From 02cec655eaa546c1edb563774881143caf57d528 Mon Sep 17 00:00:00 2001 From: Fernando Miguel Date: Mon, 10 Oct 2016 11:34:20 +0100 Subject: [PATCH] Updated Synology RT1900ac install guide (markdown) --- Synology-RT1900ac-install-guide.md | 42 ++++++++++++++---------------- 1 file changed, 19 insertions(+), 23 deletions(-) diff --git a/Synology-RT1900ac-install-guide.md b/Synology-RT1900ac-install-guide.md index 00433f5..e5012d7 100644 --- a/Synology-RT1900ac-install-guide.md +++ b/Synology-RT1900ac-install-guide.md @@ -5,41 +5,37 @@ here's the HowTo (xpost https://forum.synology.com/enu/viewtopic.php?f=265&t=123 I've used https://github.com/Neilpang/acme.sh , a 3rd party client for Let's Encrypt, based on Perl. no extra dependencies. I've also used it with DNS01 protocol, which means, I don't have any ports open on the router to do the validation, instead it use Cloudflare API, where I host my domain. -Since the Router shell is very limited, there are several constraints. the most important of all, there is no cron/crontab. +Since the Router shell is very limited, there are several constraints. the most important of all, there is no crontab. trying the default install -`$ wget -O - https://get.acme.sh | sh` -, will fail cause of cron. +$ wget -O - https://get.acme.sh | sh +, will fail because of crontab. so we have to do it manually -`$ wget https://github.com/Neilpang/acme.sh/archive/master.tar.gz` - -`$ tar xvf master.tar.gz` - -`$ cd acme.sh-master/` - -`$ ./acme.sh --install --nocron` +$ wget https://github.com/Neilpang/acme.sh/archive/master.tar.gz +$ tar xvf master.tar.gz +$ cd acme.sh-master/ +$ ./acme.sh --install --nocron so install is done :) next, config -`$ cd ~/.acme.sh/` -`$ vi acme.sh account.conf ` +$ cd ~/.acme.sh/ +$ vi account.conf set your email, cloudflare account and API (https://www.cloudflare.com/a/account/my-account) ctrl+c :wq (and you are out of VI(M) -now to create your cert: +now to create your cert +$ ./acme.sh --issue --post-hook kill -USR1 `cat /run/httpd/httpd-sys.pid` -d YOURDOMAIN.TLD --dns dns_cf --certpath /usr/syno/etc/ssl/ssl.crt/server.crt --keypath /usr/syno/etc/ssl/ssl.key/server.key --fullchainpath / +usr/syno/etc/ssl/ssl.intercrt/server-ca.crt - $ ./acme.sh --issue -d YOURDOMAIN.TLD --dns dns_cf --certpath /usr/syno/etc/ssl/ssl.crt/server.crt --keypath /usr/syno/etc/ssl/ssl.key/server.key --fullchainpath /usr/syno/etc/ssl/ssl.intercrt/server-ca.crt +simple right? -..and restart your webserver: +since there is no crontab, we need to manually add it to cron. +$ vi /etc/crontab +and add something like +3 2 * * 2 root /root/.acme.sh/acme.sh --cron +:wq - kill -USR1 `cat /run/httpd/httpd-sys.pid` - -Add the following line in `/etc/crontab` (use vi) - - 0 2 * * 0,3 root /root/.acme.sh/acme.sh --cron && kill -USR1 `cat /run/httpd/httpd-sys.pid` - -And run `killall -1 crond` to restart the cron daemon. -The certificate will be checked twice per week for renewal at 2am \ No newline at end of file +HTH \ No newline at end of file