From b75f3e2bf187a5b9fe43fd79f71fc453fdfb6fb2 Mon Sep 17 00:00:00 2001 From: Michael Mercurio Date: Wed, 22 Nov 2023 16:39:48 -0500 Subject: [PATCH] Created DSM deploy hook: error code 5517 after upgrade to DSM 7.2.1-69057 Update 1 (markdown) --- ...ter-upgrade-to-DSM-7.2.1‐69057-Update-1.md | 149 ++++++++++++++++++ 1 file changed, 149 insertions(+) create mode 100644 DSM-deploy-hook:-error-code-5517-after-upgrade-to-DSM-7.2.1‐69057-Update-1.md diff --git a/DSM-deploy-hook:-error-code-5517-after-upgrade-to-DSM-7.2.1‐69057-Update-1.md b/DSM-deploy-hook:-error-code-5517-after-upgrade-to-DSM-7.2.1‐69057-Update-1.md new file mode 100644 index 0000000..d4363bd --- /dev/null +++ b/DSM-deploy-hook:-error-code-5517-after-upgrade-to-DSM-7.2.1‐69057-Update-1.md @@ -0,0 +1,149 @@ +Hi there! + +I've been a super happy acme.sh user for the past few years and have been using it successfully with my Synology NAS (among other uses) through multiple DSM upgrades. + +Recently, after an upgrade to DSM 7.2.1-69057 Update 1 (from earlier DSM 7.2.x), I started receiving the following error when attempting to +deploy new certs: + +``` +Unable to update certificate, error code {"error":{"code":5517},"success":false} +``` + +In the debug output below, I've made the following changes for privacy: + +- replaced the DSM hostname with `DSMHOST` and domain with `EXAMPLE.COM` +- replaced the DSM username and password with `DSMUSER` and `DSMPASS` +- replaced the DSM Device ID cookie value with `DSMDID` +- replaced the DSM SynoToken with `DSMSYNOTOKEN` +- redacted public and private certs and session ID + +### acme.sh version `v3.0.7`: +``` +./acme.sh --version +https://github.com/acmesh-official/acme.sh +v3.0.7 + + ./acme.sh --upgrade +[Wed 22 Nov 2023 04:01:05 PM EST] Already uptodate! +[Wed 22 Nov 2023 04:01:05 PM EST] Upgrade success! +``` + +### Steps to reproduce +``` +./acme.sh --deploy -d DSMHOST.EXAMPLE.COM --deploy-hook synology_dsm --debug 2 + +[Wed 22 Nov 2023 04:07:12 PM EST] Lets find script dir. +[Wed 22 Nov 2023 04:07:12 PM EST] _SCRIPT_='./acme.sh' +[Wed 22 Nov 2023 04:07:12 PM EST] _script='/home/michael/.acme.sh/acme.sh' +[Wed 22 Nov 2023 04:07:12 PM EST] _script_home='/home/michael/.acme.sh' +[Wed 22 Nov 2023 04:07:12 PM EST] Using config home:/home/michael/.acme.sh +[Wed 22 Nov 2023 04:07:12 PM EST] LE_WORKING_DIR='/home/michael/.acme.sh' +https://github.com/acmesh-official/acme.sh +v3.0.7 +[Wed 22 Nov 2023 04:07:12 PM EST] Running cmd: deploy +[Wed 22 Nov 2023 04:07:12 PM EST] Using config home:/home/michael/.acme.sh +[Wed 22 Nov 2023 04:07:12 PM EST] default_acme_server +[Wed 22 Nov 2023 04:07:12 PM EST] ACME_DIRECTORY='https://acme.zerossl.com/v2/DV90' +[Wed 22 Nov 2023 04:07:12 PM EST] _ACME_SERVER_HOST='acme.zerossl.com' +[Wed 22 Nov 2023 04:07:12 PM EST] _ACME_SERVER_PATH='v2/DV90' +[Wed 22 Nov 2023 04:07:12 PM EST] DOMAIN_PATH='/home/michael/.acme.sh/DSMHOST.EXAMPLE.COM' +[Wed 