Savaneprod/SavaneWiki
1
0
Fork 0
Code Pull Requests Releases Activity
Files
8ee9fe8ef24a250e87a020a4ab3471566d863078
SavaneWiki/site/Synology/2019-12-16-wildcard-lets-encrypt-certificate/index.html
JF 190a0f1ac2 First build
2023-11-13 21:28:26 +01:00

202 lines
10 KiB
HTML
Raw Blame History

<!DOCTYPE html>
<html class="writer-html5" lang="en" >
<head>
<meta charset="utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" /><link rel="canonical" href="https://docs.savaneprod.fr/Synology/2019-12-16-wildcard-lets-encrypt-certificate/" />
<link rel="shortcut icon" href="../../img/favicon.ico" />
<title>Générer et mettre à jour automatiquement un certificat "wildcard" let's encrypt. - Savanewiki</title>
<link rel="stylesheet" href="../../css/theme.css" />
<link rel="stylesheet" href="../../css/theme_extra.css" />
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/highlight.js/11.8.0/styles/github.min.css" />
<script>
// Current page data
var mkdocs_page_name = "G\u00e9n\u00e9rer et mettre \u00e0 jour automatiquement un certificat \"wildcard\" let\u0027s encrypt.";
var mkdocs_page_input_path = "Synology/2019-12-16-wildcard-lets-encrypt-certificate.md";
var mkdocs_page_url = "/Synology/2019-12-16-wildcard-lets-encrypt-certificate/";
</script>
<!--[if lt IE 9]>
<script src="../../js/html5shiv.min.js"></script>
<![endif]-->
<script src="https://cdnjs.cloudflare.com/ajax/libs/highlight.js/11.8.0/highlight.min.js"></script>
<script>hljs.highlightAll();</script>
</head>
<body class="wy-body-for-nav" role="document">
<div class="wy-grid-for-nav">
<nav data-toggle="wy-nav-shift" class="wy-nav-side stickynav">
<div class="wy-side-scroll">
<div class="wy-side-nav-search">
<a href="../.." class="icon icon-home"> Savanewiki
</a><div role="search">
<form id ="rtd-search-form" class="wy-form" action="../../search.html" method="get">
<input type="text" name="q" placeholder="Search docs" aria-label="Search docs" title="Type search term here" />
</form>
</div>
</div>
<div class="wy-menu wy-menu-vertical" data-spy="affix" role="navigation" aria-label="Navigation menu">
<ul>
<li class="toctree-l1"><a class="reference internal" href="../..">Home</a>
</li>
</ul>
<p class="caption"><span class="caption-text">Synology</span></p>
<ul class="current">
<li class="toctree-l1"><a class="reference internal" href="../">Liens relatifs à l'utilisation de Synology DSM.</a>
</li>
<li class="toctree-l1"><a class="reference internal" href="../2019-09-01-access-synology-with-ssh-asymetrical-key/">Se connecter en SSH au Synology à l'aide d'une clef asymétrique.</a>
</li>
<li class="toctree-l1 current"><a class="reference internal current" href="./">Générer et mettre à jour automatiquement un certificat "wildcard" let's encrypt.</a>
<ul class="current">
<li class="toctree-l2"><a class="reference internal" href="#installation-de-acmesh">Installation de acme.sh</a>
</li>
<li class="toctree-l2"><a class="reference internal" href="#mise-a-jour-automatique-du-certificat">Mise à jour automatique du certificat</a>
<ul>
<li class="toctree-l3"><a class="reference internal" href="#chez-gandi">Chez Gandi</a>
</li>
<li class="toctree-l3"><a class="reference internal" href="#le-script-de-mise-a-jour">Le script de mise à jour</a>
</li>
<li class="toctree-l3"><a class="reference internal" href="#la-conf-dans-dsm-dans-le-planificateur-de-taches">La conf dans DSM dans le planificateur de tâches</a>
</li>
</ul>
</li>
</ul>
</li>
<li class="toctree-l1"><a class="reference internal" href="../2020-12-04-borg-backup/">Sauvegarde externalisée grâce à Borg Backup</a>
</li>
<li class="toctree-l1"><a class="reference internal" href="../2021-02-06-restore-time-machine-backup/">Restaurer un mac depuis une sauvegarde Time machine.</a>
</li>
</ul>
<p class="caption"><span class="caption-text">Ansible</span></p>
<ul>
<li class="toctree-l1"><a class="reference internal" href="../../Ansible/2023-10-01-nextcloud-docker-update-from-ansible/">Mise à jour de Nextcloud docker par Ansible</a>
</li>
</ul>
<ul>
<li class="toctree-l1"><a class="reference internal" href="../../about/">About</a>
</li>
</ul>
</div>
</div>
</nav>
<section data-toggle="wy-nav-shift" class="wy-nav-content-wrap">
<nav class="wy-nav-top" role="navigation" aria-label="Mobile navigation menu">
<i data-toggle="wy-nav-top" class="fa fa-bars"></i>
<a href="../..">Savanewiki</a>
</nav>
<div class="wy-nav-content">
<div class="rst-content"><div role="navigation" aria-label="breadcrumbs navigation">
<ul class="wy-breadcrumbs">
<li><a href="../.." class="icon icon-home" aria-label="Docs"></a></li>
<li class="breadcrumb-item">Synology</li>
<li class="breadcrumb-item active">Générer et mettre à jour automatiquement un certificat "wildcard" let's encrypt.</li>
<li class="wy-breadcrumbs-aside">
</li>
</ul>
