224 lines
12 KiB
HTML
224 lines
12 KiB
HTML
<!DOCTYPE html>
|
|
<html class="writer-html5" lang="en" >
|
|
<head>
|
|
<meta charset="utf-8" />
|
|
<meta http-equiv="X-UA-Compatible" content="IE=edge" />
|
|
<meta name="viewport" content="width=device-width, initial-scale=1.0" /><link rel="canonical" href="https://docs.savaneprod.fr/Synology/2019-12-16-wildcard-lets-encrypt-certificate/" />
|
|
<link rel="shortcut icon" href="../../img/favicon.ico" />
|
|
<title>Générer et mettre à jour automatiquement un certificat "wildcard" let's encrypt. - Savanewiki</title>
|
|
<link rel="stylesheet" href="../../css/theme.css" />
|
|
<link rel="stylesheet" href="../../css/theme_extra.css" />
|
|
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/highlight.js/11.8.0/styles/github.min.css" />
|
|
|
|
<script>
|
|
// Current page data
|
|
var mkdocs_page_name = "G\u00e9n\u00e9rer et mettre \u00e0 jour automatiquement un certificat \"wildcard\" let\u0027s encrypt.";
|
|
var mkdocs_page_input_path = "Synology/2019-12-16-wildcard-lets-encrypt-certificate.md";
|
|
var mkdocs_page_url = "/Synology/2019-12-16-wildcard-lets-encrypt-certificate/";
|
|
</script>
|
|
|
|
<!--[if lt IE 9]>
|
|
<script src="../../js/html5shiv.min.js"></script>
|
|
<![endif]-->
|
|
<script src="https://cdnjs.cloudflare.com/ajax/libs/highlight.js/11.8.0/highlight.min.js"></script>
|
|
<script>hljs.highlightAll();</script>
|
|
</head>
|
|
|
|
<body class="wy-body-for-nav" role="document">
|
|
|
|
<div class="wy-grid-for-nav">
|
|
<nav data-toggle="wy-nav-shift" class="wy-nav-side stickynav">
|
|
<div class="wy-side-scroll">
|
|
<div class="wy-side-nav-search">
|
|
<a href="../.." class="icon icon-home"> Savanewiki
|
|
</a><div role="search">
|
|
<form id ="rtd-search-form" class="wy-form" action="../../search.html" method="get">
|
|
<input type="text" name="q" placeholder="Search docs" aria-label="Search docs" title="Type search term here" />
|
|
</form>
|
|
</div>
|
|
</div>
|
|
|
|
<div class="wy-menu wy-menu-vertical" data-spy="affix" role="navigation" aria-label="Navigation menu">
|
|
<ul>
|
|
<li class="toctree-l1"><a class="reference internal" href="../..">Home</a>
|
|
</li>
|
|
</ul>
|
|
<p class="caption"><span class="caption-text">Synology</span></p>
|
|
<ul class="current">
|
|
<li class="toctree-l1"><a class="reference internal" href="../2024-02-29-customized-dyndns-for-synology/">Mise à jour automatique de l'adresse IP publique dans l'entrée DNS A chez infomaniak</a>
|
|
</li>
|
|
<li class="toctree-l1"><a class="reference internal" href="../2019-09-01-access-synology-with-ssh-asymetrical-key/">Se connecter en SSH au Synology à l'aide d'une clef asymétrique.</a>
|
|
</li>
|
|
<li class="toctree-l1 current"><a class="reference internal current" href="./">Générer et mettre à jour automatiquement un certificat "wildcard" let's encrypt.</a>
|
|
<ul class="current">
|
|
<li class="toctree-l2"><a class="reference internal" href="#installation-de-acmesh">Installation de acme.sh</a>
|
|
</li>
|
|
<li class="toctree-l2"><a class="reference internal" href="#mise-a-jour-automatique-du-certificat">Mise à jour automatique du certificat</a>
|
|
<ul>
|
|
<li class="toctree-l3"><a class="reference internal" href="#chez-gandi">Chez Gandi</a>
|
|
</li>
|
|
<li class="toctree-l3"><a class="reference internal" href="#le-script-de-mise-a-jour">Le script de mise à jour</a>
|
|
</li>
|
|
<li class="toctree-l3"><a class="reference internal" href="#chez-infomaniak">Chez infomaniak</a>
|
|
</li>
|
|
<li class="toctree-l3"><a class="reference internal" href="#la-conf-dans-dsm-dans-le-planificateur-de-taches">La conf dans DSM dans le planificateur de tâches</a>
|
|
</li>
|
|
</ul>
|
|
</li>
|
|
</ul>
|
|
</li>
|
|
<li class="toctree-l1"><a class="reference internal" href="../2020-12-04-borg-backup/">Sauvegarde externalisée grâce à Borg Backup</a>
|
|
</li>
|
|
<li class="toctree-l1"><a class="reference internal" href="../2021-02-06-restore-time-machine-backup/">Restaurer un mac depuis une sauvegarde Time machine.</a>
|
|
</li>
|
|
</ul>
|
|
<p class="caption"><span class="caption-text">Ansible</span></p>
|
|
<ul>
|
|
<li class="toctree-l1"><a class="reference internal" href="../../Ansible/2023-10-01-nextcloud-docker-update-from-ansible/">Mise à jour de Nextcloud docker par Ansible</a>
|
|
</li>
|
|
<li class="toctree-l1"><a class="reference internal" href="../../Ansible/2023-11-14-savanewiki-plubication/">Publication de Savanewiki</a>
|
|
</li>
|
|
</ul>
|
|
<p class="caption"><span class="caption-text">Linux</span></p>
|
|
<ul>
|
|
<li class="toctree-l1"><a class="reference internal" href="../../Linux/2019-07-09-manipulations-LVM/">Manipulations LVM</a>
|
|
</li>
|
|
</ul>
|
|
<ul>
|
|
<li class="toctree-l1"><a class="reference internal" href="../../about/">About</a>
|
|
</li>
|
|
</ul>
|
|
</div>
|
|
</div>
|
|
</nav>
|
|
|
|
<section data-toggle="wy-nav-shift" class="wy-nav-content-wrap">
|
|
<nav class="wy-nav-top" role="navigation" aria-label="Mobile navigation menu">
|
|
<i data-toggle="wy-nav-top" class="fa fa-bars"></i>
|
|
<a href="../..">Savanewiki</a>
|
|
|
|
</nav>
|
|
<div class="wy-nav-content">
|
|
<div class="rst-content"><div role="navigation" aria-label="breadcrumbs navigation">
|
|
<ul class="wy-breadcrumbs">
|
|
<li><a href="../.." class="icon icon-home" aria-label="Docs"></a></li>
|
|
<li class="breadcrumb-item">Synology</li>
|
|
<li class="breadcrumb-item active">Générer et mettre à jour automatiquement un certificat "wildcard" let's encrypt.</li>
|
|
<li class="wy-breadcrumbs-aside">
|
|
</li>
|
|
</ul>
|
|
<hr/>
|
|
</div>
|
|
<div role="main" class="document" itemscope="itemscope" itemtype="http://schema.org/Article">
|
|
<div class="section" itemprop="articleBody">
|
|
|
|
<h1 id="generer-et-mettre-a-jour-automatiquement-un-certificat-wildcard-lets-encrypt">Générer et mettre à jour automatiquement un certificat "wildcard" let's encrypt.</h1>
|
|
<h2 id="installation-de-acmesh">Installation de acme.sh</h2>
|
|
<pre><code class="language-bash"># 1 - Being root
|
|
|
|
SYNOPATH="/volume1/something"
|
|
cd $SYNOPATH
|
|
|
|
git clone https://github.com/acmesh-official/acme.sh.git
|
|
|
|
./acme.sh/acme.sh --install --nocron --home $SYNOPATH/acme.sh/.acme.sh --accountemail "admin@savaneprod.fr"
|
|
</code></pre>
|
|
<p>Sur DSM, les certificats se trouvent dans <code>/usr/syno/etc/certificate/_archive/</code>.</p>
|
|
<h2 id="mise-a-jour-automatique-du-certificat">Mise à jour automatique du certificat</h2>
|
|
<h3 id="chez-gandi">Chez Gandi</h3>
|
|
<p>Utilsation de l'API Gandi : <a href="https://github.com/acmesh-official/acme.sh/wiki/dnsapi#18-use-gandi-livedns-api">https://github.com/acmesh-official/acme.sh/wiki/dnsapi#18-use-gandi-livedns-api</a></p>
|
|
<h3 id="le-script-de-mise-a-jour">Le script de mise à jour</h3>
|
|
<pre><code class="language-bash">SYNOPATH="/volume1/something"
|
|
API="dns_gandi_livedns"
|
|
|
|
jour=$(date +%Y-%m-%d)
|
|
file='$SYNOPATH/Certificats/'$jour'.log'
|
|
|
|
HOME_orig=$HOME
|
|
HOME="$SYNOPATH/Certificats/.acme.sh"
|
|
|
|
export GANDI_LIVEDNS_KEY="la clef récupérée chez Gandi"
|
|
|
|
export SYNO_Certificate="savaneprod.fr cert"
|
|
export SYNO_Create=0
|
|
export SYNO_Username="admin_c_pas_top"
|
|
export SYNO_Password="Un mdp de ouf"
|
|
|
|
echo "*********************************************" 2>&1 | tee -a $file
|
|
echo " Mise à jour du certificat *.savaneprod.fr" 2>&1 | tee -a $file
|
|
echo "*********************************************" 2>&1 | tee -a $file
|
|
|
|
bash $SYNOPATH/Certificats/acme.sh/acme.sh --home $HOME --renew -d savaneprod.fr -d '*.savaneprod.fr' --dns $API --force --log 2>&1 | tee -a $file
|
|
bash $SYNOPATH/Certificats/acme.sh/acme.sh --home $HOME -d savaneprod.fr -d "*.savaneprod.fr" --deploy --deploy-hook synology_dsm --log 2>&1 | tee -a $file
|
|
|
|
echo "---------------------------------" 2>&1 | tee -a $file
|
|
echo " Fin du script de mise à jour." 2>&1 | tee -a $file
|
|
echo "*********************************" 2>&1 | tee -a $file
|
|
</code></pre>
|
|
<h3 id="chez-infomaniak">Chez infomaniak</h3>
|
|
<ul>
|
|
<li>Utilisation de l'API infomaniak : <a href="https://github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_infomaniak">https://github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_infomaniak</a></li>
|
|
<li>Création d'un token d'API pour la gestion des entrées DNS :
|
|
Depuis la page d'accueil. Aller dans "Utilisateur et profil", "Mon profil", "Développeur" et "Tokens API".</li>
|
|
</ul>
|
|
<p><img alt="Création d'un token d'API pour gérer les entrées DNS" src="../infomaniak_API_token.png" />
|
|
* On peut alors modifier le script avec les valeurs suivantes :</p>
|
|
<pre><code class="language-bash">API="dns_infomaniak_add"
|
|
export INFOMANIAK_API_TOKEN="mon_t0k3n_9uil_e2t_grand_et_b1en_utile"
|
|
</code></pre>
|
|
<p>Il faut le sauvegarder en lieu sûr, car une fois créé il ne sera plus possible de le consulter.</p>
|
|
<h3 id="la-conf-dans-dsm-dans-le-planificateur-de-taches">La conf dans DSM dans le planificateur de tâches</h3>
|
|
<p><img alt="Planificateur de tâche, onglet "General"" src="../task_general-tab.png" /></p>
|
|
<p>J'ai finalement décidé de renouveler tous les mois parce que le Synology propose tous les 3 mois mais la durée de vie du certificat est légèrement inférieure. Et je n'ai pas cherché à configurer le renouvellement tous les deux mois.
|
|
<img alt="Planificateur de tâches, onglet "Schedule"" src="../task_Schedule-tab.png" /></p>
|
|
<p>Exécution du script. Il faut bien entendu que le script ait la permission d'éxécution configurée.
|
|
<img alt="Planificateur de tâches, onglet "Task Settings"" src="../task_setting-tab.png" /></p>
|
|
|
|
</div>
|
|
</div><footer>
|
|
<div class="rst-footer-buttons" role="navigation" aria-label="Footer Navigation">
|
|
<a href="../2019-09-01-access-synology-with-ssh-asymetrical-key/" class="btn btn-neutral float-left" title="Se connecter en SSH au Synology à l'aide d'une clef asymétrique."><span class="icon icon-circle-arrow-left"></span> Previous</a>
|
|
<a href="../2020-12-04-borg-backup/" class="btn btn-neutral float-right" title="Sauvegarde externalisée grâce à Borg Backup">Next <span class="icon icon-circle-arrow-right"></span></a>
|
|
</div>
|
|
|
|
<hr/>
|
|
|
|
<div role="contentinfo">
|
|
<!-- Copyright etc -->
|
|
</div>
|
|
|
|
Built with <a href="https://www.mkdocs.org/">MkDocs</a> using a <a href="https://github.com/readthedocs/sphinx_rtd_theme">theme</a> provided by <a href="https://readthedocs.org">Read the Docs</a>.
|
|
</footer>
|
|
|
|
</div>
|
|
</div>
|
|
|
|
</section>
|
|
|
|
</div>
|
|
|
|
<div class="rst-versions" role="note" aria-label="Versions">
|
|
<span class="rst-current-version" data-toggle="rst-current-version">
|
|
|
|
|
|
<span><a href="../2019-09-01-access-synology-with-ssh-asymetrical-key/" style="color: #fcfcfc">« Previous</a></span>
|
|
|
|
|
|
<span><a href="../2020-12-04-borg-backup/" style="color: #fcfcfc">Next »</a></span>
|
|
|
|
</span>
|
|
</div>
|
|
<script src="../../js/jquery-3.6.0.min.js"></script>
|
|
<script>var base_url = "../..";</script>
|
|
<script src="../../js/theme_extra.js"></script>
|
|
<script src="../../js/theme.js"></script>
|
|
<script src="../../search/main.js"></script>
|
|
<script>
|
|
jQuery(function () {
|
|
SphinxRtdTheme.Navigation.enable(true);
|
|
});
|
|
</script>
|
|
|
|
</body>
|
|
</html>
|