22 Nov 2023 04:07:12 PM EST] DOMAIN_CONF='/home/michael/.acme.sh/DSMHOST.EXAMPLE.COM/DSMHOST.EXAMPLE.COM.conf' +[Wed 22 Nov 2023 04:07:13 PM EST] _deployApi='/home/michael/.acme.sh/deploy/synology_dsm.sh' +[Wed 22 Nov 2023 04:07:13 PM EST] _cdomain='DSMHOST.EXAMPLE.COM' +[Wed 22 Nov 2023 04:07:13 PM EST] SYNO_Username='DSMUSER' +[Wed 22 Nov 2023 04:07:13 PM EST] SYNO_Password='[hidden](please add '--output-insecure' to see this value)' +[Wed 22 Nov 2023 04:07:13 PM EST] SYNO_Create +[Wed 22 Nov 2023 04:07:13 PM EST] SYNO_Device_Name='CertRenewal' +[Wed 22 Nov 2023 04:07:13 PM EST] SYNO_Device_ID='[hidden](please add '--output-insecure' to see this value)' +[Wed 22 Nov 2023 04:07:13 PM EST] SYNO_Scheme='https' +[Wed 22 Nov 2023 04:07:13 PM EST] SYNO_Hostname='DSMHOST.EXAMPLE.COM' +[Wed 22 Nov 2023 04:07:13 PM EST] SYNO_Port='443' +[Wed 22 Nov 2023 04:07:13 PM EST] SYNO_Certificate='DSMHOST.EXAMPLE.COM' +[Wed 22 Nov 2023 04:07:13 PM EST] _base_url='https://DSMHOST.EXAMPLE.COM:443' +[Wed 22 Nov 2023 04:07:13 PM EST] Getting API version +[Wed 22 Nov 2023 04:07:13 PM EST] GET +[Wed 22 Nov 2023 04:07:14 PM EST] url='https://DSMHOST.EXAMPLE.COM:443/webapi/query.cgi?api=SYNO.API.Info&version=1&method=query&query=SYNO.API.Auth' +[Wed 22 Nov 2023 04:07:14 PM EST] timeout= +[Wed 22 Nov 2023 04:07:14 PM EST] _CURL='curl --silent --dump-header /home/michael/.acme.sh/http.header -L --trace-ascii /tmp/tmp.mxJcr5s9g7 -g ' +[Wed 22 Nov 2023 04:07:14 PM EST] ret='0' +[Wed 22 Nov 2023 04:07:14 PM EST] Logging into DSMHOST.EXAMPLE.COM:443 +[Wed 22 Nov 2023 04:07:14 PM EST] GET +[Wed 22 Nov 2023 04:07:14 PM EST] url='https://DSMHOST.EXAMPLE.COM:443/webapi/entry.cgi?api=SYNO.API.Auth&version=7&method=login&format=sid&account=DSMUSER&passwd=DSMPASS&enable_syno_token=yes&device_name=CertRenewal&device_id=DSMDID' +[Wed 22 Nov 2023 04:07:14 PM EST] timeout= +[Wed 22 Nov 2023 04:07:14 PM EST] _CURL='curl --silent --dump-header /home/michael/.acme.sh/http.header -L --trace-ascii /tmp/tmp.YsvPzhMed8 -g ' +[Wed 22 Nov 2023 04:07:15 PM EST] ret='0' +[Wed 22 Nov 2023 04:07:15 PM EST] Session ID='REDACTED' +[Wed 22 Nov 2023 04:07:15 PM EST] SynoToken='DSMSYNOTOKEN.' +[Wed 22 Nov 2023 04:07:15 PM EST] H1='X-SYNO-TOKEN: DSMSYNOTOKEN.' +[Wed 22 Nov 2023 04:07:16 PM EST] Getting certificates in Synology DSM +[Wed 22 Nov 2023 04:07:16 PM EST] POST +[Wed 22 Nov 2023 04:07:16 PM EST] _post_url='https://DSMHOST.EXAMPLE.COM:443/webapi/entry.cgi' +[Wed 22 Nov 2023 04:07:16 PM EST] body='api=SYNO.Core.Certificate.CRT&method=list&version=1&_sid=REDACTED' +[Wed 22 Nov 2023 04:07:16 PM EST] _postContentType +[Wed 22 Nov 2023 04:07:16 PM EST] _CURL='curl --silent --dump-header /home/michael/.acme.sh/http.header -L --trace-ascii /tmp/tmp.J3S0xBWaRK -g ' +[Wed 22 Nov 2023 04:07:16 PM EST] _ret='0' +[Wed 22 Nov 2023 04:07:16 PM EST] escaped_certificate='DSMHOST\.EXAMPLE\.COM' +[Wed 22 Nov 2023 04:07:16 PM EST] id='LyKWY2' +[Wed 22 Nov 2023 04:07:16 PM EST] Generate form POST request +[Wed 22 Nov 2023 04:07:16 PM EST] default='This is the default certificate' +[Wed 22 Nov 2023 04:07:16 PM EST] Upload certificate to the Synology DSM +[Wed 22 Nov 2023 04:07:16 PM EST] POST +[Wed 22 Nov 2023 04:07:16 PM EST] _post_url='https://DSMHOST.EXAMPLE.COM:443/webapi/entry.cgi?api=SYNO.Core.Certificate&method=import&version=1&SynoToken=DSMSYNOTOKEN.