LE certificate for subdomain

Currently reading
LE certificate for subdomain

436
169
NAS
DS212J, DS214play, DS216, DS216play, DS414, DS918+, RS816
Router
  1. RT2600ac
  2. MR2200ac
Operating system
  1. Windows
Mobile operating system
  1. iOS
You may have noticed that when you use Synology's native certificate update process, it restarts the web server when it's complete. This is a symptom of restarting nginx, and is necessary in order for the new certs to become active. The dead-easiest way to do this would be to reboot the server, but restarting nginx will do it more gracefully.
 
20
4
This should do the trick (as root): synoservice –restart nginx
I ran synoservice --restart nginx but it didn't do the trick. In the Security center, it's still the previous date displayed and the certificate in the reverse proxy folders are still the old ones as well...
 

Rusty

Moderator
NAS Support
6,540
1,948
www.blackvoid.club
NAS
DS718+, DS918+, 2x RS3614RPxs+
Router
  1. RT1900ac
  2. RT2600ac
  3. MR2200ac
Operating system
  1. macOS
Mobile operating system
  1. iOS
It says "Ed79Bk" but I don't know what to do about it?
That means that the default certificate on DMS is your LE cert, then this output is the name of the folder inside _archive. There are files that need to be changed. Try and place the new certs using the same name of the files and reset nginx.
 
20
4
Thanks for your help @Rusty
Here we go and it seems to work :)
Code:
#!/bin/bash

{
    sudo docker run -it --rm --name certbot \
            -v "/volume1/docker/certbot:/etc/letsencrypt" \
            certbot/dns-cloudflare certonly \
            --dns-cloudflare \
            --dns-cloudflare-credentials /etc/letsencrypt/.secrets/cloudflare.ini \
            --server https://acme-v02.api.letsencrypt.org/directory \
            --force-renewal \
            -d *.mydomain.xyz;

    cp /volume1/docker/certbot/live/mydomain.xyz/fullchain.pem /volume1/docker/certbot/tmp/fullchain.pem
    cp /volume1/docker/certbot/live/mydomain.xyz/privkey.pem /volume1/docker/certbot/tmp/privkey.pem
    cp /volume1/docker/certbot/live/mydomain.xyz/cert.pem /volume1/docker/certbot/tmp/cert.pem

    sudo rm /usr/syno/etc/certificate/system/default/fullchain.pem
    sudo rm /usr/syno/etc/certificate/system/default/privkey.pem
    sudo rm /usr/syno/etc/certificate/system/default/cert.pem

    sudo cp /volume1/docker/certbot/tmp/fullchain.pem /usr/syno/etc/certificate/system/default/fullchain.pem
    sudo cp /volume1/docker/certbot/tmp/privkey.pem /usr/syno/etc/certificate/system/default/privkey.pem
    sudo cp /volume1/docker/certbot/tmp/cert.pem /usr/syno/etc/certificate/system/default/cert.pem
    sudo cp /volume1/docker/certbot/tmp/fullchain.pem /usr/syno/etc/certificate/_archive/Ed79Bk/fullchain.pem
    sudo cp /volume1/docker/certbot/tmp/privkey.pem /usr/syno/etc/certificate/_archive/Ed79Bk/privkey.pem
    sudo cp /volume1/docker/certbot/tmp/cert.pem /usr/syno/etc/certificate/_archive/Ed79Bk/cert.pem

    cd /usr/syno/etc/certificate/system/default
    ls -al

    sudo synoservice --restart nginx
}
 

Rusty

Moderator
NAS Support
6,540
1,948
www.blackvoid.club
NAS
DS718+, DS918+, 2x RS3614RPxs+
Router
  1. RT1900ac
  2. RT2600ac
  3. MR2200ac
Operating system
  1. macOS
Mobile operating system
  1. iOS
Thanks for your help @Rusty
Here we go and it seems to work :)
Code:
#!/bin/bash

{
    sudo docker run -it --rm --name certbot \
            -v "/volume1/docker/certbot:/etc/letsencrypt" \
            certbot/dns-cloudflare certonly \
            --dns-cloudflare \
            --dns-cloudflare-credentials /etc/letsencrypt/.secrets/cloudflare.ini \
            --server https://acme-v02.api.letsencrypt.org/directory \
            --force-renewal \
            -d *.mydomain.xyz;

    cp /volume1/docker/certbot/live/mydomain.xyz/fullchain.pem /volume1/docker/certbot/tmp/fullchain.pem
    cp /volume1/docker/certbot/live/mydomain.xyz/privkey.pem /volume1/docker/certbot/tmp/privkey.pem
    cp /volume1/docker/certbot/live/mydomain.xyz/cert.pem /volume1/docker/certbot/tmp/cert.pem

    sudo rm /usr/syno/etc/certificate/system/default/fullchain.pem
    sudo rm /usr/syno/etc/certificate/system/default/privkey.pem
    sudo rm /usr/syno/etc/certificate/system/default/cert.pem

    sudo cp /volume1/docker/certbot/tmp/fullchain.pem /usr/syno/etc/certificate/system/default/fullchain.pem
    sudo cp /volume1/docker/certbot/tmp/privkey.pem /usr/syno/etc/certificate/system/default/privkey.pem
    sudo cp /volume1/docker/certbot/tmp/cert.pem /usr/syno/etc/certificate/system/default/cert.pem
    sudo cp /volume1/docker/certbot/tmp/fullchain.pem /usr/syno/etc/certificate/_archive/Ed79Bk/fullchain.pem
    sudo cp /volume1/docker/certbot/tmp/privkey.pem /usr/syno/etc/certificate/_archive/Ed79Bk/privkey.pem
    sudo cp /volume1/docker/certbot/tmp/cert.pem /usr/syno/etc/certificate/_archive/Ed79Bk/cert.pem

    cd /usr/syno/etc/certificate/system/default
    ls -al

    sudo synoservice --restart nginx
}
Well done indeed
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Similar threads

  • Question
The whole world agrees that https is the right and secure way to access web applications. The question is...
Replies
1
Views
488
If a answer is still needed! You should import the cloudflare orgin server RSA PEM see doc. Origin CA...
Replies
1
Views
1,332
Replies
2
Views
1,353
Tremendous stuff thank you fredbert.
Replies
4
Views
1,251
  • Question
@WST16 - you found my boundaries 😉, I don’t use the 7.
Replies
8
Views
1,135
Thanks @fredbert - that makes sense to me since I have another cert from R3 for the mentioned connection...
Replies
8
Views
1,202
Good to hear. I guess I'll know more when expiration hits.
Replies
3
Views
4,053

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Top