LE certificate for subdomain

Currently reading
LE certificate for subdomain

You may have noticed that when you use Synology's native certificate update process, it restarts the web server when it's complete. This is a symptom of restarting nginx, and is necessary in order for the new certs to become active. The dead-easiest way to do this would be to reboot the server, but restarting nginx will do it more gracefully.
 
Rusty said:
This should do the trick (as root): synoservice –restart nginx
Click to expand...
I ran synoservice --restart nginx but it didn't do the trick. In the Security center, it's still the previous date displayed and the certificate in the reverse proxy folders are still the old ones as well...
 
Mnl- said:
It says "Ed79Bk" but I don't know what to do about it?
Click to expand...
That means that the default certificate on DMS is your LE cert, then this output is the name of the folder inside _archive. There are files that need to be changed. Try and place the new certs using the same name of the files and reset nginx.
 
Thanks for your help @Rusty
Here we go and it seems to work :)
Code: 
#!/bin/bash

{
    sudo docker run -it --rm --name certbot \
            -v "/volume1/docker/certbot:/etc/letsencrypt" \
            certbot/dns-cloudflare certonly \
            --dns-cloudflare \
            --dns-cloudflare-credentials /etc/letsencrypt/.secrets/cloudflare.ini \
            --server https://acme-v02.api.letsencrypt.org/directory \
            --force-renewal \
            -d *.mydomain.xyz;

    cp /volume1/docker/certbot/live/mydomain.xyz/fullchain.pem /volume1/docker/certbot/tmp/fullchain.pem
    cp /volume1/docker/certbot/live/mydomain.xyz/privkey.pem /volume1/docker/certbot/tmp/privkey.pem
    cp /volume1/docker/certbot/live/mydomain.xyz/cert.pem /volume1/docker/certbot/tmp/cert.pem

    sudo rm /usr/syno/etc/certificate/system/default/fullchain.pem
    sudo rm /usr/syno/etc/certificate/system/default/privkey.pem
    sudo rm /usr/syno/etc/certificate/system/default/cert.pem

    sudo cp /volume1/docker/certbot/tmp/fullchain.pem /usr/syno/etc/certificate/system/default/fullchain.pem
    sudo cp /volume1/docker/certbot/tmp/privkey.pem /usr/syno/etc/certificate/system/default/privkey.pem
    sudo cp /volume1/docker/certbot/tmp/cert.pem /usr/syno/etc/certificate/system/default/cert.pem
    sudo cp /volume1/docker/certbot/tmp/fullchain.pem /usr/syno/etc/certificate/_archive/Ed79Bk/fullchain.pem
    sudo cp /volume1/docker/certbot/tmp/privkey.pem /usr/syno/etc/certificate/_archive/Ed79Bk/privkey.pem
    sudo cp /volume1/docker/certbot/tmp/cert.pem /usr/syno/etc/certificate/_archive/Ed79Bk/cert.pem

    cd /usr/syno/etc/certificate/system/default
    ls -al

    sudo synoservice --restart nginx
}
 
Mnl- said:
Thanks for your help @Rusty
Here we go and it seems to work :)
Code: 
#!/bin/bash

{
    sudo docker run -it --rm --name certbot \
            -v "/volume1/docker/certbot:/etc/letsencrypt" \
            certbot/dns-cloudflare certonly \
            --dns-cloudflare \
            --dns-cloudflare-credentials /etc/letsencrypt/.secrets/cloudflare.ini \
            --server https://acme-v02.api.letsencrypt.org/directory \
            --force-renewal \
            -d *.mydomain.xyz;

    cp /volume1/docker/certbot/live/mydomain.xyz/fullchain.pem /volume1/docker/certbot/tmp/fullchain.pem
    cp /volume1/docker/certbot/live/mydomain.xyz/privkey.pem /volume1/docker/certbot/tmp/privkey.pem
    cp /volume1/docker/certbot/live/mydomain.xyz/cert.pem /volume1/docker/certbot/tmp/cert.pem

    sudo rm /usr/syno/etc/certificate/system/default/fullchain.pem
    sudo rm /usr/syno/etc/certificate/system/default/privkey.pem
    sudo rm /usr/syno/etc/certificate/system/default/cert.pem

    sudo cp /volume1/docker/certbot/tmp/fullchain.pem /usr/syno/etc/certificate/system/default/fullchain.pem
    sudo cp /volume1/docker/certbot/tmp/privkey.pem /usr/syno/etc/certificate/system/default/privkey.pem
    sudo cp /volume1/docker/certbot/tmp/cert.pem /usr/syno/etc/certificate/system/default/cert.pem
    sudo cp /volume1/docker/certbot/tmp/fullchain.pem /usr/syno/etc/certificate/_archive/Ed79Bk/fullchain.pem
    sudo cp /volume1/docker/certbot/tmp/privkey.pem /usr/syno/etc/certificate/_archive/Ed79Bk/privkey.pem
    sudo cp /volume1/docker/certbot/tmp/cert.pem /usr/syno/etc/certificate/_archive/Ed79Bk/cert.pem

    cd /usr/syno/etc/certificate/system/default
    ls -al

    sudo synoservice --restart nginx
}
Click to expand...
Well done indeed
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Register

Log in

Already have an account? Log in here.

Similar threads

C
  • Question
Self-Signed certificate renewed itself ahead of time???
Thanks for the input Telos. Yes I have had that on my mind for some time. Found some potential guides on...
Replies
2
Views
354
Chris
C
N
Still getting Certificate Isn't Private after using Let's Encrypt
Check power timers, if not that is it over heating?
Replies
18
Views
1,749
Gerard
G
A
  • Question
Local HTTPS Requires a Certificate; Does That Expose The NAS Online?
The whole world agrees that https is the right and secure way to access web applications. The question is...
Replies
1
Views
1,284
one-eyed-king
one-eyed-king
V
Cloudflare Certificate Problems
If a answer is still needed! You should import the cloudflare orgin server RSA PEM see doc. Origin CA...
Replies
1
Views
2,974
BobW
BobW
P
  • Question
Security certificate for intranet access
Thank you for the detailed reply.
Replies
2
Views
2,321
Paulo_M_
P
ed.j
SSL Certificate - necessary?
Tremendous stuff thank you fredbert.
Replies
4
Views
1,514
ed.j
ed.j
WST16
  • Question
Moving an LE certificate from a dead DiskStation?
@WST16 - you found my boundaries 😉, I don’t use the 7.
Replies
8
Views
1,368
jeyare
jeyare

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Register

Trending threads

Back
Top