&_sid=REDACTED' +[Wed 22 Nov 2023 04:07:16 PM EST] body='----------------------------20231122210716 +Content-Disposition: form-data; name="key"; filename="DSMHOST.EXAMPLE.COM.key" +Content-Type: application/octet-stream + +-----BEGIN EC PRIVATE KEY----- +[REDACTED] +-----END EC PRIVATE KEY----- + +----------------------------20231122210716 +Content-Disposition: form-data; name="cert"; filename="DSMHOST.EXAMPLE.COM.cer" +Content-Type: application/octet-stream + +-----BEGIN CERTIFICATE----- +[REDACTED] +----END CERTIFICATE----- + +----------------------------20231122210716 +Content-Disposition: form-data; name="inter_cert"; filename="ca.cer" +Content-Type: application/octet-stream + +-----BEGIN CERTIFICATE----- +[REDACTED] +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +[REDACTED] +-----END CERTIFICATE----- + +----------------------------20231122210716 +Content-Disposition: form-data; name="id" + +LyKWY2 +----------------------------20231122210716 +Content-Disposition: form-data; name="desc" + +DSMHOST.EXAMPLE.COM +----------------------------20231122210716 +Content-Disposition: form-data; name="as_default" + +true +----------------------------20231122210716-- +' +[Wed 22 Nov 2023 04:07:16 PM EST] _postContentType='multipart/form-data; boundary=--------------------------20231122210716' +[Wed 22 Nov 2023 04:07:17 PM EST] _CURL='curl --silent --dump-header /home/michael/.acme.sh/http.header -L --trace-ascii /tmp/tmp.pO2ZDzDn81 -g ' +[Wed 22 Nov 2023 04:07:17 PM EST] _ret='0' +[Wed 22 Nov 2023 04:07:17 PM EST] Unable to update certificate, error code {"error":{"code":5517},"success":false} +[Wed 22 Nov 2023 04:07:17 PM EST] GET +[Wed 22 Nov 2023 04:07:17 PM EST] url='https://DSMHOST.EXAMPLE.COM:443/webapi/entry.cgi?api=SYNO.API.Auth&version=7&method=logout' +[Wed 22 Nov 2023 04:07:17 PM EST] timeout= +[Wed 22 Nov 2023 04:07:17 PM EST] _CURL='curl --silent --dump-header /home/michael/.acme.sh/http.header -L --trace-ascii /tmp/tmp.xVrs5Lb6Wa -g ' +[Wed 22 Nov 2023 04:07:18 PM EST] ret='0' +[Wed 22 Nov 2023 04:07:18 PM EST] Error deploy for domain:DSMHOST.EXAMPLE.COM +[Wed 22 Nov 2023 04:07:18 PM EST] Deploy error. + +``` + +I have not seen this error before upgrading to DSM 7.2.1-69057 Update 1. Prior to the upgrade all DSM deploys using the same command and configuration were successful. I've also successfully deployed certs using the DSM deploy hook and acme.sh version 3.0.7 before. + +Please let me know what other information would be helpful.