Updated Synology RT1900ac install guide (markdown)
parent
df7660b476
commit
ae75975cc0
|
@ -1,22 +1,31 @@
|
||||||
I got tired of manually maintaining Let's Encrypt on my laptop to update my Router.
|
I got tired of manually maintaining Let's Encrypt on my laptop to update my Router.
|
||||||
so I now pushed that to the router itself.
|
so I now pushed that to the router itself.
|
||||||
|
|
||||||
|
|
||||||
here's the HowTo (xpost https://forum.synology.com/enu/viewtopic.php?f=265&t=123003 ).
|
here's the HowTo (xpost https://forum.synology.com/enu/viewtopic.php?f=265&t=123003 ).
|
||||||
I've used https://github.com/Neilpang/acme.sh , a 3rd party client for Let's Encrypt, based on Perl. no extra dependencies.
|
|
||||||
|
|
||||||
|
I've used https://github.com/Neilpang/acme.sh , a 3rd party client for Let's Encrypt, based on shell scripting. no extra dependencies.
|
||||||
|
|
||||||
|
|
||||||
I've also used it with DNS01 protocol, which means, I don't have any ports open on the router to do the validation, instead it use Cloudflare API, where I host my domain.
|
I've also used it with DNS01 protocol, which means, I don't have any ports open on the router to do the validation, instead it use Cloudflare API, where I host my domain.
|
||||||
|
|
||||||
Since the Router shell is very limited, there are several constraints. the most important of all, there is no crontab.
|
Since the Router shell is very limited, there are several constraints. the most important of all, there is no crontab.
|
||||||
|
|
||||||
trying the default install
|
trying the default install
|
||||||
|
```
|
||||||
$ wget -O - https://get.acme.sh | sh
|
$ wget -O - https://get.acme.sh | sh
|
||||||
|
```
|
||||||
, will fail because of crontab.
|
, will fail because of crontab.
|
||||||
|
|
||||||
so we have to do it manually
|
so we have to do it manually
|
||||||
|
```
|
||||||
$ wget https://github.com/Neilpang/acme.sh/archive/master.tar.gz
|
$ wget https://github.com/Neilpang/acme.sh/archive/master.tar.gz
|
||||||
$ tar xvf master.tar.gz
|
$ tar xvf master.tar.gz
|
||||||
$ cd acme.sh-master/
|
$ cd acme.sh-master/
|
||||||
$ ./acme.sh --install --nocron --home /volume1/@appstore/acme.sh
|
$ ./acme.sh --install --nocron --home /volume1/@appstore/acme.sh
|
||||||
log out and login to ssh again
|
log out and login to ssh again
|
||||||
|
```
|
||||||
|
|
||||||
so install is done :)
|
so install is done :)
|
||||||
|
|
||||||
|
@ -28,14 +37,18 @@ export CF_Key="sdfsdfsdfljlbjkljlkjsdfoiwje"
|
||||||
export CF_Email="xxxx@sss.com"
|
export CF_Email="xxxx@sss.com"
|
||||||
|
|
||||||
now to create your cert
|
now to create your cert
|
||||||
|
```
|
||||||
$ ./acme.sh --issue --post-hook "/usr/syno/sbin/synoservicecfg --restart httpd-sys" --dns dns_cf --certpath /usr/syno/etc/ssl/ssl.crt/server.crt --keypath /usr/syno/etc/ssl/ssl.key/server.key --fullchainpath /usr/syno/etc/ssl/ssl.intercrt/server-ca.crt --config-home /volume1/@appstore/acme.sh/ --dnssleep 15 -d YOURDOMAIN.TLD
|
$ ./acme.sh --issue --post-hook "/usr/syno/sbin/synoservicecfg --restart httpd-sys" --dns dns_cf --certpath /usr/syno/etc/ssl/ssl.crt/server.crt --keypath /usr/syno/etc/ssl/ssl.key/server.key --fullchainpath /usr/syno/etc/ssl/ssl.intercrt/server-ca.crt --config-home /volume1/@appstore/acme.sh/ --dnssleep 15 -d YOURDOMAIN.TLD
|
||||||
|
```
|
||||||
|
|
||||||
simple right?
|
simple right?
|
||||||
|
|
||||||
since there is no crontab, we need to manually add it to cron.
|
since there is no crontab, we need to manually add it to cron.
|
||||||
|
```
|
||||||
$ vi /etc/crontab
|
$ vi /etc/crontab
|
||||||
and add something like
|
and add something like
|
||||||
3 2 * * 2 root /root/.acme.sh/acme.sh --cron
|
3 2 * * 2 root /root/.acme.sh/acme.sh --cron
|
||||||
:wq
|
:wq
|
||||||
|
```
|
||||||
|
|
||||||
HTH
|
HTH
|
Loading…
Reference in New Issue