<hr/>
</div>
<div role="main" class="document" itemscope="itemscope" itemtype="http://schema.org/Article">
<div class="section" itemprop="articleBody">
<h1 id="generer-et-mettre-a-jour-automatiquement-un-certificat-wildcard-lets-encrypt">Générer et mettre à jour automatiquement un certificat "wildcard" let's encrypt.</h1>
<h2 id="installation-de-acmesh">Installation de acme.sh</h2>
<pre><code class="language-bash"># 1 - Beeing root
SYNOPATH=&quot;/volume1/something&quot;
cd $SYNOPATH
git clone https://github.com/acmesh-official/acme.sh.git
./acme.sh/acme.sh --install --nocron --home $SYNOPATH/acme.sh/.acme.sh --accountemail &quot;admin@savaneprod.fr&quot;
</code></pre>
<p>Sur DSM, les certificats se trouvent dans <code>/usr/syno/etc/certificate/_archive/</code>.</p>
<h2 id="mise-a-jour-automatique-du-certificat">Mise à jour automatique du certificat</h2>
<h3 id="chez-gandi">Chez Gandi</h3>
<p>Utilsation de l'API Gandi : <a href="https://github.com/acmesh-official/acme.sh/wiki/dnsapi#18-use-gandi-livedns-api">https://github.com/acmesh-official/acme.sh/wiki/dnsapi#18-use-gandi-livedns-api</a></p>
<h3 id="le-script-de-mise-a-jour">Le script de mise à jour</h3>
<pre><code class="language-bash">SYNOPATH=&quot;/volume1/something&quot;
jour=$(date +%Y-%m-%d)
file='$SYNOPATH/Certificats/'$jour'.log'
HOME_orig=$HOME
HOME=&quot;$SYNOPATH/Certificats/.acme.sh&quot;
export GANDI_LIVEDNS_KEY=&quot;la clef récupérée chez Gandi&quot;
export SYNO_Certificate=&quot;savaneprod.fr cert&quot;
export SYNO_Create=0
export SYNO_Username=&quot;admin_c_pas_top&quot;
export SYNO_Password=&quot;Un mdp de ouf&quot;
echo &quot;*********************************************&quot; 2&gt;&amp;1 | tee -a $file
echo &quot; Mise à jour du certificat *.savaneprod.fr&quot; 2&gt;&amp;1 | tee -a $file
echo &quot;*********************************************&quot; 2&gt;&amp;1 | tee -a $file
bash $SYNOPATH/Certificats/acme.sh/acme.sh --home $HOME --renew -d savaneprod.fr -d '*.savaneprod.fr' --dns dns_gandi_livedns --force --log 2&gt;&amp;1 | tee -a $file
bash $SYNOPATH/Certificats/acme.sh/acme.sh --home $HOME -d savaneprod.fr -d &quot;*.savaneprod.fr&quot; --deploy --deploy-hook synology_dsm --log 2&gt;&amp;1 | tee -a $file
echo &quot;---------------------------------&quot; 2&gt;&amp;1 | tee -a $file
echo &quot; Fin du script de mise à jour.&quot; 2&gt;&amp;1 | tee -a $file
echo &quot;*********************************&quot; 2&gt;&amp;1 | tee -a $file
</code></pre>
<h3 id="la-conf-dans-dsm-dans-le-planificateur-de-taches">La conf dans DSM dans le planificateur de tâches</h3>
<p><img alt="Planificateur de tâche, onglet &quot;General&quot;" src="../task_general-tab.png" /></p>
<p>J'ai finalement décidé de renouveler tous les mois parce que le Synology propose tous les 3 mois mais la durée de vie du certificat est légèrement inférieure. Et je n'ai pas cherché à configurer le renouvellement tous les deux mois.
<img alt="Planificateur de tâches, onglet &quot;Schedule&quot;" src="../task_Schedule-tab.png" /></p>
<p>Exécution du script. Il faut bien entendu que le script ait la permission d'éxécution configurée.
<img alt="Planificateur de tâches, onglet &quot;Task Settings&quot;" src="../task_setting-tab.png" /></p>
</div>
</div><footer>
<div class="rst-footer-buttons" role="navigation" aria-label="Footer Navigation">
<a href="../2019-09-01-access-synology-with-ssh-asymetrical-key/" class="btn btn-neutral float-left" title="Se connecter en SSH au Synology à l'aide d'une clef asymétrique."><span class="icon icon-circle-arrow-left"></span> Previous</a>
<a href="../2020-12-04-borg-backup/" class="btn btn-neutral float-right" title="Sauvegarde externalisée grâce à Borg Backup">Next <span class="icon icon-circle-arrow-right"></span></a>
</div>
<hr/>
<div role="contentinfo">
<!-- Copyright etc -->
</div>
Built with <a href="https://www.mkdocs.org/">MkDocs</a> using a <a href="https://github.com/readthedocs/sphinx_rtd_theme">theme</a> provided by <a href="https://readthedocs.org">Read the Docs</a>.
</footer>
</div>
</div>
</section>
</div>
<div class="rst-versions" role="note" aria-label="Versions">
<span class="rst-current-version" data-toggle="rst-current-version">
<span><a href="../2019-09-01-access-synology-with-ssh-asymetrical-key/" style="color: #fcfcfc">&laquo; Previous</a></span>
<span><a href="../2020-12-04-borg-backup/" style="color: #fcfcfc">Next &raquo;</a></span>
</span>
</div>
<script src="../../js/jquery-3.6.0.min.js"></script>
<script>var base_url = "../..";</script>
<script src="../../js/theme_extra.js"></script>
<script src="../../js/theme.js"></script>
<script src="../../search/main.js"></script>
<script>
jQuery(function () {
SphinxRtdTheme.Navigation.enable(true);
});
</script>
</body>
</html>
View Git Blame Copy Permalink