-
-
Save catchdave/69854624a21ac75194706ec20ca61327 to your computer and use it in GitHub Desktop.
# MOVED to public repo: https://github.com/catchdave/ssl-certs/blob/main/replace_synology_ssl_certs.sh |
�[1;97m�[1;100m| Filename | Valid From | Valid To | Domain | Issuer |�[0m
| �[0;95m/usr/syno/etc/certificate/smbftpd/ftpd �[0m |
| fullchain.pem | �[1;32mOct 30 10:20:17 2024 GMT �[0m | �[1;32mOct 31 10:20:17 2025 GMT �[0m | synology | Synology Inc. |
| cert.pem | �[1;32mOct 30 10:20:17 2024 GMT �[0m | �[1;32mOct 31 10:20:17 2025 GMT �[0m | synology | Synology Inc. |
| syno-ca-cert.pem | �[1;32mOct 30 10:20:16 2024 GMT �[0m | �[1;32mOct 31 10:20:16 2025 GMT �[0m | Synology Inc. CA | Synology Inc. |
| �[0;95m/usr/syno/etc/certificate/system/default �[0m |
| fullchain.pem | �[1;32mOct 30 10:20:17 2024 GMT �[0m | �[1;32mOct 31 10:20:17 2025 GMT �[0m | synology | Synology Inc. |
| cert.pem | �[1;32mOct 30 10:20:17 2024 GMT �[0m | �[1;32mOct 31 10:20:17 2025 GMT �[0m | synology | Synology Inc. |
| syno-ca-cert.pem | �[1;32mOct 30 10:20:16 2024 GMT �[0m | �[1;32mOct 31 10:20:16 2025 GMT �[0m | Synology Inc. CA | Synology Inc. |
| �[0;95m/usr/syno/etc/certificate/_archive/cSoecp �[0m |
| fullchain.pem | �[1;32mOct 30 10:20:17 2024 GMT �[0m | �[1;32mOct 31 10:20:17 2025 GMT �[0m | synology | Synology Inc. |
| cert.pem | �[1;32mOct 30 10:20:17 2024 GMT �[0m | �[1;32mOct 31 10:20:17 2025 GMT �[0m | synology | Synology Inc. |
| syno-ca-cert.pem | �[1;32mOct 30 10:20:16 2024 GMT �[0m | �[1;32mOct 31 10:20:16 2025 GMT �[0m | Synology Inc. CA | Synology Inc. |
| �[0;95m/usr/syno/etc/certificate/_archive �[0m |
| cert.pem | �[0;31mJan 4 08:27:06 2024 GMT �[0m | �[0;31mApr 3 08:27:05 2024 GMT �[0m | *.example.com | Let's Encrypt |
�[0;31m�[1m[WARN] No Valid Certs in: �[0m�[0;31m/usr/syno/etc/certificate/_archive/�[0m
| �[0;95m/usr/syno/etc/certificate/kmip/kmip �[0m |
| fullchain.pem | �[1;32mOct 30 10:20:17 2024 GMT �[0m | �[1;32mOct 31 10:20:17 2025 GMT �[0m | synology | Synology Inc. |
| cert.pem | �[1;32mOct 30 10:20:17 2024 GMT �[0m | �[1;32mOct 31 10:20:17 2025 GMT �[0m | synology | Synology Inc. |
| syno-ca-cert.pem | �[1;32mOct 30 10:20:16 2024 GMT �[0m | �[1;32mOct 31 10:20:16 2025 GMT �[0m | Synology Inc. CA | Synology Inc. |
| �[0;95m/usr/syno/etc/www/certificate/system_default �[0m |
| 152f89f2-20d5-4d1d-867c-d2b582b2313d.pem | �[1;32mOct 30 10:20:17 2024 GMT �[0m | �[1;32mOct 31 10:20:17 2025 GMT �[0m | synology | Synology Inc. |
| �[0;95m/usr/local/etc/certificate/LogCenter/pkg-LogCenter �[0m |
| fullchain.pem | �[1;32mOct 30 10:20:17 2024 GMT �[0m | �[1;32mOct 31 10:20:17 2025 GMT �[0m | synology | Synology Inc. |
| cert.pem | �[1;32mOct 30 10:20:17 2024 GMT �[0m | �[1;32mOct 31 10:20:17 2025 GMT �[0m | synology | Synology Inc. |
| syno-ca-cert.pem | �[1;32mOct 30 10:20:16 2024 GMT �[0m | �[1;32mOct 31 10:20:16 2025 GMT �[0m | Synology Inc. CA | Synology Inc. |
| �[0;95m/usr/local/etc/certificate/ScsiTarget/pkg-scsi-plugin-server �[0m |
| fullchain.pem | �[1;32mOct 30 10:20:17 2024 GMT �[0m | �[1;32mOct 31 10:20:17 2025 GMT �[0m | synology | Synology Inc. |
| cert.pem | �[1;32mOct 30 10:20:17 2024 GMT �[0m | �[1;32mOct 31 10:20:17 2025 GMT �[0m | synology | Synology Inc. |
| syno-ca-cert.pem | �[1;32mOct 30 10:20:16 2024 GMT �[0m | �[1;32mOct 31 10:20:16 2025 GMT �[0m | Synology Inc. CA | Synology Inc. |
�[1m=== Summary ===�[0m
�[1;97m�[1;100mTotal Directories �[0m | �[1m8 �[0m
�[1;97m�[1;100mTotal Certificates �[0m | �[1m20 �[0m
�[1;97m�[1;100mTotal Dirs w/ no valid cert �[0m | �[1m1 �[0m
�[1;97m�[1;100mTotal Valid Certs �[0m | �[1m19 �[0m
�[1;97m�[1;100mTotal InValid Certs �[0m | �[1m1 �[0m
all in all only Synology certs. And the remains of my trying import my own certs. They are lying around, but i've had already to reset the certs, as i said, the cert from synology wasn't shown in the security/cert gui area and the package manager wasn't working.
Perhaps this was a missundestanding, the certs are physically there on disk, but after runing your script, the synology one, wasn't shown in the security gui area of DSM
If the certs are physically there, I'm not sure besides maybe how services were restarted would affect the GUI.
I assume you tried restarting the machine?
of course. can i enable somew kind of debugging with your script?
@mamema - yes set a manual DEBUG flag in the script (change DEBUG=
line to DEBUG=1
). This will both print out manual debug statements and turn on set -x which will echo each command before execution.
As the comment threads for this once upon a time simple script ( 😄 ), I have moved this to a public repo instead. That way conversations about potential bugs can take place as issues.
See here: https://github.com/catchdave/ssl-certs/blob/main/replace_synology_ssl_certs.sh
I added a second domain to my Synology today and realized that with multiple certificates for different uses/destinations this got a bit more complex. I rewrote from scratch and it handles multiple certificates and their specific locations pretty well (work for a single cert as well)
https://github.com/telnetdoogie/synology-scripts/blob/main/check_certs.md
@mamema . This might be helpful to find all certs on your box: https://gist.github.com/catchdave/ff9c7d7a396a3201cfb14f912d3e5cda