Skip to content

Instantly share code, notes, and snippets.

@bruvv
Last active November 29, 2020 00:04
Show Gist options
  • Save bruvv/3075b64b0aa90139ab1be3223c367ccd to your computer and use it in GitHub Desktop.
Save bruvv/3075b64b0aa90139ab1be3223c367ccd to your computer and use it in GitHub Desktop.
synology lets encrypt wildecard auto renewal.sh
#!/bin/bash
# 1. replace "site.nl" with your domain name
# 2. schedule this script to be run once per three months in Task Scheduler
echo "======================================================================"
echo "Certificate Renewal"
echo "======================================================================"
./acme.sh --force --renew -d *.site.nl --dns --yes-I-know-dns-manual-mode-enough-go-ahead-please --log
echo ""
# echo "======================================================================"
# echo "Copying New Files to folder: certs"
# echo "======================================================================"
# cp "/root/.acme.sh/*.site.nl/*.site.nl.cer" "/volume1/certs/site.nl/site.nl.cer"
# cp "/root/.acme.sh/*.site.nl/*.site.nl.key" "/volume1/certs/site.nl/site.nl.key"
# cp "/root/.acme.sh/*.site.nl/ca.cer" "/volume1/certs/site.nl/ca.cer"
# cp "/root/.acme.sh/*.site.nl/fullchain.cer" "/volume1/certs/site.nl/fullchain.cer"
echo ""
echo "======================================================================"
echo "Renewed Certificate Publication"
echo "======================================================================"
certFile="/root/.acme.sh/*.site.nl/*.site.nl.cer"
chainFile="/root/.acme.sh/*.site.nl/ca.cer"
fullchainFile="/root/.acme.sh/*.site.nl/fullchain.cer"
privkeyFile="/root/.acme.sh/*.site.nl/*.site.nl.key"
privkey_fullchainFile="/root/.acme.sh/*.site.nl/*.site.nl.privkey_fullchain"
echo ""
# Create file privkey_fullchain.pem
cp $privkeyFile $privkey_fullchainFile
echo "">>$privkey_fullchainFile
echo "">>$privkey_fullchainFile
cat $certFile>>$privkey_fullchainFile
cat $chainFile>>$privkey_fullchainFile
echo "">>$privkey_fullchainFile
echo "">>$privkey_fullchainFile
echo "Copy to hassio"
cp "$privkey_fullchainFile" /volume1/docker/hass.io/ssl/cert.pem
cp "$privkeyFile" /volume1/docker/hass.io/ssl/privkey.key
echo ""
echo "======================================================================"
echo "Replacing the expired certificate files"
echo "======================================================================"
function CopyFile() {
if test -f "$dst"; then
echo "———————————————————————-"
echo "Copying file: $dst"
fileOwner=$(ls -la "$dst"|awk '{print $3":"$4}')
cp "$src" "$dst"
chmod 400 "$dst"
chown $fileOwner "$dst"
md5sum --tag "$dst"
ls -la "$dst"
fi
}
function CopyCert() {
# Display a name of the folder processed
echo "Folder Name: $i"
# Get an owner and group name of the folder
src="$certFile"
dst="$i/cert.pem"
CopyFile
src="$chainFile"
dst="$i/chain.pem"
CopyFile
src="$fullchainFile"
dst="$i/fullchain.pem"
CopyFile
src="$privkeyFile"
dst="$i/privkey.pem"
CopyFile
src="$privkey_fullchainFile"
dst="$i/privkey_fullchain.pem"
CopyFile
echo "======================================================================"
}
i="/usr/syno/etc/certificate/system/default"
CopyCert
find "/usr/syno/etc/certificate/AppPortal/" -name "privkey.pem" -printf "%h\n"|while read i
do
CopyCert
done
find "/usr/syno/etc/certificate/ReverseProxy" -name "privkey.pem" -printf "%h\n"|while read i
do
CopyCert
done
find "/usr/local/etc/certificate/" -name "privkey.pem" -printf "%h\n"|while read i
do
CopyCert
done
# Restart services
synoservicecfg --restart nginx
#synoservice --restart pkgctl-hassio
synoservice --restart nginx
synoservice --restart DSM
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment