diff --git a/docs/Savaneprod/2025-03-31-certificats-wildcard-pour-synology.md b/docs/Savaneprod/2025-03-31-certificats-wildcard-pour-synology.md index 569fd98..bbd0b02 100644 --- a/docs/Savaneprod/2025-03-31-certificats-wildcard-pour-synology.md +++ b/docs/Savaneprod/2025-03-31-certificats-wildcard-pour-synology.md @@ -62,93 +62,7 @@ EAB_HMAC_KEY='laGrosse_ClefDeLamort\gna' ## *Et pis c'est tout !* -T'as plus qu'à exécuter `issue-or-renew-certs-for-dsm.sh`. -```bash -SCRIPT_PATH="$(dirname $(readlink -f $BASH_SOURCE))" -DOMAIN_FILES_PATH="$SCRIPT_PATH/domains" -ACMESH_CONTAINER_DATA_PATH="$SCRIPT_PATH/data" -ACMESH_LOCAL_PATH="$SCRIPT_PATH/acme.sh" - -JOUR="$(date +%Y-%m-%d_%H%M)" -LOGFILENAME="logs/$JOUR.log" - -DOCKER_IMAGE="neilpang/acme.sh:3.1.0" - -if [ "$1" = "--help" ] -then - docker run --rm -it neilpang/acme.sh:3.1.0 --help -# docker rmi -f $DOCKER_IMAGE - exit 0 -fi - -ls $DOMAIN_FILES_PATH/*.domain > /dev/null 2>&1 -if [ $? -eq 2 ] -then - echo "No domain file exists. - At least one .domain file must exists at $DOMAIN_FILES_PATH. - The file defines variables \$DOMAIN and \$SUBJECT_ALTERNATIVE_NAME." - exit 2 -fi - -if [ ! -d $SCRIPT_PATH/logs ] -then mkdir -p $SCRIPT_PATH/logs -fi - -if [ -f $SCRIPT_PATH/INFOMANIAK_API_TOKEN.secret ] -then source $SCRIPT_PATH/INFOMANIAK_API_TOKEN.secret -else echo " -Le token d'API d'Infomaniak est manquant. -INFOMANIAK_API_TOKEN.secret doit définir la variable INFOMANIAK_API_TOKEN=\"xxxxx\" -" -fi - -if [ -f $SCRIPT_PATH/ZEROSSL.secret ] -then source $SCRIPT_PATH/ZEROSSL.secret -else echo " -Les clefs d'API de zeroSSL sont manquantes. -Le fichier ZEROSSL.secret doit définir les variables EAB_KID='xxx' et EAB_HMAC_KEY='xxx' -" -fi - -for d in $(ls $DOMAIN_FILES_PATH/*.domain) -do - source $d - if [ -d $ACMESH_CONTAINER_DATA_PATH/$DOMAIN_ecc ] - then ISSUE_OR_RENEW="--renew"; ACTION="Renouvellement" - else - ISSUE_OR_RENEW="--issue"; ACTION="Création" - mkdir $ACMESH_CONTAINER_DATA_PATH - fi - - echo "####### $ACTION du certificat $DOMAIN #######" | tee -a $SCRIPT_PATH/$LOGFILENAME - - docker run --rm \ - -v "$ACMESH_CONTAINER_DATA_PATH":/acme.sh \ - -v "$SCRIPT_PATH/logs:/logs" \ - -e $INFOMANIAK_API_TOKEN \ - $DOCKER_IMAGE $ISSUE_OR_RENEW -d $DOMAIN -d $SUBJECT_ALTERNATIVE_NAME --server zerossl --eab-kid $EAB_KID --eab-hmac-key $EAB_HMAC_KEY --dns dns_infomaniak --log /$LOGFILENAME --log-level 2 - - echo "####### Déploiement du certificat $DOMAIN sur DSM #######" | tee -a $SCRIPT_PATH/$LOGFILENAME - - if [ ! -d $ACMESH_LOCAL_PATH ] - then git clone https://github.com/acmesh-official/acme.sh.git $ACMESH_LOCAL_PATH - fi - - export SYNO_CERTIFICATE="$DOMAIN cert" - # Creates the cert in DSM if it does not exist in Security/Certificate management. - export SYNO_Create=1 - # When run locally, use an automatically created temp admin. Deletes it after use. - # https://github.com/acmesh-official/acme.sh/wiki/deployhooks#20-deploy-the-certificate-to-synology-dsm - export SYNO_USE_TEMP_ADMIN=1 - - bash $ACMESH_LOCAL_PATH/acme.sh --home $ACMESH_CONTAINER_DATA_PATH -d $DOMAIN -d $SUBJECT_ALTERNATIVE_NAME --deploy --deploy-hook synology_dsm --log $SCRIPT_PATH/$LOGFILENAME --log-level 2 - - unset DOMAIN SUBJECT_ALTERNATIVE_NAME - -done - -exit 0 -``` +T'as plus qu'à exécuter [`issue-or-renew-certs-for-dsm.sh`](https://gitea.savaneprod.fr/Savaneprod/Certificats/src/branch/main/issue-or-renew-certs-for-dsm.sh). ## La conf dans DSM dans le planificateur de tâches