Jump to content
XPEnology Community

Search the Community

Showing results for tags 'wildcard cert'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Information
    • Readers News & Rumours
    • Information and Feedback
    • The Noob Lounge
  • XPEnology Project
    • F.A.Q - START HERE
    • Loader Releases & Extras
    • DSM Updates Reporting
    • Developer Discussion Room
    • Tutorials and Guides
    • DSM Installation
    • DSM Post-Installation
    • Packages & DSM Features
    • General Questions
    • Hardware Modding
    • Software Modding
    • Miscellaneous
  • International
    • РУССКИЙ
    • FRANÇAIS
    • GERMAN
    • SPANISH
    • ITALIAN
    • KOREAN

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


About Me

Found 2 results

  1. Привет всем! Сделал хук на проверку домена (DNS API) для ACME-клиента acme.sh Если у Вас есть желание потестировать - вэлкам. Процедуру описал на англоязычном форуме. Жду комментариев.
  2. As you know standard certificate issuing wizard supports wildcards only for Synology DDNS. If you want to issue wildcard certificate for your own domain you can use 3rd-party ACME Client. At first I've tried to use Certbot in Docker with no success. Then I found acme.sh that is working fine on Synology DSM (mine is 6.2 on DS918+). Below you can find a short list for issuing, updating and deploying wildcard cert for you own domain on Synology DSM with Synology DNS Server. 1. Installing acme.sh Open SSH client's terminal, go to any folder with write access permissions (e.g. /tmp or ~ folder), download and install acme.sh: git clone https://github.com/acmesh-official/acme.sh.git cd ./acme.sh ./acme.sh --install \ --home /usr/local/acme.sh \ --cert-home /usr/local/acme.sh/certs \ --config-home /usr/local/acme.sh/data \ --accountemail "email@example.com" \ --force # use it with elevation (sudo) for all commands After successful installation remove the downloaded folder and restart the terminal in order to apply changes to the ACME-client settings (environment variables): cd .. rmdir acme.sh 2. Issuing cert acme.sh supports several ways of domain approving (you can find all in acme.sh documentation). Since I'm using my own DNS Server on Synology DSM I've created my own DNS API hook for acme.sh and I would like to ask you for help in testing the hook. For now the hook (dns_synology_dsm) is in development state and you can find it here only: https://github.com/arabezar/acme.sh/blob/dev/dnsapi/dns_synology_dsm.sh It's a good idea first trying to issue cert using test server (with debug log): /usr/local/acme.sh/acme.sh --staging --debug 2 --issue --dns dns_synology_dsm -d example.com -d *.example.com --log After successful issuing cert on staging server you can issue the real one: /usr/local/acme.sh/acme.sh --issue --dns dns_synology_dsm -d example.com -d *.example.com --log *) use --force when using elevation (sudo) 3. Updating cert Updating can be realized using daily task. Go to Control Panel -> Task Scheduler and add the new task with the name 'Lets Encrypt Update Cert' (run as root): export LE_WORKING_DIR="/usr/local/acme.sh" export LE_CONFIG_HOME="/usr/local/acme.sh/data" /usr/local/acme.sh/acme.sh --config-home /usr/local/acme.sh/data --renew-all 4. Deploying cert And at last the cert should be deployed to all modules. This can be done by adding another periodical task (e.g. monthly). Go to Control Panel -> Task Scheduler and add the new task with the name 'Lets Encrypt Deploy Cert' (run as root): export LE_WORKING_DIR="/usr/local/acme.sh" export LE_CONFIG_HOME="/usr/local/acme.sh/data" export SYNO_Create=1 # Create cert if not exists yet export SYNO_Certificate="example.com" # Description text in Control Panel -> Security -> Certificates /usr/local/acme.sh/acme.sh --config-home /usr/local/acme.sh/data --deploy -d example.com --deploy-hook synology_dsm Also you have to export some personal data such as admin (root) pass and device id once you start the deployment. Please read the appropriate instructions here. These values would be stored in config file for later usage. In some time I would like to rewrite the deployment hook (actually it's not mine) using synowebapi in order to get rid of password saving. Keep following the latest news So that's all folks! Please feel free to ask any questions. And of course I will appreciate any help in testing the DNS API hook.
×
×
  • Create New...