Savaneprod/SavaneWiki
1
0
Fork 0
Code Pull Requests Releases Activity

Update docs/Savaneprod/2025-03-31-certificats-wildcard-pour-synology.md
All checks were successful
continuous-integration/drone/push Build is passing
Details

Browse Source
This commit is contained in:
jf
2025-04-01 12:31:38 +02:00
parent c17b2a5a6d
commit 294151e1af
1 changed files with 1 additions and 87 deletions
Download Patch File Download Diff File Expand all files Collapse all files

88
docs/Savaneprod/2025-03-31-certificats-wildcard-pour-synology.md
View File

@@ -62,93 +62,7 @@ EAB_HMAC_KEY='laGrosse_ClefDeLamort\gna'
## *Et pis c'est tout !*
T'as plus qu'à exécuter `issue-or-renew-certs-for-dsm.sh`.
```bash
SCRIPT_PATH="$(dirname $(readlink -f $BASH_SOURCE))"
DOMAIN_FILES_PATH="$SCRIPT_PATH/domains"
ACMESH_CONTAINER_DATA_PATH="$SCRIPT_PATH/data"
ACMESH_LOCAL_PATH="$SCRIPT_PATH/acme.sh"
JOUR="$(date +%Y-%m-%d_%H%M)"
LOGFILENAME="logs/$JOUR.log"
DOCKER_IMAGE="neilpang/acme.sh:3.1.0"
if [ "$1" = "--help" ]
then
docker run --rm -it neilpang/acme.sh:3.1.0 --help
# docker rmi -f $DOCKER_IMAGE
exit 0
fi
ls $DOMAIN_FILES_PATH/*.domain > /dev/null 2>&1
if [ $? -eq 2 ]
then
echo "No domain file exists.
At least one .domain file must exists at $DOMAIN_FILES_PATH.
The file defines variables \$DOMAIN and \$SUBJECT_ALTERNATIVE_NAME."
exit 2
fi
if [ ! -d $SCRIPT_PATH/logs ]
then mkdir -p $SCRIPT_PATH/logs
fi
if [ -f $SCRIPT_PATH/INFOMANIAK_API_TOKEN.secret ]
then source $SCRIPT_PATH/INFOMANIAK_API_TOKEN.secret
else echo "
Le token d'API d'Infomaniak est manquant.
INFOMANIAK_API_TOKEN.secret doit définir la variable INFOMANIAK_API_TOKEN=\"xxxxx\"
"
fi
if [ -f $SCRIPT_PATH/ZEROSSL.secret ]
then source $SCRIPT_PATH/ZEROSSL.secret
else echo "
Les clefs d'API de zeroSSL sont manquantes.
Le fichier ZEROSSL.secret doit définir les variables EAB_KID='xxx' et EAB_HMAC_KEY='xxx'
"
fi
for d in $(ls $DOMAIN_FILES_PATH/*.domain)
do
source $d
if [ -d $ACMESH_CONTAINER_DATA_PATH/$DOMAIN_ecc ]
then ISSUE_OR_RENEW="--renew"; ACTION="Renouvellement"
else
ISSUE_OR_RENEW="--issue"; ACTION="Création"
mkdir $ACMESH_CONTAINER_DATA_PATH
fi
echo "####### $ACTION du certificat $DOMAIN #######" | tee -a $SCRIPT_PATH/$LOGFILENAME
docker run --rm \
-v "$ACMESH_CONTAINER_DATA_PATH":/acme.sh \
-v "$SCRIPT_PATH/logs:/logs" \
-e $INFOMANIAK_API_TOKEN \
$DOCKER_IMAGE $ISSUE_OR_RENEW -d $DOMAIN -d $SUBJECT_ALTERNATIVE_NAME --server zerossl --eab-kid $EAB_KID --eab-hmac-key $EAB_HMAC_KEY --dns dns_infomaniak --log /$LOGFILENAME --log-level 2
echo "####### Déploiement du certificat $DOMAIN sur DSM #######" | tee -a $SCRIPT_PATH/$LOGFILENAME
if [ ! -d $ACMESH_LOCAL_PATH ]
then git clone https://github.com/acmesh-official/acme.sh.git $ACMESH_LOCAL_PATH
fi
export SYNO_CERTIFICATE="$DOMAIN cert"
# Creates the cert in DSM if it does not exist in Security/Certificate management.
export SYNO_Create=1
# When run locally, use an automatically created temp admin. Deletes it after use.
# https://github.com/acmesh-official/acme.sh/wiki/deployhooks#20-deploy-the-certificate-to-synology-dsm
export SYNO_USE_TEMP_ADMIN=1
bash $ACMESH_LOCAL_PATH/acme.sh --home $ACMESH_CONTAINER_DATA_PATH -d $DOMAIN -d $SUBJECT_ALTERNATIVE_NAME --deploy --deploy-hook synology_dsm --log $SCRIPT_PATH/$LOGFILENAME --log-level 2
unset DOMAIN SUBJECT_ALTERNATIVE_NAME
done
exit 0
```
T'as plus qu'à exécuter [`issue-or-renew-certs-for-dsm.sh`](https://gitea.savaneprod.fr/Savaneprod/Certificats/src/branch/main/issue-or-renew-certs-for-dsm.sh).
## La conf dans DSM dans le planificateur de tâches