github
/
acme.sh
mirror of https://github.com/acmesh-official/acme.sh
1
0
Fork 0
Code Issues Releases Wiki Activity

pre-modify

master
Scruel Tao 2024-02-28 15:34:03 +08:00
parent 8b9464b6f3
commit 73163fe584
1 changed files with 19 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
Synology-NAS-Guide.md

@ -63,24 +63,29 @@ We will use the [Synology DSM deployhook](https://github.com/acmesh-official/acm
If you installed `acme.sh` in DSM, we recommend you to try automatic temp user auth method to deploy (DSM should already have required built-in tools, we will let you know if not):
```sh
export SYNO_UseTempAdmin=1
export SYNO_USE_TEMP_ADMIN=1
./acme.sh --deploy --home . -d "$CERT_DOMAIN" --deploy-hook synology_dsm
```
Notice: the temp admin user should be automatically deleted after execution, if the script unexpectedly stopped while running (e.g., abort by pressing "Ctrl+C"), it may remain if it has already been created, in this case, you can safely delete it via Control panel.
The value of `SYNO_HOSTNAME` must be either `localhost` or `127.0.0.1`, because it designed to only support locally deployment, however, if your custom `SYNO_HOSTNAME` is indeed targeting to the current local machine, execute `export SYNO_LOCAL_HOSTNAME=1` then rerun.
After deployed done in this way, the temp admin user should be automatically deleted after execution, if the script unexpectedly stopped while running (e.g., aborted by pressing "Ctrl+C"), it may remain if it has already been created, in this case, you can safely delete it via Control panel.
If you want to back to deploy with existing admin user, you need to execute `export CLEAR_SYNO_USE_TEMP_ADMIN=1`.
#### Deploy with existing admin user
If you prefer to deploy with existing admin user or if the above way is not available (e.g., installed in docker), you need to provide your own credentials:
If you prefer to deploy with existing admin user or if the above way is not available (e.g., installed in docker, want to deploy remotely, etc.), you need to provide your own credentials:
```sh
# Single quotes prevents some escaping issues if your password or username contains certain special characters
export SYNO_Username='Admin_Username'
export SYNO_Password='Admin_Password!123'
export SYNO_USERNAME='Admin_Username'
export SYNO_PASSWORD='Admin_Password!123'
./acme.sh --deploy --home . -d "$CERT_DOMAIN" --deploy-hook synology_dsm
```
Note that if the user entered for `SYNO_Username` has enabled two-factor authentication (2FA), the script will require you to manually input the TOTP code just like you were logging in on the Web UI (if you didn't provide the code via `export SYNO_OTPCode=XXXXXX`), it will also require you to input the device name for verification (also can be provided via like `export SYNO_DeviceName=CertRenewal`), then obtain to store necessary info which can be used to omit the TOTP, so you won't need to do manually input again in the future.
> BTW, as you may know if you used to use this script to deploy, the necessary info here now is so-called parameter "Device ID", if you are a pro user and want to obtain it manually, you still can, method in short: log into your DSM via its website, making sure you've ticked `Remember this device` when asked for your OTP, get the `did` cookie's value and set the environment variable `SYNO_Device_ID`:
Note that if the user specified by `SYNO_Username` has enabled two-factor authentication (2FA), the script will require you to manually input the TOTP code just like you were logging in on the Web UI (if you didn't provide the code via `export SYNO_OTP_CODE=XXXXXX`), it will also require you to input the device name for verification (also can be provided via like `export SYNO_DEVICE_NAME=CertRenewal`), then obtain to store necessary info which can be used to omit the TOTP, so you won't need to do manually input again in the future.
> BTW, as you may know if you used to use this script to deploy, the necessary info here now is so-called parameter "Device ID", if you are a pro user and want to obtain it manually, you still can, method in short: log into your DSM via its website, making sure you've ticked `Remember this device` when asked for your OTP, get the `did` cookie's value and set the environment variable `SYNO_DEVICE_ID`:
```sh
export SYNO_Device_ID='YOUR VALUE'
export SYNO_DEVICE_ID='YOUR VALUE'
./acme.sh --deploy --home . -d "$CERT_DOMAIN" --deploy-hook synology_dsm
```
@ -88,19 +93,20 @@ export SYNO_Device_ID='YOUR VALUE'
When we want to use HTTPS to deploy the new certificate and connect to "localhost", we need to add the --insecure option to the deploy command to prevent curl errors. Refer to [https://github.com/acmesh-official/acme.sh/wiki/Options-and-Params]. If you enabled HTTP/2 you still receive a curl 16 error probably due to missing http2 dependencies on the NAS but the script succeeds.
```sh
# export SYNO_Hostname="localhost" # Specify if not using on localhost
export SYNO_Scheme="https"
export SYNO_Port="5001"
# export SYNO_HOSTNAME="localhost" # Specify if not using on localhost
export SYNO_SCHEME="https"
export SYNO_PORT="5001"
$ ./acme.sh --deploy --insecure --home . -d "$CERT_DOMAIN" --deploy-hook synology_dsm
```
### Deploying additional certificates
By specifying a different `SYNO_Certificate` (and set `SYNO_Create=1` for creating), we can deploy multiple certificates to the DSM.
By specifying a different `SYNO_CERTIFICATE` (and set `SYNO_CREATE=1` for creating), we can deploy multiple certificates to the DSM.
```sh
# SYNO_Certificate is the description shown under Security -> Certificates in the DSM Control Panel
export SYNO_Certificate="A different certificate description"
export SYNO_CERTIFICATE="A different certificate description"
export SYNO_CREATE=1 # Says to create the certificate if it doesn't exist
./acme.sh --deploy --home . -d "subdomain.$CERT_DOMAIN" --deploy-hook synology_dsm
```