Last active
November 29, 2020 00:04
-
-
Save bruvv/3075b64b0aa90139ab1be3223c367ccd to your computer and use it in GitHub Desktop.
synology lets encrypt wildecard auto renewal.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # 1. replace "site.nl" with your domain name | |
| # 2. schedule this script to be run once per three months in Task Scheduler | |
| echo "======================================================================" | |
| echo "Certificate Renewal" | |
| echo "======================================================================" | |
| ./acme.sh --force --renew -d *.site.nl --dns --yes-I-know-dns-manual-mode-enough-go-ahead-please --log | |
| echo "" | |
| # echo "======================================================================" | |
| # echo "Copying New Files to folder: certs" | |
| # echo "======================================================================" | |
| # cp "/root/.acme.sh/*.site.nl/*.site.nl.cer" "/volume1/certs/site.nl/site.nl.cer" | |
| # cp "/root/.acme.sh/*.site.nl/*.site.nl.key" "/volume1/certs/site.nl/site.nl.key" | |
| # cp "/root/.acme.sh/*.site.nl/ca.cer" "/volume1/certs/site.nl/ca.cer" | |
| # cp "/root/.acme.sh/*.site.nl/fullchain.cer" "/volume1/certs/site.nl/fullchain.cer" | |
| echo "" | |
| echo "======================================================================" | |
| echo "Renewed Certificate Publication" | |
| echo "======================================================================" | |
| certFile="/root/.acme.sh/*.site.nl/*.site.nl.cer" | |
| chainFile="/root/.acme.sh/*.site.nl/ca.cer" | |
| fullchainFile="/root/.acme.sh/*.site.nl/fullchain.cer" | |
| privkeyFile="/root/.acme.sh/*.site.nl/*.site.nl.key" | |
| privkey_fullchainFile="/root/.acme.sh/*.site.nl/*.site.nl.privkey_fullchain" | |
| echo "" | |
| # Create file privkey_fullchain.pem | |
| cp $privkeyFile $privkey_fullchainFile | |
| echo "">>$privkey_fullchainFile | |
| echo "">>$privkey_fullchainFile | |
| cat $certFile>>$privkey_fullchainFile | |
| cat $chainFile>>$privkey_fullchainFile | |
| echo "">>$privkey_fullchainFile | |
| echo "">>$privkey_fullchainFile | |
| echo "Copy to hassio" | |
| cp "$privkey_fullchainFile" /volume1/docker/hass.io/ssl/cert.pem | |
| cp "$privkeyFile" /volume1/docker/hass.io/ssl/privkey.key | |
| echo "" | |
| echo "======================================================================" | |
| echo "Replacing the expired certificate files" | |
| echo "======================================================================" | |
| function CopyFile() { | |
| if test -f "$dst"; then | |
| echo "———————————————————————-" | |
| echo "Copying file: $dst" | |
| fileOwner=$(ls -la "$dst"|awk '{print $3":"$4}') | |
| cp "$src" "$dst" | |
| chmod 400 "$dst" | |
| chown $fileOwner "$dst" | |
| md5sum --tag "$dst" | |
| ls -la "$dst" | |
| fi | |
| } | |
| function CopyCert() { | |
| # Display a name of the folder processed | |
| echo "Folder Name: $i" | |
| # Get an owner and group name of the folder | |
| src="$certFile" | |
| dst="$i/cert.pem" | |
| CopyFile | |
| src="$chainFile" | |
| dst="$i/chain.pem" | |
| CopyFile | |
| src="$fullchainFile" | |
| dst="$i/fullchain.pem" | |
| CopyFile | |
| src="$privkeyFile" | |
| dst="$i/privkey.pem" | |
| CopyFile | |
| src="$privkey_fullchainFile" | |
| dst="$i/privkey_fullchain.pem" | |
| CopyFile | |
| echo "======================================================================" | |
| } | |
| i="/usr/syno/etc/certificate/system/default" | |
| CopyCert | |
| find "/usr/syno/etc/certificate/AppPortal/" -name "privkey.pem" -printf "%h\n"|while read i | |
| do | |
| CopyCert | |
| done | |
| find "/usr/syno/etc/certificate/ReverseProxy" -name "privkey.pem" -printf "%h\n"|while read i | |
| do | |
| CopyCert | |
| done | |
| find "/usr/local/etc/certificate/" -name "privkey.pem" -printf "%h\n"|while read i | |
| do | |
| CopyCert | |
| done | |
| # Restart services | |
| synoservicecfg --restart nginx | |
| #synoservice --restart pkgctl-hassio | |
| synoservice --restart nginx | |
| synoservice --restart DSM |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment