From 68e94ef7e95473ad954442145173875e2698c481 Mon Sep 17 00:00:00 2001 From: Andreas Hahn <31884396+skyslasher@users.noreply.github.com> Date: Fri, 22 Sep 2017 12:39:32 +0200 Subject: [PATCH] Certificates are spread all over the /usr/syno/etc/certificate directory structure, depending on the services used. Let the system do the hard work finding out. --- Synology-NAS-Guide.md | 34 +++++++++++++++++++++------------- 1 file changed, 21 insertions(+), 13 deletions(-) diff --git a/Synology-NAS-Guide.md b/Synology-NAS-Guide.md index 833f544..984b164 100644 --- a/Synology-NAS-Guide.md +++ b/Synology-NAS-Guide.md @@ -77,19 +77,27 @@ In DSM control panel, open the 'Task Scheduler' and create a new scheduled task ``` # Note: The $CERT_FOLDER must be hardcoded here since the running environment is unknown. Don't blindly copy&paste -# system default -rsync -avzh "$CERT_FOLDER" "/usr/syno/etc/certificate/system/default/" -# smbftp -rsync -avzh "$CERT_FOLDER" "/usr/syno/etc/certificate/smbftpd/ftpd" -# app portal -while read -r dir ; do - rsync -avzh "$CERT_FOLDER" "$dir" -done < <(find /usr/syno/etc/certificate/ReverseProxy -maxdepth 1 -mindepth 1 -type d) -# reverse proxy -while read -r dir ; do - rsync -avzh "$CERT_FOLDER" "$dir" -done < <(find /usr/syno/etc/certificate/AppPortal -maxdepth 1 -mindepth 1 -type d) -# reload certificate +# change this sample directory name "AsDFgH" to the name of your Let's Encrypt cert directory + +CERTDIR="AsDFgH" + +# do not change anything beyond this line! + +CERTROOTDIR="/usr/syno/etc/certificate" +FULLCERTDIR="$CERTROOTDIR/_archive/$CERTDIR" + +# find all subdirectories containing cert.pem files +PEMFILES=$(find $CERTROOTDIR -name cert.pem) +if [ ! -z "$PEMFILES" ]; then + for DIR in $PEMFILES; do + # replace all certificates, but not the ones in the _archive folder + if [[ $DIR != *"/_archive/"* ]]; then + rsync -avh "$FULLCERTDIR/" "$(dirname $DIR)/" + fi + done +fi + +# reload /usr/syno/sbin/synoservicectl --reload nginx ``` Now you should be all good.