-
-
Save Klemart3D/a33765d2ead0b56fcdfdccf9334a4d20 to your computer and use it in GitHub Desktop.
Plex SSL certificate auto-renewer script for Synology NAS
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh | |
######################################################### | |
# Plex certificate auto-renewer script for Synology NAS | |
# This script will create a new p12 certificate for Plex | |
# when Let's Encrypt automatically renew its one | |
######################################################### | |
# CONFIGURATION | |
# Location of this script | |
script_folder=/volume1/web/scripts | |
# Folder and name for p12 file to paste in your Plex server settings | |
p12_file_path=/volume1/Plex/syno.p12 | |
# Password to the p12 file (can be empty) | |
p12cert_password= | |
# Synology's default Let's Encrypt folder | |
letsencrypt_cert_folder=/usr/syno/etc/certificate/system/default | |
# Timestamp recorder file name (that keep in memory the further certificate renew date) | |
renew_timestamp=renew_plex_timestamp | |
# Names of certificate files (usually xxx.pem or RSA-xxx.pem) | |
cert_name=cert.pem | |
privkey_name=privkey.pem | |
fullchain_name=fullchain.pem | |
# Domain name for certificate (use "$1" to get it as first script parameter) | |
domain_name=$1 | |
# DO NOT CHANGE BELOW UNLESS YOU'RE A WIZARD | |
generate_p12=false | |
current_date=`date +"%s"` | |
current_certificate_date=`openssl x509 -enddate -noout -in "$letsencrypt_cert_folder/$cert_name" | cut -d'=' -f2` | |
current_certificate_timestamp=`date -d "$current_certificate_date" +"%s"` | |
echo "$(date) - Plex certificate auto-renewer script launched" | |
# Check if the renew_timestamp file exists | |
if [ ! -f $script_folder/$renew_timestamp ]; then | |
echo "Generate timestamp for the current renew date... " | |
echo "$current_certificate_timestamp" > "$script_folder/$renew_timestamp" | |
chmod +rw "$script_folder/$renew_timestamp" | |
chown admin:users "$script_folder/$renew_timestamp" | |
# Generate the first p12 file | |
generate_p12=true | |
else | |
renew_date=`cat "$script_folder/$renew_timestamp"` | |
echo "In memory certificate expiration date is" `date -d @$renew_date` "and the current certificate expiration date | |
is $current_certificate_date" | |
# Check if is it necessary to renew the certificate | |
if expr "$current_certificate_timestamp" "!=" "$renew_date" > /dev/null; then | |
# Generate a new p12 file | |
echo "Dates doesn't match, we have to renew the certificate..." | |
generate_p12=true | |
# Update the timestamp in the file | |
echo "Updating the new timestamp date..." | |
echo "$current_certificate_timestamp" > "$script_folder/$renew_timestamp" | |
else | |
echo "It is not necessary to renew the certificate, abort." | |
exit 0 | |
fi | |
fi | |
# Generate a new certificate file if necessary then restart Plex | |
if expr "$generate_p12" "=" "true" > /dev/null; then | |
echo "Generating the p12 certificate file for domain $domain_name..." | |
openssl pkcs12 -export -out "$p12_file_path" \ | |
-in "$letsencrypt_cert_folder/$cert_name" \ | |
-inkey "$letsencrypt_cert_folder/$privkey_name" \ | |
-certfile "$letsencrypt_cert_folder/$fullchain_name" \ | |
-name "$domain_name" -password pass:$p12cert_password | |
chmod +r "$p12_file_path" | |
chown admin:users "$p12_file_path" | |
echo "Restarting Plex Media Server..." | |
synoservice --restart pkgctl-Plex\ Media\ Server | |
echo "Done." | |
fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment