deploy/ssh.sh
acme.sh-dnspod-tmp/deploy/strongswan.sh
acme.sh-dnspod-tmp/deploy/synology_dsm.sh
acme.sh-dnspod-tmp/deploy/unifi.sh
acme.sh-dnspod-tmp/deploy/vault_cli.sh
acme.sh-dnspod-tmp/deploy/vsftpd.sh
acme.sh-dnspod-tmp/dnsapi/
acme.sh-dnspod-tmp/dnsapi/README.md
acme.sh-dnspod-tmp/dnsapi/dns_1984hosting.sh
acme.sh-dnspod-tmp/dnsapi/dns_acmedns.sh
acme.sh-dnspod-tmp/dnsapi/dns_acmeproxy.sh
acme.sh-dnspod-tmp/dnsapi/dns_active24.sh
acme.sh-dnspod-tmp/dnsapi/dns_ad.sh
acme.sh-dnspod-tmp/dnsapi/dns_ali.sh
acme.sh-dnspod-tmp/dnsapi/dns_autodns.sh
acme.sh-dnspod-tmp/dnsapi/dns_aws.sh
acme.sh-dnspod-tmp/dnsapi/dns_azure.sh
acme.sh-dnspod-tmp/dnsapi/dns_cf.sh
acme.sh-dnspod-tmp/dnsapi/dns_clouddns.sh
acme.sh-dnspod-tmp/dnsapi/dns_cloudns.sh
acme.sh-dnspod-tmp/dnsapi/dns_cn.sh
acme.sh-dnspod-tmp/dnsapi/dns_conoha.sh
acme.sh-dnspod-tmp/dnsapi/dns_constellix.sh
acme.sh-dnspod-tmp/dnsapi/dns_cx.sh
acme.sh-dnspod-tmp/dnsapi/dns_cyon.sh
acme.sh-dnspod-tmp/dnsapi/dns_da.sh
acme.sh-dnspod-tmp/dnsapi/dns_ddnss.sh
acme.sh-dnspod-tmp/dnsapi/dns_desec.sh
acme.sh-dnspod-tmp/dnsapi/dns_dgon.sh
acme.sh-dnspod-tmp/dnsapi/dns_dnsimple.sh
acme.sh-dnspod-tmp/dnsapi/dns_do.sh
acme.sh-dnspod-tmp/dnsapi/dns_doapi.sh
acme.sh-dnspod-tmp/dnsapi/dns_domeneshop.sh
acme.sh-dnspod-tmp/dnsapi/dns_dp.sh
acme.sh-dnspod-tmp/dnsapi/dns_dpi.sh
acme.sh-dnspod-tmp/dnsapi/dns_dreamhost.sh
acme.sh-dnspod-tmp/dnsapi/dns_duckdns.sh
acme.sh-dnspod-tmp/dnsapi/dns_durabledns.sh
acme.sh-dnspod-tmp/dnsapi/dns_dyn.sh
acme.sh-dnspod-tmp/dnsapi/dns_dynu.sh
acme.sh-dnspod-tmp/dnsapi/dns_dynv6.sh
acme.sh-dnspod-tmp/dnsapi/dns_easydns.sh
acme.sh-dnspod-tmp/dnsapi/dns_euserv.sh
acme.sh-dnspod-tmp/dnsapi/dns_exoscale.sh
acme.sh-dnspod-tmp/dnsapi/dns_freedns.sh
acme.sh-dnspod-tmp/dnsapi/dns_gandi_livedns.sh
acme.sh-dnspod-tmp/dnsapi/dns_gcloud.sh
acme.sh-dnspod-tmp/dnsapi/dns_gd.sh
acme.sh-dnspod-tmp/dnsapi/dns_gdnsdk.sh
acme.sh-dnspod-tmp/dnsapi/dns_he.sh
acme.sh-dnspod-tmp/dnsapi/dns_hexonet.sh
acme.sh-dnspod-tmp/dnsapi/dns_hostingde.sh
acme.sh-dnspod-tmp/dnsapi/dns_infoblox.sh
acme.sh-dnspod-tmp/dnsapi/dns_internetbs.sh
acme.sh-dnspod-tmp/dnsapi/dns_inwx.sh
acme.sh-dnspod-tmp/dnsapi/dns_ispconfig.sh
acme.sh-dnspod-tmp/dnsapi/dns_jd.sh
acme.sh-dnspod-tmp/dnsapi/dns_joker.sh
acme.sh-dnspod-tmp/dnsapi/dns_kas.sh
acme.sh-dnspod-tmp/dnsapi/dns_kinghost.sh
acme.sh-dnspod-tmp/dnsapi/dns_knot.sh
acme.sh-dnspod-tmp/dnsapi/dns_leaseweb.sh
acme.sh-dnspod-tmp/dnsapi/dns_lexicon.sh
acme.sh-dnspod-tmp/dnsapi/dns_linode.sh
acme.sh-dnspod-tmp/dnsapi/dns_linode_v4.sh
acme.sh-dnspod-tmp/dnsapi/dns_loopia.sh
acme.sh-dnspod-tmp/dnsapi/dns_lua.sh
acme.sh-dnspod-tmp/dnsapi/dns_maradns.sh
acme.sh-dnspod-tmp/dnsapi/dns_me.sh
acme.sh-dnspod-tmp/dnsapi/dns_miab.sh
acme.sh-dnspod-tmp/dnsapi/dns_misaka.sh
acme.sh-dnspod-tmp/dnsapi/dns_myapi.sh
acme.sh-dnspod-tmp/dnsapi/dns_mydevil.sh
acme.sh-dnspod-tmp/dnsapi/dns_mydnsjp.sh
acme.sh-dnspod-tmp/dnsapi/dns_namecheap.sh
acme.sh-dnspod-tmp/dnsapi/dns_namecom.sh
acme.sh-dnspod-tmp/dnsapi/dns_namesilo.sh
acme.sh-dnspod-tmp/dnsapi/dns_nederhost.sh
acme.sh-dnspod-tmp/dnsapi/dns_neodigit.sh
acme.sh-dnspod-tmp/dnsapi/dns_netcup.sh
acme.sh-dnspod-tmp/dnsapi/dns_nic.sh
acme.sh-dnspod-tmp/dnsapi/dns_nm.sh
acme.sh-dnspod-tmp/dnsapi/dns_nsd.sh
acme.sh-dnspod-tmp/dnsapi/dns_nsone.sh
acme.sh-dnspod-tmp/dnsapi/dns_nsupdate.sh
acme.sh-dnspod-tmp/dnsapi/dns_nw.sh
acme.sh-dnspod-tmp/dnsapi/dns_one.sh
acme.sh-dnspod-tmp/dnsapi/dns_online.sh
acme.sh-dnspod-tmp/dnsapi/dns_openprovider.sh
acme.sh-dnspod-tmp/dnsapi/dns_opnsense.sh
acme.sh-dnspod-tmp/dnsapi/dns_ovh.sh
acme.sh-dnspod-tmp/dnsapi/dns_pdns.sh
acme.sh-dnspod-tmp/dnsapi/dns_pleskxml.sh
acme.sh-dnspod-tmp/dnsapi/dns_pointhq.sh
acme.sh-dnspod-tmp/dnsapi/dns_rackspace.sh
acme.sh-dnspod-tmp/dnsapi/dns_rcode0.sh
acme.sh-dnspod-tmp/dnsapi/dns_regru.sh
acme.sh-dnspod-tmp/dnsapi/dns_schlundtech.sh
acme.sh-dnspod-tmp/dnsapi/dns_selectel.sh
acme.sh-dnspod-tmp/dnsapi/dns_servercow.sh
acme.sh-dnspod-tmp/dnsapi/dns_tele3.sh
acme.sh-dnspod-tmp/dnsapi/dns_ultra.sh
acme.sh-dnspod-tmp/dnsapi/dns_unoeuro.sh
acme.sh-dnspod-tmp/dnsapi/dns_variomedia.sh
acme.sh-dnspod-tmp/dnsapi/dns_vscale.sh
acme.sh-dnspod-tmp/dnsapi/dns_vultr.sh
acme.sh-dnspod-tmp/dnsapi/dns_yandex.sh
acme.sh-dnspod-tmp/dnsapi/dns_zilore.sh
acme.sh-dnspod-tmp/dnsapi/dns_zone.sh
acme.sh-dnspod-tmp/dnsapi/dns_zonomi.sh
acme.sh-dnspod-tmp/notify/
acme.sh-dnspod-tmp/notify/cqhttp.sh
acme.sh-dnspod-tmp/notify/dingtalk.sh
acme.sh-dnspod-tmp/notify/ifttt.sh
acme.sh-dnspod-tmp/notify/mail.sh
acme.sh-dnspod-tmp/notify/mailgun.sh
acme.sh-dnspod-tmp/notify/pop.sh
acme.sh-dnspod-tmp/notify/postmark.sh
acme.sh-dnspod-tmp/notify/pushover.sh
acme.sh-dnspod-tmp/notify/sendgrid.sh
acme.sh-dnspod-tmp/notify/slack.sh
acme.sh-dnspod-tmp/notify/smtp.sh
acme.sh-dnspod-tmp/notify/xmpp.sh
begin installing acme.sh tool...
[Tue Jan 26 00:04:43 CST 2021] It is recommended to install socat first.
[Tue Jan 26 00:04:43 CST 2021] We use socat for standalone server if you use standalone mode.
[Tue Jan 26 00:04:43 CST 2021] If you don't use standalone mode, just ignore this warning.
[Tue Jan 26 00:04:43 CST 2021] Installing to /volume1/docker/Acme/acme.sh
[Tue Jan 26 00:04:43 CST 2021] Installed to /volume1/docker/Acme/acme.sh/acme.sh
[Tue Jan 26 00:04:43 CST 2021] No profile is found, you will need to go into /volume1/docker/Acme/acme.sh to use acme.sh
[Tue Jan 26 00:04:43 CST 2021] Good, bash is found, so change the shebang to use bash as preferred.
[Tue Jan 26 00:04:45 CST 2021] OK
done installAcme
begin generateCrt
begin updating default cert by acme.sh tool
[Tue Jan 26 00:04:47 CST 2021] Multi domain='DNS:domain.com,DNS:*.domain.com'
[Tue Jan 26 00:04:48 CST 2021] Getting domain auth token for each domain
[Tue Jan 26 00:04:53 CST 2021] Getting webroot for domain='domain.com'
[Tue Jan 26 00:04:54 CST 2021] Getting webroot for domain='*.domain.com'
[Tue Jan 26 00:04:54 CST 2021] Adding txt value: 4amijTDcQIFjFPLcljsF-30fYsQKuelCjToWmvmCm0k for domain: _acme-challenge.domain.com
[Tue Jan 26 00:04:54 CST 2021] Adding record
[Tue Jan 26 00:04:55 CST 2021] The txt record is added: Success.
[Tue Jan 26 00:04:55 CST 2021] Adding txt value: Bn0bzAB3Nu6T-lRfwuKYhaDx7WsDOyeDZ1g0EL1Cv8Y for domain: _acme-challenge.domain.com
[Tue Jan 26 00:04:55 CST 2021] Adding record
[Tue Jan 26 00:04:56 CST 2021] The txt record is added: Success.
[Tue Jan 26 00:04:56 CST 2021] Sleep 600 seconds for the txt records to take effect
[Tue Jan 26 00:14:56 CST 2021] Verifying: haohaoxiao.ml
[Tue Jan 26 00:14:57 CST 2021] It seems the CA server is busy now, let's wait and retry. Sleeping 1 seconds.
[Tue Jan 26 00:15:05 CST 2021] Success
[Tue Jan 26 00:15:05 CST 2021] Verifying: *.domain.com
[Tue Jan 26 00:15:10 CST 2021] Pending
[Tue Jan 26 00:15:14 CST 2021] Pending
[Tue Jan 26 00:15:17 CST 2021] Pending
[Tue Jan 26 00:15:21 CST 2021] Pending
[Tue Jan 26 00:15:24 CST 2021] Pending
[Tue Jan 26 00:15:28 CST 2021] Pending
[Tue Jan 26 00:15:31 CST 2021] Pending
[Tue Jan 26 00:15:35 CST 2021] Pending
[Tue Jan 26 00:15:38 CST 2021] Success
[Tue Jan 26 00:15:38 CST 2021] Removing DNS records.
[Tue Jan 26 00:15:38 CST 2021] Removing txt: 4amijTDcQIFjFPLcljsF-30fYsQKuelCjToWmvmCm0k for domain: _acme-challenge.domain.com
[Tue Jan 26 00:15:40 CST 2021] Removed: Success
[Tue Jan 26 00:15:40 CST 2021] Removing txt: Bn0bzAB3Nu6T-lRfwuKYhaDx7WsDOyeDZ1g0EL1Cv8Y for domain: _acme-challenge.domain.com
[Tue Jan 26 00:15:41 CST 2021] Removed: Success
[Tue Jan 26 00:15:41 CST 2021] Verify finished, start to sign.
[Tue Jan 26 00:15:41 CST 2021] Lets finalize the order, Le_OrderFinalize: https://acme-v02.api.letsencrypt.org/acme/finalize/105487204/7518942935
[Tue Jan 26 00:15:43 CST 2021] Download cert, Le_LinkCert: https://acme-v02.api.letsencrypt.org/acme/cert/039a39321c7bfa3d9dd0339d64e364d7aa6a
[Tue Jan 26 00:15:45 CST 2021] Cert success.
-----BEGIN CERTIFICATE-----
****
-----END CERTIFICATE-----
[Tue Jan 26 00:15:45 CST 2021] Your cert is in /volume1/docker/Acme/acme.sh/domain.com/domain.com.cer
[Tue Jan 26 00:15:45 CST 2021] Your cert key is in /volume1/docker/Acme/acme.sh/domain.com/domain.com.key
[Tue Jan 26 00:15:45 CST 2021] The intermediate CA cert is in /volume1/docker/Acme/acme.sh/domain.com/ca.cer
[Tue Jan 26 00:15:45 CST 2021] And the full chain certs is there: /volume1/docker/Acme/acme.sh/domain.com/fullchain.cer
/volume1/docker/Acme/cert-up.sh: line 55: --certpath: command not found
done generateCrt
begin updateService
cp cert path to des
Copy cert for FTPS
Copy cert for WebDAVServer
Copy cert for DSM Desktop Service
Copy cert for Log Receiving
Copy cert for *:8188
done updateService
begin reloadWebService
reloading new cert...
alias-register stop/waiting
relading Apache 2.2
stop: Unknown job: pkg-apache22
start: Unknown job: pkg-apache22
reload: Unknown job: pkg-apache22
done reloadWebService
------ end updateCrt ------
当前程序中用来重启nginx的nginx.sh在dsm7中似乎不存在,但nginx。sh本质其实是用synoservice reload了一下nginx,dsm 7采用的是systemd。但是经过实测,采用synosystemctl reload nginx和nginx -s reload都不能使导入的证书生效,必须采用restart代替reload。但是群晖dsm 7的nginx似乎和一堆东西绑定了,重启很慢不说,重启完会导致很多套件重启,最典型的就是索引又要跑很久。这方面大家有没有什么思路,能够比较好的应用导入的证书?
你好,如果是直接使用群晖申请的免费域名XXXXX.synology.me这种需要弄DNS解析吗?直接用这种是不是最简单的方案?
我看你申请了阿里云的域名及阿里云的DNS解析服务,我看到阿里云服务条款“com/.net/.cn/.xin/.top/.xyz/.vip/.club/.shop/.wang/.ren等域名注册成功后必须进行域名实名认证,否则域名会处于Serverhold状态,无法正常使用。查看详情 ” 我申请阿里云的域名的域名是不是要实名认证?
我没建站的经验,麻烦了.谢谢解答.
begin update cert
------ begin updateCrt ------
begin backupCrt
done backupCrt
begin installAcme
begin downloading acme.sh tool...
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0curl: (6) Could not resolve: cdn.jsdelivr.net (Could not contact DNS servers)
curl: no URL specified!
curl: try 'curl --help' for more information
tar (child): acme.sh.tar.gz: Cannot open: No such file or directory
tar (child): Error is not recoverable: exiting now
tar: Child returned status 2
tar: Error is not recoverable: exiting now
tar (child): acme.sh.tar.gz: Cannot open: No such file or directory
tar (child): Error is not recoverable: exiting now
tar: Child returned status 2
tar: Error is not recoverable: exiting now
begin installing acme.sh tool...
/volume1/system/syno-acme/cert-up.sh: line 39: ./acme.sh: No such file or directory
done installAcme
begin generateCrt
begin updating default cert by acme.sh tool
/volume1/system/syno-acme/cert-up.sh: line 50: /volume1/system/syno-acme/acme.sh/acme.sh.env: No such file or directory
/volume1/system/syno-acme/cert-up.sh: line 51: /volume1/system/syno-acme/acme.sh/acme.sh: No such file or directory
/volume1/system/syno-acme/cert-up.sh: line 52: /volume1/system/syno-acme/acme.sh/acme.sh: No such file or directory
done generateCrt
begin updateService
cp cert path to des
Copy cert for FTPS
Copy cert for DSM Desktop Service
Copy cert for WebDAVServer
done updateService
begin reloadWebService
reloading new cert...
alias-register stop/waiting
relading Apache 2.2
stop: Unknown job: pkg-apache22
start: Unknown job: pkg-apache22
reload: Unknown job: pkg-apache22
done reloadWebService
------ end updateCrt ------
部分log如下:
begin generateCrt
begin updating default cert by acme.sh tool
[Tue Nov 6 01:52:46 CST 2018] Registering account
[Tue Nov 6 01:52:50 CST 2018] Registered
[Tue Nov 6 01:52:50 CST 2018] ACCOUNT_THUMBPRINT='k16lk8IV7fEFsc5mq_KiZ7fHcpcchgYGW8cJQLTdL28'
[Tue Nov 6 01:52:50 CST 2018] Creating domain key
[Tue Nov 6 01:52:50 CST 2018] The domain key is here: /volume3/homes/admin/syno-acme-0.1.4/acme.sh/.dendrobium.ignorelist.com/.dendrobium.ignorelist.com.key
[Tue Nov 6 01:52:50 CST 2018] Single domain='.dendrobium.ignorelist.com'
[Tue Nov 6 01:52:50 CST 2018] Getting domain auth token for each domain
[Tue Nov 6 01:52:53 CST 2018] Getting webroot for domain='.dendrobium.ignorelist.com'
[Tue Nov 6 01:52:53 CST 2018] Found domain api file: /volume3/homes/admin/syno-acme-0.1.4/acme.sh/dnsapi/dns_freedns.sh
[Tue Nov 6 01:52:53 CST 2018] Add TXT record using FreeDNS
[Tue Nov 6 01:52:59 CST 2018] FreeDNS failed to add TXT record for _acme-challenge.dendrobium as FreeDNS requested security code
[Tue Nov 6 01:52:59 CST 2018] Note that you cannot use automatic DNS validation for FreeDNS public domains
[Tue Nov 6 01:52:59 CST 2018] Error add txt for domain:_acme-challenge.dendrobium.ignorelist.com
[Tue Nov 6 01:52:59 CST 2018] Please add '--debug' or '--log' to check more details.
[Tue Nov 6 01:52:59 CST 2018] See: https://github.com/Neilpang/acme.sh/wiki/How-to-debug-acme.sh
[Tue Nov 6 01:53:01 CST 2018] Installing cert to:/usr/syno/etc/certificate/_archive/DASRiV/cert.pem
cat: /volume3/homes/admin/syno-acme-0.1.4/acme.sh/.dendrobium.ignorelist.com/.dendrobium.ignorelist.com.cer: No such file or directory
[Tue Nov 6 01:53:01 CST 2018] Installing key to:/usr/syno/etc/certificate/_archive/DASRiV/privkey.pem
[Tue Nov 6 01:53:01 CST 2018] Installing full chain to:/usr/syno/etc/certificate/_archive/DASRiV/fullchain.pem
cat: /volume3/homes/admin/syno-acme-0.1.4/acme.sh/*.dendrobium.ignorelist.com/fullchain.cer: No such file or directory
./cert-up.sh: line 54: cd: /volume3/homes/admin/syno-acme-0.1.4/temp/acme.sh-2.7.8: No such file or directory
done generateCrt
今天尝试使用你的脚本自动生成证书,我之前就有好几个证书,后来手动删除只保留一个证书,运行脚本后申请证书成功了,但后来就出现一个系统事件:由于 DSM 遭遇问题,无法正常启动。请联络 Synology 支持小组以获得帮助。排查了很久,没找到原因,不确定跟这个有没有关系?
今天突然提示证书到期了,才发现有这个问题了。。。
begin update cert
------ begin updateCrt ------
begin backupCrt
done backupCrt
begin installAcme
begin downloading acme.sh tool...
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
100 63 100 63 0 0 150 0 --:--:-- --:--:-- --:--:-- 150
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
100 129 100 129 0 0 173 0 --:--:-- --:--:-- --:--:-- 173
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
100 102k 0 102k 0 0 54643 0 --:--:-- 0:00:01 --:--:-- 104k
100 185k 0 185k 0 0 83956 0 --:--:-- 0:00:02 --:--:-- 140k
acme.sh-dnspod-tmp/
acme.sh-dnspod-tmp/.github/
acme.sh-dnspod-tmp/.github/FUNDING.yml
acme.sh-dnspod-tmp/.github/ISSUE_TEMPLATE.md
acme.sh-dnspod-tmp/.github/PULL_REQUEST_TEMPLATE.md
acme.sh-dnspod-tmp/.github/auto-comment.yml
acme.sh-dnspod-tmp/.travis.yml
acme.sh-dnspod-tmp/Dockerfile
acme.sh-dnspod-tmp/LICENSE.md
acme.sh-dnspod-tmp/README.md
acme.sh-dnspod-tmp/acme.sh
acme.sh-dnspod-tmp/deploy/
acme.sh-dnspod-tmp/deploy/README.md
acme.sh-dnspod-tmp/deploy/apache.sh
acme.sh-dnspod-tmp/deploy/cpanel_uapi.sh
acme.sh-dnspod-tmp/deploy/docker.sh
acme.sh-dnspod-tmp/deploy/dovecot.sh
acme.sh-dnspod-tmp/deploy/exim4.sh
acme.sh-dnspod-tmp/deploy/fritzbox.sh
acme.sh-dnspod-tmp/deploy/gcore_cdn.sh
acme.sh-dnspod-tmp/deploy/gitlab.sh
acme.sh-dnspod-tmp/deploy/haproxy.sh
acme.sh-dnspod-tmp/deploy/keychain.sh
acme.sh-dnspod-tmp/deploy/kong.sh
acme.sh-dnspod-tmp/deploy/mailcow.sh
acme.sh-dnspod-tmp/deploy/myapi.sh
acme.sh-dnspod-tmp/deploy/mydevil.sh
acme.sh-dnspod-tmp/deploy/mysqld.sh
acme.sh-dnspod-tmp/deploy/nginx.sh
acme.sh-dnspod-tmp/deploy/opensshd.sh
acme.sh-dnspod-tmp/deploy/panos.sh
acme.sh-dnspod-tmp/deploy/pureftpd.sh
acme.sh-dnspod-tmp/deploy/qiniu.sh
acme.sh-dnspod-tmp/deploy/routeros.sh
acme.sh-dnspod-tmp/deploy/ssh.sh
acme.sh-dnspod-tmp/deploy/strongswan.sh
acme.sh-dnspod-tmp/deploy/synology_dsm.sh
acme.sh-dnspod-tmp/deploy/unifi.sh
acme.sh-dnspod-tmp/deploy/vault_cli.sh
acme.sh-dnspod-tmp/deploy/vsftpd.sh
acme.sh-dnspod-tmp/dnsapi/
acme.sh-dnspod-tmp/dnsapi/README.md
acme.sh-dnspod-tmp/dnsapi/dns_1984hosting.sh
acme.sh-dnspod-tmp/dnsapi/dns_acmedns.sh
acme.sh-dnspod-tmp/dnsapi/dns_acmeproxy.sh
acme.sh-dnspod-tmp/dnsapi/dns_active24.sh
acme.sh-dnspod-tmp/dnsapi/dns_ad.sh
acme.sh-dnspod-tmp/dnsapi/dns_ali.sh
acme.sh-dnspod-tmp/dnsapi/dns_autodns.sh
acme.sh-dnspod-tmp/dnsapi/dns_aws.sh
acme.sh-dnspod-tmp/dnsapi/dns_azure.sh
acme.sh-dnspod-tmp/dnsapi/dns_cf.sh
acme.sh-dnspod-tmp/dnsapi/dns_clouddns.sh
acme.sh-dnspod-tmp/dnsapi/dns_cloudns.sh
acme.sh-dnspod-tmp/dnsapi/dns_cn.sh
acme.sh-dnspod-tmp/dnsapi/dns_conoha.sh
acme.sh-dnspod-tmp/dnsapi/dns_constellix.sh
acme.sh-dnspod-tmp/dnsapi/dns_cx.sh
acme.sh-dnspod-tmp/dnsapi/dns_cyon.sh
acme.sh-dnspod-tmp/dnsapi/dns_da.sh
acme.sh-dnspod-tmp/dnsapi/dns_ddnss.sh
acme.sh-dnspod-tmp/dnsapi/dns_desec.sh
acme.sh-dnspod-tmp/dnsapi/dns_dgon.sh
acme.sh-dnspod-tmp/dnsapi/dns_dnsimple.sh
acme.sh-dnspod-tmp/dnsapi/dns_do.sh
acme.sh-dnspod-tmp/dnsapi/dns_doapi.sh
acme.sh-dnspod-tmp/dnsapi/dns_domeneshop.sh
acme.sh-dnspod-tmp/dnsapi/dns_dp.sh
acme.sh-dnspod-tmp/dnsapi/dns_dpi.sh
acme.sh-dnspod-tmp/dnsapi/dns_dreamhost.sh
acme.sh-dnspod-tmp/dnsapi/dns_duckdns.sh
acme.sh-dnspod-tmp/dnsapi/dns_durabledns.sh
acme.sh-dnspod-tmp/dnsapi/dns_dyn.sh
acme.sh-dnspod-tmp/dnsapi/dns_dynu.sh
acme.sh-dnspod-tmp/dnsapi/dns_dynv6.sh
acme.sh-dnspod-tmp/dnsapi/dns_easydns.sh
acme.sh-dnspod-tmp/dnsapi/dns_euserv.sh
acme.sh-dnspod-tmp/dnsapi/dns_exoscale.sh
acme.sh-dnspod-tmp/dnsapi/dns_freedns.sh
acme.sh-dnspod-tmp/dnsapi/dns_gandi_livedns.sh
acme.sh-dnspod-tmp/dnsapi/dns_gcloud.sh
acme.sh-dnspod-tmp/dnsapi/dns_gd.sh
acme.sh-dnspod-tmp/dnsapi/dns_gdnsdk.sh
acme.sh-dnspod-tmp/dnsapi/dns_he.sh
acme.sh-dnspod-tmp/dnsapi/dns_hexonet.sh
acme.sh-dnspod-tmp/dnsapi/dns_hostingde.sh
acme.sh-dnspod-tmp/dnsapi/dns_infoblox.sh
acme.sh-dnspod-tmp/dnsapi/dns_internetbs.sh
acme.sh-dnspod-tmp/dnsapi/dns_inwx.sh
acme.sh-dnspod-tmp/dnsapi/dns_ispconfig.sh
acme.sh-dnspod-tmp/dnsapi/dns_jd.sh
acme.sh-dnspod-tmp/dnsapi/dns_joker.sh
acme.sh-dnspod-tmp/dnsapi/dns_kas.sh
acme.sh-dnspod-tmp/dnsapi/dns_kinghost.sh
acme.sh-dnspod-tmp/dnsapi/dns_knot.sh
acme.sh-dnspod-tmp/dnsapi/dns_leaseweb.sh
acme.sh-dnspod-tmp/dnsapi/dns_lexicon.sh
acme.sh-dnspod-tmp/dnsapi/dns_linode.sh
acme.sh-dnspod-tmp/dnsapi/dns_linode_v4.sh
acme.sh-dnspod-tmp/dnsapi/dns_loopia.sh
acme.sh-dnspod-tmp/dnsapi/dns_lua.sh
acme.sh-dnspod-tmp/dnsapi/dns_maradns.sh
acme.sh-dnspod-tmp/dnsapi/dns_me.sh
acme.sh-dnspod-tmp/dnsapi/dns_miab.sh
acme.sh-dnspod-tmp/dnsapi/dns_misaka.sh
acme.sh-dnspod-tmp/dnsapi/dns_myapi.sh
acme.sh-dnspod-tmp/dnsapi/dns_mydevil.sh
acme.sh-dnspod-tmp/dnsapi/dns_mydnsjp.sh
acme.sh-dnspod-tmp/dnsapi/dns_namecheap.sh
acme.sh-dnspod-tmp/dnsapi/dns_namecom.sh
acme.sh-dnspod-tmp/dnsapi/dns_namesilo.sh
acme.sh-dnspod-tmp/dnsapi/dns_nederhost.sh
acme.sh-dnspod-tmp/dnsapi/dns_neodigit.sh
acme.sh-dnspod-tmp/dnsapi/dns_netcup.sh
acme.sh-dnspod-tmp/dnsapi/dns_nic.sh
acme.sh-dnspod-tmp/dnsapi/dns_nm.sh
acme.sh-dnspod-tmp/dnsapi/dns_nsd.sh
acme.sh-dnspod-tmp/dnsapi/dns_nsone.sh
acme.sh-dnspod-tmp/dnsapi/dns_nsupdate.sh
acme.sh-dnspod-tmp/dnsapi/dns_nw.sh
acme.sh-dnspod-tmp/dnsapi/dns_one.sh
acme.sh-dnspod-tmp/dnsapi/dns_online.sh
acme.sh-dnspod-tmp/dnsapi/dns_openprovider.sh
acme.sh-dnspod-tmp/dnsapi/dns_opnsense.sh
acme.sh-dnspod-tmp/dnsapi/dns_ovh.sh
acme.sh-dnspod-tmp/dnsapi/dns_pdns.sh
acme.sh-dnspod-tmp/dnsapi/dns_pleskxml.sh
acme.sh-dnspod-tmp/dnsapi/dns_pointhq.sh
acme.sh-dnspod-tmp/dnsapi/dns_rackspace.sh
acme.sh-dnspod-tmp/dnsapi/dns_rcode0.sh
acme.sh-dnspod-tmp/dnsapi/dns_regru.sh
acme.sh-dnspod-tmp/dnsapi/dns_schlundtech.sh
acme.sh-dnspod-tmp/dnsapi/dns_selectel.sh
acme.sh-dnspod-tmp/dnsapi/dns_servercow.sh
acme.sh-dnspod-tmp/dnsapi/dns_tele3.sh
acme.sh-dnspod-tmp/dnsapi/dns_ultra.sh
acme.sh-dnspod-tmp/dnsapi/dns_unoeuro.sh
acme.sh-dnspod-tmp/dnsapi/dns_variomedia.sh
acme.sh-dnspod-tmp/dnsapi/dns_vscale.sh
acme.sh-dnspod-tmp/dnsapi/dns_vultr.sh
acme.sh-dnspod-tmp/dnsapi/dns_yandex.sh
acme.sh-dnspod-tmp/dnsapi/dns_zilore.sh
acme.sh-dnspod-tmp/dnsapi/dns_zone.sh
acme.sh-dnspod-tmp/dnsapi/dns_zonomi.sh
acme.sh-dnspod-tmp/notify/
acme.sh-dnspod-tmp/notify/cqhttp.sh
acme.sh-dnspod-tmp/notify/dingtalk.sh
acme.sh-dnspod-tmp/notify/ifttt.sh
acme.sh-dnspod-tmp/notify/mail.sh
acme.sh-dnspod-tmp/notify/mailgun.sh
acme.sh-dnspod-tmp/notify/pop.sh
acme.sh-dnspod-tmp/notify/postmark.sh
acme.sh-dnspod-tmp/notify/pushover.sh
acme.sh-dnspod-tmp/notify/sendgrid.sh
acme.sh-dnspod-tmp/notify/slack.sh
acme.sh-dnspod-tmp/notify/smtp.sh
acme.sh-dnspod-tmp/notify/xmpp.sh
begin installing acme.sh tool...
[Sat Jun 19 03:22:12 CST 2021] It is recommended to install socat first.
[Sat Jun 19 03:22:12 CST 2021] We use socat for standalone server if you use standalone mode.
[Sat Jun 19 03:22:12 CST 2021] If you don't use standalone mode, just ignore this warning.
[Sat Jun 19 03:22:12 CST 2021] Installing to /volume1/web/syno-acme/acme.sh
[Sat Jun 19 03:22:12 CST 2021] Installed to /volume1/web/syno-acme/acme.sh/acme.sh
[Sat Jun 19 03:22:12 CST 2021] Installing alias to '/root/.profile'
[Sat Jun 19 03:22:12 CST 2021] OK, Close and reopen your terminal to start using acme.sh
[Sat Jun 19 03:22:12 CST 2021] Good, bash is found, so change the shebang to use bash as preferred.
[Sat Jun 19 03:22:14 CST 2021] OK
done installAcme
begin generateCrt
begin updating default cert by acme.sh tool
[Sat Jun 19 03:22:17 CST 2021] Single domain=''
[Sat Jun 19 03:22:17 CST 2021] Getting domain auth token for each domain
[Sat Jun 19 03:22:20 CST 2021] Getting webroot for domain=''
[Sat Jun 19 03:22:21 CST 2021] Adding txt value: YbZHhU_iHkDT8Z4xb9-qRD-sandNqZf57yVUdhePgvY for domain: _acme-challenge.**********
[Sat Jun 19 03:22:26 CST 2021] Error add txt for domain:_acme-challenge.**********
[Sat Jun 19 03:22:26 CST 2021] Please check log file for more details: /volume1/web/syno-acme/acme.sh/acme.sh.log
[Sat Jun 19 03:22:28 CST 2021] Installing cert to:/usr/syno/etc/certificate/_archive/iBnjtM/cert.pem
[Sat Jun 19 03:22:28 CST 2021] Installing key to:/usr/syno/etc/certificate/_archive/iBnjtM/privkey.pem
[Sat Jun 19 03:22:28 CST 2021] Installing full chain to:/usr/syno/etc/certificate/_archive/iBnjtM/fullchain.pem
done generateCrt
begin updateService
cp cert path to des
Copy cert for FTPS
Copy cert for DSM Desktop Service
Copy cert for *:20111
Copy cert for Log Receiving
Copy cert for Synology Drive Server
done updateService
begin reloadWebService
reloading new cert...
alias-register stop/waiting
relading Apache 2.2
stop: Unknown job: pkg-apache22
start: Unknown job: pkg-apache22
reload: Unknown job: pkg-apache22
done reloadWebService
------ end updateCrt ------
Model : DS918+
DSM Version : DSM 6.2.2-24922 Update 6
syno-acme-0.2.1-dnspod
Log:
begin updating default cert by acme.sh tool
[Wed Jul 15 01:03:38 CST 2020] Multi domain='DNS:------,DNS:*.------'
[Wed Jul 15 01:03:38 CST 2020] Getting domain auth token for each domain
[Wed Jul 15 01:03:53 CST 2020] Getting webroot for domain='-----'
[Wed Jul 15 01:03:53 CST 2020] Getting webroot for domain='*.------'
[Wed Jul 15 01:03:53 CST 2020] Adding txt value: *** for domain: _acme-challenge.------
[Wed Jul 15 01:03:54 CST 2020] Adding record
[Wed Jul 15 01:03:54 CST 2020] The txt record is added: Success.
[Wed Jul 15 01:03:54 CST 2020] Sleep 120 seconds for the txt records to take effect
[Wed Jul 15 01:05:54 CST 2020] ------ is already verified, skip dns-01.
[Wed Jul 15 01:05:54 CST 2020] Verifying: *.------
[Wed Jul 15 01:05:58 CST 2020] *.------:Verify error:CAA record for *.------ prevents issuance
[Wed Jul 15 01:05:58 CST 2020] Removing DNS records.
[Wed Jul 15 01:05:58 CST 2020] Removing txt: **** for domain: _acme-challenge.------
[Wed Jul 15 01:06:04 CST 2020] Removed: Success
[Wed Jul 15 01:06:04 CST 2020] Please check log file for more details: /volume1/DATA/Script/syno-acme/acme.sh/acme.sh.log
[Wed Jul 15 01:06:12 CST 2020] Installing cert to:/usr/syno/etc/certificate/_archive/4VEbo0/cert.pem
cat: /volume1/DATA/Script/syno-acme/acme.sh/------/------.cer: No such file or directory
[ERR] fail to generateCrt
begin revert
begin revertCrt
/volume1/DATA/Script/syno-acme/backup/20200715010320/certificate /usr/syno/etc/certificate
/volume1/DATA/Script/syno-acme/backup/20200715010320/package_cert /usr/local/etc/certificate
begin reloadWebService
reloading new cert...
alias-register stop/waiting
relading Apache 2.2
stop: Unknown job: pkg-apache22
start: Unknown job: pkg-apache22
reload: Unknown job: pkg-apache22
done reloadWebService
done revertCrt
acme.sh.log
[Wed Jul 15 01:05:59 CST 2020] Record.Remove
[Wed Jul 15 01:05:59 CST 2020] url='https://dnsapi.cn/Record.Remove'
[Wed Jul 15 01:05:59 CST 2020] POST
[Wed Jul 15 01:05:59 CST 2020] _post_url='https://dnsapi.cn/Record.Remove'
[Wed Jul 15 01:05:59 CST 2020] _CURL='curl -L --silent --dump-header /volume1/DATA/Script/syno-acme/acme.sh/http.header -g '
[Wed Jul 15 01:06:04 CST 2020] _ret='0'
[Wed Jul 15 01:06:04 CST 2020] Removed: Success
[Wed Jul 15 01:06:04 CST 2020] _on_issue_err
[Wed Jul 15 01:06:04 CST 2020] Please check log file for more details: /volume1/DATA/Script/syno-acme/acme.sh/acme.sh.log
[Wed Jul 15 01:06:04 CST 2020] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5879336498/rN3fww'
[Wed Jul 15 01:06:04 CST 2020] payload='{}'
[Wed Jul 15 01:06:04 CST 2020] POST
[Wed Jul 15 01:06:04 CST 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5879336498/rN3fww'
[Wed Jul 15 01:06:04 CST 2020] _CURL='curl -L --silent --dump-header /volume1/DATA/Script/syno-acme/acme.sh/http.header -g '
[Wed Jul 15 01:06:09 CST 2020] _ret='0'
[Wed Jul 15 01:06:09 CST 2020] code='200'
[Wed Jul 15 01:06:09 CST 2020] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5879475662/4m2KcA'
[Wed Jul 15 01:06:09 CST 2020] payload='{}'
[Wed Jul 15 01:06:09 CST 2020] POST
[Wed Jul 15 01:06:09 CST 2020] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/5879475662/4m2KcA'
[Wed Jul 15 01:06:09 CST 2020] _CURL='curl -L --silent --dump-header /volume1/DATA/Script/syno-acme/acme.sh/http.header -g '
[Wed Jul 15 01:06:11 CST 2020] _ret='0'
[Wed Jul 15 01:06:11 CST 2020] code='400'
[Wed Jul 15 01:06:12 CST 2020] Running cmd: installcert
补充:
使用的是最新尝试解决DNSPOD问题的版本
已尝试设置3600秒sleep,在等待过程中尝试用本机手动dig _acme-challenge.xxxx.xx的txt记录,有正常返回文本。但最终验证失败
连续尝试过程中,中间有一次query timed out looking up CAA for _acme-challenge.xxxx.xxx
无法使用证书
It seems that you are using sudo, please read this link first:
https://github.com/acmesh-official/acme.sh/wiki/sudo
done generateCrt
begin updateService
cp cert path to des
Copy cert for FTPS
Copy cert for DSM Desktop Service
Copy cert for WebDAVServer
Copy cert for Synology Drive Server
done updateService
begin reloadWebService
reloading new cert...
alias-register stop/waiting
relading Apache 2.2
stop: Unknown job: pkg-apache22
start: Unknown job: pkg-apache22
reload: Unknown job: pkg-apache22
done reloadWebService
------ end updateCrt ------
github.com 老是被墙,无法下载
/bin/bash: -c: line 0: syntax error near unexpected token newline' /bin/bash: -c: line 0:
/volume1/admin/ssl/syno-acme/cert-up.sh update >> '
用了0.15之后请问怎么导入证书,证书里面还是只有群晖那一个
curl: (56) OpenSSL SSL_read: SSL_ERROR_SYSCALL, errno 104
acme.sh-2.8.5/
acme.sh-2.8.5/.github/
acme.sh-2.8.5/.github/FUNDING.yml
acme.sh-2.8.5/.github/ISSUE_TEMPLATE.md
acme.sh-2.8.5/.github/PULL_REQUEST_TEMPLATE.md
acme.sh-2.8.5/.travis.yml
acme.sh-2.8.5/Dockerfile
acme.sh-2.8.5/LICENSE.md
acme.sh-2.8.5/README.md
acme.sh-2.8.5/acme.sh
gzip: stdin: unexpected end of file
tar: Unexpected EOF in archive
tar: Unexpected EOF in archive
tar: Error is not recoverable: exiting now
begin installing acme.sh tool...
./acme.sh: line 2657: unexpected EOF while looking for matching `"'
./acme.sh: line 2658: syntax error: unexpected end of file
done installAcme
begin generateCrt
begin updating default cert by acme.sh tool
/volume1/docker/task/syno-acme/cert-up.sh: line 50: /volume1/docker/task/syno-acme/acme.sh/acme.sh.env: No such file or directory
/volume1/docker/task/syno-acme/cert-up.sh: line 51: /volume1/docker/task/syno-acme/acme.sh/acme.sh: No such file or directory
/volume1/docker/task/syno-acme/cert-up.sh: line 52: /volume1/docker/task/syno-acme/acme.sh/acme.sh: No such file or directory
done generateCrt
begin updateService
cp cert path to des
done updateService
begin reloadWebService
reloading new cert...
alias-register stop/waiting
relading Apache 2.2
stop: Unknown job: pkg-apache22
start: Unknown job: pkg-apache22
reload: Unknown job: pkg-apache22
done reloadWebService
------ end updateCrt ------
域名解析使用的dnspod,但是域名在阿里云上申请的,这些信息应该怎么填写,我没有搞清楚配置里面使用的Ali_Key指的是什么?
RT.按照操作来的,新系统直接申请证书(排除干扰),仍然出现上述问题。
+ echo 'done installAcme'
done installAcme
+ rm -rf /volume1/docker/SSL_sh/temp
+ return 0
+ generateCrt
+ echo 'begin generateCrt'
begin generateCrt
+ cd /volume1/docker/SSL_sh
+ source config
cert-up.sh: line 49: source: config: file not found
但是目录下是有这个文件的
root@DS918plus:/volume1/docker/SSL_sh# ll
total 28
drwxr-xr-x+ 1 root root 148 Mar 10 20:08 ..
drwx------ 1 root root 96 Mar 11 08:38 acme.sh
-rwxr-xr-x+ 1 root root 57 Oct 21 16:38 acme.sh.address
drwxr-xr-x+ 1 root root 264 Mar 11 08:38 backup
-rwxr-xr-x 1 root root 3404 Mar 11 08:38 cert-up.sh
-rw-r--r-- 1 root root 12288 Mar 11 08:38 .cert-up.sh.swp
-rwxr-xr-x+ 1 root root 776 Mar 10 20:44 config
-rwxr-xr-x+ 1 root root 1182 Oct 21 16:38 crt_cp.py
请问这是怎么回事呢?
begin update cert
------ begin updateCrt ------
begin backupCrt
done backupCrt
begin installAcme
begin downloading acme.sh tool...
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
100 64 100 64 0 0 737 0 --:--:-- --:--:-- --:--:-- 744
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
100 130 100 130 0 0 113 0 0:00:01 0:00:01 --:--:-- 113
0 0 0 0 0 0 0 0 --:--:-- 0:00:01 --:--:-- 0
100 21105 0 21105 0 0 8396 0 --:--:-- 0:00:02 --:--:-- 25427
100 43124 0 43124 0 0 12244 0 --:--:-- 0:00:03 --:--:-- 23449
100 81962 0 81962 0 0 18659 0 --:--:-- 0:00:04 --:--:-- 30255
100 128k 0 128k 0 0 24271 0 --:--:-- 0:00:05 --:--:-- 35237
100 160k 0 160k 0 0 24566 0 --:--:-- 0:00:06 --:--:-- 32851
100 172k 0 172k 0 0 25672 0 --:--:-- 0:00:06 --:--:-- 35599
acme.sh-2.8.5/
acme.sh-2.8.5/.github/
acme.sh-2.8.5/.github/FUNDING.yml
acme.sh-2.8.5/.github/ISSUE_TEMPLATE.md
acme.sh-2.8.5/.github/PULL_REQUEST_TEMPLATE.md
acme.sh-2.8.5/.travis.yml
acme.sh-2.8.5/Dockerfile
acme.sh-2.8.5/LICENSE.md
acme.sh-2.8.5/README.md
acme.sh-2.8.5/acme.sh
acme.sh-2.8.5/deploy/
acme.sh-2.8.5/deploy/README.md
acme.sh-2.8.5/deploy/apache.sh
acme.sh-2.8.5/deploy/cpanel_uapi.sh
acme.sh-2.8.5/deploy/docker.sh
acme.sh-2.8.5/deploy/dovecot.sh
acme.sh-2.8.5/deploy/exim4.sh
acme.sh-2.8.5/deploy/fritzbox.sh
acme.sh-2.8.5/deploy/gcore_cdn.sh
acme.sh-2.8.5/deploy/gitlab.sh
acme.sh-2.8.5/deploy/haproxy.sh
acme.sh-2.8.5/deploy/keychain.sh
acme.sh-2.8.5/deploy/kong.sh
acme.sh-2.8.5/deploy/mailcow.sh
acme.sh-2.8.5/deploy/myapi.sh
acme.sh-2.8.5/deploy/mydevil.sh
acme.sh-2.8.5/deploy/mysqld.sh
acme.sh-2.8.5/deploy/nginx.sh
acme.sh-2.8.5/deploy/opensshd.sh
acme.sh-2.8.5/deploy/pureftpd.sh
acme.sh-2.8.5/deploy/qiniu.sh
acme.sh-2.8.5/deploy/routeros.sh
acme.sh-2.8.5/deploy/ssh.sh
acme.sh-2.8.5/deploy/strongswan.sh
acme.sh-2.8.5/deploy/unifi.sh
acme.sh-2.8.5/deploy/vault_cli.sh
acme.sh-2.8.5/deploy/vsftpd.sh
acme.sh-2.8.5/dnsapi/
acme.sh-2.8.5/dnsapi/README.md
acme.sh-2.8.5/dnsapi/dns_acmedns.sh
acme.sh-2.8.5/dnsapi/dns_acmeproxy.sh
acme.sh-2.8.5/dnsapi/dns_active24.sh
acme.sh-2.8.5/dnsapi/dns_ad.sh
acme.sh-2.8.5/dnsapi/dns_ali.sh
acme.sh-2.8.5/dnsapi/dns_autodns.sh
acme.sh-2.8.5/dnsapi/dns_aws.sh
acme.sh-2.8.5/dnsapi/dns_azure.sh
acme.sh-2.8.5/dnsapi/dns_cf.sh
acme.sh-2.8.5/dnsapi/dns_cloudns.sh
acme.sh-2.8.5/dnsapi/dns_cn.sh
acme.sh-2.8.5/dnsapi/dns_conoha.sh
acme.sh-2.8.5/dnsapi/dns_cx.sh
acme.sh-2.8.5/dnsapi/dns_cyon.sh
acme.sh-2.8.5/dnsapi/dns_da.sh
acme.sh-2.8.5/dnsapi/dns_ddnss.sh
acme.sh-2.8.5/dnsapi/dns_desec.sh
acme.sh-2.8.5/dnsapi/dns_dgon.sh
acme.sh-2.8.5/dnsapi/dns_dnsimple.sh
acme.sh-2.8.5/dnsapi/dns_do.sh
acme.sh-2.8.5/dnsapi/dns_doapi.sh
acme.sh-2.8.5/dnsapi/dns_domeneshop.sh
acme.sh-2.8.5/dnsapi/dns_dp.sh
acme.sh-2.8.5/dnsapi/dns_dpi.sh
acme.sh-2.8.5/dnsapi/dns_dreamhost.sh
acme.sh-2.8.5/dnsapi/dns_duckdns.sh
acme.sh-2.8.5/dnsapi/dns_durabledns.sh
acme.sh-2.8.5/dnsapi/dns_dyn.sh
acme.sh-2.8.5/dnsapi/dns_dynu.sh
acme.sh-2.8.5/dnsapi/dns_easydns.sh
acme.sh-2.8.5/dnsapi/dns_euserv.sh
acme.sh-2.8.5/dnsapi/dns_exoscale.sh
acme.sh-2.8.5/dnsapi/dns_freedns.sh
acme.sh-2.8.5/dnsapi/dns_gandi_livedns.sh
acme.sh-2.8.5/dnsapi/dns_gcloud.sh
acme.sh-2.8.5/dnsapi/dns_gd.sh
acme.sh-2.8.5/dnsapi/dns_gdnsdk.sh
acme.sh-2.8.5/dnsapi/dns_he.sh
acme.sh-2.8.5/dnsapi/dns_hexonet.sh
acme.sh-2.8.5/dnsapi/dns_hostingde.sh
acme.sh-2.8.5/dnsapi/dns_infoblox.sh
acme.sh-2.8.5/dnsapi/dns_internetbs.sh
acme.sh-2.8.5/dnsapi/dns_inwx.sh
acme.sh-2.8.5/dnsapi/dns_ispconfig.sh
acme.sh-2.8.5/dnsapi/dns_jd.sh
acme.sh-2.8.5/dnsapi/dns_kinghost.sh
acme.sh-2.8.5/dnsapi/dns_knot.sh
acme.sh-2.8.5/dnsapi/dns_leaseweb.sh
acme.sh-2.8.5/dnsapi/dns_lexicon.sh
acme.sh-2.8.5/dnsapi/dns_linode.sh
acme.sh-2.8.5/dnsapi/dns_linode_v4.sh
acme.sh-2.8.5/dnsapi/dns_loopia.sh
acme.sh-2.8.5/dnsapi/dns_lua.sh
acme.sh-2.8.5/dnsapi/dns_maradns.sh
acme.sh-2.8.5/dnsapi/dns_me.sh
acme.sh-2.8.5/dnsapi/dns_miab.sh
acme.sh-2.8.5/dnsapi/dns_misaka.sh
acme.sh-2.8.5/dnsapi/dns_myapi.sh
acme.sh-2.8.5/dnsapi/dns_mydevil.sh
acme.sh-2.8.5/dnsapi/dns_mydnsjp.sh
acme.sh-2.8.5/dnsapi/dns_namecheap.sh
acme.sh-2.8.5/dnsapi/dns_namecom.sh
acme.sh-2.8.5/dnsapi/dns_namesilo.sh
acme.sh-2.8.5/dnsapi/dns_nederhost.sh
acme.sh-2.8.5/dnsapi/dns_neodigit.sh
acme.sh-2.8.5/dnsapi/dns_netcup.sh
acme.sh-2.8.5/dnsapi/dns_nic.sh
acme.sh-2.8.5/dnsapi/dns_nsd.sh
acme.sh-2.8.5/dnsapi/dns_nsone.sh
acme.sh-2.8.5/dnsapi/dns_nsupdate.sh
acme.sh-2.8.5/dnsapi/dns_nw.sh
acme.sh-2.8.5/dnsapi/dns_one.sh
acme.sh-2.8.5/dnsapi/dns_online.sh
acme.sh-2.8.5/dnsapi/dns_openprovider.sh
acme.sh-2.8.5/dnsapi/dns_ovh.sh
acme.sh-2.8.5/dnsapi/dns_pdns.sh
acme.sh-2.8.5/dnsapi/dns_pleskxml.sh
acme.sh-2.8.5/dnsapi/dns_pointhq.sh
acme.sh-2.8.5/dnsapi/dns_rackspace.sh
acme.sh-2.8.5/dnsapi/dns_rcode0.sh
acme.sh-2.8.5/dnsapi/dns_regru.sh
acme.sh-2.8.5/dnsapi/dns_schlundtech.sh
acme.sh-2.8.5/dnsapi/dns_selectel.sh
acme.sh-2.8.5/dnsapi/dns_servercow.sh
acme.sh-2.8.5/dnsapi/dns_tele3.sh
acme.sh-2.8.5/dnsapi/dns_ultra.sh
acme.sh-2.8.5/dnsapi/dns_unoeuro.sh
acme.sh-2.8.5/dnsapi/dns_variomedia.sh
acme.sh-2.8.5/dnsapi/dns_vscale.sh
acme.sh-2.8.5/dnsapi/dns_vultr.sh
acme.sh-2.8.5/dnsapi/dns_yandex.sh
acme.sh-2.8.5/dnsapi/dns_zilore.sh
acme.sh-2.8.5/dnsapi/dns_zone.sh
acme.sh-2.8.5/dnsapi/dns_zonomi.sh
acme.sh-2.8.5/notify/
acme.sh-2.8.5/notify/dingtalk.sh
acme.sh-2.8.5/notify/ifttt.sh
acme.sh-2.8.5/notify/mail.sh
acme.sh-2.8.5/notify/mailgun.sh
acme.sh-2.8.5/notify/pop.sh
acme.sh-2.8.5/notify/postmark.sh
acme.sh-2.8.5/notify/pushover.sh
acme.sh-2.8.5/notify/sendgrid.sh
acme.sh-2.8.5/notify/slack.sh
acme.sh-2.8.5/notify/smtp.sh
acme.sh-2.8.5/notify/xmpp.sh
begin installing acme.sh tool...
[Sat Apr 11 09:41:50 CST 2020] It is recommended to install socat first.
[Sat Apr 11 09:41:50 CST 2020] We use socat for standalone server if you use standalone mode.
[Sat Apr 11 09:41:51 CST 2020] If you don't use standalone mode, just ignore this warning.
[Sat Apr 11 09:41:51 CST 2020] Installing to /volume1/system/syno-acme/acme.sh
[Sat Apr 11 09:41:51 CST 2020] Installed to /volume1/system/syno-acme/acme.sh/acme.sh
[Sat Apr 11 09:41:51 CST 2020] Installing alias to '/root/.profile'
[Sat Apr 11 09:41:51 CST 2020] OK, Close and reopen your terminal to start using acme.sh
[Sat Apr 11 09:41:51 CST 2020] Good, bash is found, so change the shebang to use bash as preferred.
[Sat Apr 11 09:41:52 CST 2020] OK
done installAcme
begin generateCrt
begin updating default cert by acme.sh tool
[Sat Apr 11 09:41:53 CST 2020] Multi domain='DNS:.leee.fun,DNS:..leee.fun'
[Sat Apr 11 09:41:53 CST 2020] Getting domain auth token for each domain
[Sat Apr 11 09:41:55 CST 2020] Create new order error. Le_OrderFinalize not found. {
"type": "urn:ietf:params:acme:error:rejectedIdentifier",
"detail": "Error creating new order :: Cannot issue for "..leee.fun": Domain name has more than one wildcard",
"status": 400
}
[Sat Apr 11 09:41:55 CST 2020] Please check log file for more details: /volume1/system/syno-acme/acme.sh/acme.sh.log
[Sat Apr 11 09:41:56 CST 2020] Installing cert to:/usr/syno/etc/certificate/_archive/gRYk41/cert.pem
cat: /volume1/system/syno-acme/acme.sh/.leee.fun/*.leee.fun.cer: No such file or directory
[ERR] fail to generateCrt
begin revert
begin revertCrt
/volume1/system/syno-acme/backup/20200411094143/certificate /usr/syno/etc/certificate
/volume1/system/syno-acme/backup/20200411094143/package_cert /usr/local/etc/certificate
begin reloadWebService
reloading new cert...
alias-register stop/waiting
relading Apache 2.2
pkg-apache22 stop/waiting
pkg-apache22 start/running, process 27370
done reloadWebService
done revertCrt
如题,除了 Let's Encrypt 多个选择也挺好,acme.sh v3.0.0开始默认CA也改了
配置文件需要增加ZeroSSL账户的设置
一切顺利的用到了您的功能,感谢您帮我节约了时间!
log中发现warn,code如下。大概是拷贝文件的时候出错。虽然不影响啥,但看起来还是有些紧张,不知是什么原因,issue一下请知晓~~
再次感谢您的script!
begin updateService cp cert path to des /usr/syno/etc/certificate/_archive/VOiN2y/cert.pem /usr/syno/etc/certificate/SynologyFileManager/SynologyFileManager/cert.pem [WRN] copy from /usr/syno/etc/certificate/_archive/VOiN2y/cert.pem to /usr/syno/etc/certificate/SynologyFileManager/SynologyFileManager/cert.pem fail /usr/syno/etc/certificate/_archive/VOiN2y/privkey.pem /usr/syno/etc/certificate/SynologyFileManager/SynologyFileManager/privkey.pem [WRN] copy from /usr/syno/etc/certificate/_archive/VOiN2y/privkey.pem to /usr/syno/etc/certificate/SynologyFileManager/SynologyFileManager/privkey.pem fail /usr/syno/etc/certificate/_archive/VOiN2y/fullchain.pem /usr/syno/etc/certificate/SynologyFileManager/SynologyFileManager/fullchain.pem [WRN] copy from /usr/syno/etc/certificate/_archive/VOiN2y/fullchain.pem to /usr/syno/etc/certificate/SynologyFileManager/SynologyFileManager/fullchain.pem fail /usr/syno/etc/certificate/_archive/VOiN2y/cert.pem /usr/syno/etc/certificate/smbftpd/ftpd/cert.pem /usr/syno/etc/certificate/_archive/VOiN2y/privkey.pem /usr/syno/etc/certificate/smbftpd/ftpd/privkey.pem /usr/syno/etc/certificate/_archive/VOiN2y/fullchain.pem /usr/syno/etc/certificate/smbftpd/ftpd/fullchain.pem /usr/syno/etc/certificate/_archive/VOiN2y/cert.pem /usr/syno/etc/certificate/system/default/cert.pem /usr/syno/etc/certificate/_archive/VOiN2y/privkey.pem /usr/syno/etc/certificate/system/default/privkey.pem /usr/syno/etc/certificate/_archive/VOiN2y/fullchain.pem /usr/syno/etc/certificate/system/default/fullchain.pem /usr/syno/etc/certificate/_archive/VOiN2y/cert.pem /usr/syno/etc/certificate/VPNCenter/OpenVPN/cert.pem [WRN] copy from /usr/syno/etc/certificate/_archive/VOiN2y/cert.pem to /usr/syno/etc/certificate/VPNCenter/OpenVPN/cert.pem fail /usr/syno/etc/certificate/_archive/VOiN2y/privkey.pem /usr/syno/etc/certificate/VPNCenter/OpenVPN/privkey.pem [WRN] copy from /usr/syno/etc/certificate/_archive/VOiN2y/privkey.pem to /usr/syno/etc/certificate/VPNCenter/OpenVPN/privkey.pem fail /usr/syno/etc/certificate/_archive/VOiN2y/fullchain.pem /usr/syno/etc/certificate/VPNCenter/OpenVPN/fullchain.pem [WRN] copy from /usr/syno/etc/certificate/_archive/VOiN2y/fullchain.pem to /usr/syno/etc/certificate/VPNCenter/OpenVPN/fullchain.pem fail /usr/syno/etc/certificate/_archive/VOiN2y/cert.pem /usr/syno/etc/certificate/LogCenter/pkg-LogCenter/cert.pem [WRN] copy from /usr/syno/etc/certificate/_archive/VOiN2y/cert.pem to /usr/syno/etc/certificate/LogCenter/pkg-LogCenter/cert.pem fail /usr/syno/etc/certificate/_archive/VOiN2y/privkey.pem /usr/syno/etc/certificate/LogCenter/pkg-LogCenter/privkey.pem [WRN] copy from /usr/syno/etc/certificate/_archive/VOiN2y/privkey.pem to /usr/syno/etc/certificate/LogCenter/pkg-LogCenter/privkey.pem fail /usr/syno/etc/certificate/_archive/VOiN2y/fullchain.pem /usr/syno/etc/certificate/LogCenter/pkg-LogCenter/fullchain.pem [WRN] copy from /usr/syno/etc/certificate/_archive/VOiN2y/fullchain.pem to /usr/syno/etc/certificate/LogCenter/pkg-LogCenter/fullchain.pem fail /usr/syno/etc/certificate/_archive/VOiN2y/cert.pem /usr/syno/etc/certificate/SynologyDrive/SynologyDrive/cert.pem [WRN] copy from /usr/syno/etc/certificate/_archive/VOiN2y/cert.pem to /usr/syno/etc/certificate/SynologyDrive/SynologyDrive/cert.pem fail /usr/syno/etc/certificate/_archive/VOiN2y/privkey.pem /usr/syno/etc/certificate/SynologyDrive/SynologyDrive/privkey.pem [WRN] copy from /usr/syno/etc/certificate/_archive/VOiN2y/privkey.pem to /usr/syno/etc/certificate/SynologyDrive/SynologyDrive/privkey.pem fail /usr/syno/etc/certificate/_archive/VOiN2y/fullchain.pem /usr/syno/etc/certificate/SynologyDrive/SynologyDrive/fullchain.pem [WRN] copy from /usr/syno/etc/certificate/_archive/VOiN2y/fullchain.pem to /usr/syno/etc/certificate/SynologyDrive/SynologyDrive/fullchain.pem fail done updateService
比如私钥位数,ECC证书还是RSA证书
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.