Created
June 5, 2023 09:51
-
-
Save scarab714/33583d01a3ca381f59413fd960520fc0 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# 1. Manually import a certificate through the Synology GUI and assign it for "Synology Drive Server" (and all other services you need that certificate for). | |
# A folder with random characters will be created into /usr/syno/etc/certificate/_archive/xxxxxx | |
# This is the folder name that need to be set for the variable "cert_folder_name" on the script | |
# 2. Get your 3 PEM files ready to copy over from your local machine/update server (privkey.pem, fullchain.pem, cert.pem) | |
# and put into a directory (this will be $CERT_DIRECTORY). | |
# 3. Ensure you have a user setup on synology that has ssh access (and ssh access is setup). | |
# This user will need to be able to sudo as root (i.e. add this line to sudoers, <USER> is the user you create): | |
# <USER> ALL=(ALL) NOPASSWD: /var/services/homes/<USER>/replace_synology_drive_cert.sh | |
# --> vi /etc/sudoers | |
# 4. Copy this script to Synology: sudo scp replace_synology_drive_cert.sh $USER@$SYNOLOGY_SERVER:~/ | |
# --> scp replace_synology_drive_cert.sh certupdate@$SYNOLOGY_SERVER:~/ | |
# 5. Call this script as follows: | |
# sudo bash -c scp ${CERT_DIRECTORY}/{privkey,fullchain,cert}.pem $USER@$SYNOLOGY_SERVER:/tmp/ \ | |
# && ssh $USER@$SYNOLOGY_SERVER 'sudo ./replace_synology_ssl_certs.sh' | |
# --> bash -c 'scp $CERT_DIRECTORY/{privkey,fullchain,cert}.pem certupdate@$SYNOLOGY_SERVER:/tmp/' \ && ssh certupdate@$SYNOLOGY_SERVER 'sudo ./replace_synology_drive_cert.sh' | |
# Script start. | |
#!/bin/bash | |
# Variables | |
cert_folder_name="j8YXEU" | |
# Move and chown certificates from /tmp to certificate directory | |
mv /tmp/{privkey,fullchain,cert}.pem /usr/syno/etc/certificate/_archive/$cert_folder_name | |
chown root:root /usr/syno/etc/certificate/_archive/$cert_folder_name/{privkey,fullchain,cert}.pem | |
# Copy certificates to SynologyDrive directory | |
cp -r /usr/syno/etc/certificate/_archive/$cert_folder_name/*.pem /usr/local/etc/certificate/SynologyDrive/SynologyDrive/ | |
#cp -r /usr/syno/etc/certificate/_archive/$cert_folder_name/*.pem /usr/syno/etc/certificate/AppPortal/SynologyDrive/ | |
# Restart services & packages | |
/usr/syno/bin/synopkg restart SynologyDrive |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment