Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
acme.sh reloadcmd for Synology NAS; updates the certificate copies used by services with the renewed certificate, then reloads the service.
#!/bin/bash
# Let's Encrypt Certificate reload on Synology NAS
# Services configured through DSM to use a given certificate create their own copies of the certificate files.
# This script will update those copies after the original certificate is renewed.
#
# Install and configure acme.sh on the Synology NAS by following the tutorial:
# https://github.com/Neilpang/acme.sh/wiki/Synology-NAS-Guide
CERT_DIR=/usr/syno/etc/certificate
# When issuing the certificates, set --cert-file, --key-file, --fullchain-file, --capath
# to overwrite an existing cert in $CERT_DIR/_archive
# set --reloadcmd to invoke this script with name of that key
if [ -z "$1" ]
then
echo "Missing name of key to copy" >&2
echo "Usage: $0 KEY" >&2
exit 1
fi
KEY=$1
CERT_SRC=$CERT_DIR/_archive/$KEY
if ! [ -d $CERT_SRC ]
then
echo "'$CERT_SRC' does not exist, maybe the key was not installed?" >&2
exit 1
fi
# This file appears to store the key settings from DSM as JSON
# For each key in $CERT_DIR/_archive it contains a list of services configured to use it.
# Certs for key are copied to $CERT_DIR/$subscriber/$service based on this file.
INFO_FILE=$CERT_DIR/_archive/INFO
# Parse the file, extract serivces using our key, convert each to destination path
jq -r --arg key $KEY '.[$key].services[] | .subscriber+ "/" +.service' < $INFO_FILE | while read service
do
CERT_DEST=$CERT_DIR/$service
# Directories might not exist even if they are defined in the INFO file.
if [ -d $CERT_DEST ]
then
echo "Deploying to '$CERT_DEST'"
rsync -a "$CERT_SRC/" $CERT_DEST
fi
done
# After everything is copied, reload the server to apply the updated certs.
/usr/syno/sbin/synoservicectl --reload nginx
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment