DSM 7.2-64561 无法安装证书
yduke opened this issue · comments
最新的 DSM 7.2-64561 似乎对系统目录做了许多调整,导致安装证书不成功。
以下是日志,之前申请,下载都很成功,到cp这步开始找不到文件夹,
然后reload证书的时候也出错,
也没办法重启web
`done generateCrt
begin updateService
cp cert path to des
/volume1/docker/acme/cert-up.sh: line 71: /bin/python2: No such file or directory
done updateService
begin reloadWebService
reloading new cert...
/volume1/docker/acme/cert-up.sh: line 78: /usr/syno/etc/rc.sysv/nginx.sh: No such file or directory
relading Apache 2.2
/volume1/docker/acme/cert-up.sh: line 80: stop: command not found
/volume1/docker/acme/cert-up.sh: line 81: start: command not found
/volume1/docker/acme/cert-up.sh: line 82: reload: command not found
done reloadWebService
------ end updateCrt ------`
群晖的界面上,是可以看到新申请的证书的,但是死活没办法使用,即便重启NAS都没用。
我找到个笨办法是把证书导出,再在群晖导入,能成功,但每三个月这么来一次 也有点麻烦。
不知道有没有大神有解决方法?
@yduke Hello,
It is kindly suggested.
You can follow the WIKI to deploy certification easily. I also recommend that you choose a non-default certificate provider.
REF: https://github.com/acmesh-official/acme.sh/wiki/Synology-NAS-Guide
@yduke Hello, It is kindly suggested. You can follow the WIKI to deploy certification easily. I also recommend that you choose a non-default certificate provider. REF: https://github.com/acmesh-official/acme.sh/wiki/Synology-NAS-Guide
@RickGanKL First of all, the document you quoted is seriously out of date. Let's Encrypt already supports IPV6 AAAA records, and my port 80 443 can also be accessed normally. This issue has nothing to do with which certificate provider to use. I don't know why I have to use other certificates to get acme work.
With wrong path-addressing bug, any certificates are useless, right?
@yduke
This repository should be archived.
I'm quite sure that the quoted document is valid.
Please check: https://github.com/acmesh-official/acme.sh/blob/master/deploy/synology_dsm.sh.
Let's Encrypt doesn't stable in somewhere as well-known as.
I enjoy your blog. I have learned something from you. I would great to share with you about synology.
解决办法来了 将cert-up.sh文件中的updateService下的python2改为python。 #97
我是成功把证书复制到默认证书目录了,但是,还是没效果,清了缓存一样,还是老证书,只能导入,不能通过替换文件更新证书
作为一个linux和python的小白,研究了半天log输出,目前实验出能在dsm7.2.1上跑通的方案。
- 将cert-up.sh文件中的71行的python2改为python。
- 将cert-up.sh文件中的81,82,83行的命令前面加上 synopkg 。例如81行从原来的stop pkg-apache22改成synopkg stop pkg-apache22)
- 将cert-up.sh文件中的78行的改成 /usr/syno/bin/synosystemctl reload nginx
- crt_cp.py的29行,print 后面加上括号print ('[ERR] load INFO file- %s')
- crt_cp.py的34行,像上面一样加上括号
- crt_cp.py的45行,加上括号
作为一个linux和python的小白,研究了半天log输出,目前实验出能在dsm7.2.1上跑通的方案。
- 将 cert-up.sh 文件中的71行的python2改为python。
- 将 cert-up.sh 文件中的81,82,83行的命令前面加上 synopkg 。例如,81行从原来的stop pkg-apache22改成synopkg stop pkg-apache22)
- 将 cert-up.sh 文件中的78行的改成 /usr/syno/bin/synosystemctl reload nginx
- crt_cp.py的29行,print 后面加上括号print ('[ERR] load INFO file- %s')
- crt_cp.py的34行,像上面一样加上括号
- crt_cp.py的45行,加上括号
实测可以,谢谢
https://github.com/tonori/syno-acme
我修改了一下,系统是 dsm 7.2.1,使用的是 python3 ,同时结合 issue 66 修改了重启服务的命令
#66 (comment)