LE certificate for subdomain

Currently reading
LE certificate for subdomain

You may have noticed that when you use Synology's native certificate update process, it restarts the web server when it's complete. This is a symptom of restarting nginx, and is necessary in order for the new certs to become active. The dead-easiest way to do this would be to reboot the server, but restarting nginx will do it more gracefully.
 
This should do the trick (as root): synoservice –restart nginx
I ran synoservice --restart nginx but it didn't do the trick. In the Security center, it's still the previous date displayed and the certificate in the reverse proxy folders are still the old ones as well...
 
It says "Ed79Bk" but I don't know what to do about it?
That means that the default certificate on DMS is your LE cert, then this output is the name of the folder inside _archive. There are files that need to be changed. Try and place the new certs using the same name of the files and reset nginx.
 
Thanks for your help @Rusty
Here we go and it seems to work :)
Code:
#!/bin/bash

{
    sudo docker run -it --rm --name certbot \
            -v "/volume1/docker/certbot:/etc/letsencrypt" \
            certbot/dns-cloudflare certonly \
            --dns-cloudflare \
            --dns-cloudflare-credentials /etc/letsencrypt/.secrets/cloudflare.ini \
            --server https://acme-v02.api.letsencrypt.org/directory \
            --force-renewal \
            -d *.mydomain.xyz;

    cp /volume1/docker/certbot/live/mydomain.xyz/fullchain.pem /volume1/docker/certbot/tmp/fullchain.pem
    cp /volume1/docker/certbot/live/mydomain.xyz/privkey.pem /volume1/docker/certbot/tmp/privkey.pem
    cp /volume1/docker/certbot/live/mydomain.xyz/cert.pem /volume1/docker/certbot/tmp/cert.pem

    sudo rm /usr/syno/etc/certificate/system/default/fullchain.pem
    sudo rm /usr/syno/etc/certificate/system/default/privkey.pem
    sudo rm /usr/syno/etc/certificate/system/default/cert.pem

    sudo cp /volume1/docker/certbot/tmp/fullchain.pem /usr/syno/etc/certificate/system/default/fullchain.pem
    sudo cp /volume1/docker/certbot/tmp/privkey.pem /usr/syno/etc/certificate/system/default/privkey.pem
    sudo cp /volume1/docker/certbot/tmp/cert.pem /usr/syno/etc/certificate/system/default/cert.pem
    sudo cp /volume1/docker/certbot/tmp/fullchain.pem /usr/syno/etc/certificate/_archive/Ed79Bk/fullchain.pem
    sudo cp /volume1/docker/certbot/tmp/privkey.pem /usr/syno/etc/certificate/_archive/Ed79Bk/privkey.pem
    sudo cp /volume1/docker/certbot/tmp/cert.pem /usr/syno/etc/certificate/_archive/Ed79Bk/cert.pem

    cd /usr/syno/etc/certificate/system/default
    ls -al

    sudo synoservice --restart nginx
}
 
Thanks for your help @Rusty
Here we go and it seems to work :)
Code:
#!/bin/bash

{
    sudo docker run -it --rm --name certbot \
            -v "/volume1/docker/certbot:/etc/letsencrypt" \
            certbot/dns-cloudflare certonly \
            --dns-cloudflare \
            --dns-cloudflare-credentials /etc/letsencrypt/.secrets/cloudflare.ini \
            --server https://acme-v02.api.letsencrypt.org/directory \
            --force-renewal \
            -d *.mydomain.xyz;

    cp /volume1/docker/certbot/live/mydomain.xyz/fullchain.pem /volume1/docker/certbot/tmp/fullchain.pem
    cp /volume1/docker/certbot/live/mydomain.xyz/privkey.pem /volume1/docker/certbot/tmp/privkey.pem
    cp /volume1/docker/certbot/live/mydomain.xyz/cert.pem /volume1/docker/certbot/tmp/cert.pem

    sudo rm /usr/syno/etc/certificate/system/default/fullchain.pem
    sudo rm /usr/syno/etc/certificate/system/default/privkey.pem
    sudo rm /usr/syno/etc/certificate/system/default/cert.pem

    sudo cp /volume1/docker/certbot/tmp/fullchain.pem /usr/syno/etc/certificate/system/default/fullchain.pem
    sudo cp /volume1/docker/certbot/tmp/privkey.pem /usr/syno/etc/certificate/system/default/privkey.pem
    sudo cp /volume1/docker/certbot/tmp/cert.pem /usr/syno/etc/certificate/system/default/cert.pem
    sudo cp /volume1/docker/certbot/tmp/fullchain.pem /usr/syno/etc/certificate/_archive/Ed79Bk/fullchain.pem
    sudo cp /volume1/docker/certbot/tmp/privkey.pem /usr/syno/etc/certificate/_archive/Ed79Bk/privkey.pem
    sudo cp /volume1/docker/certbot/tmp/cert.pem /usr/syno/etc/certificate/_archive/Ed79Bk/cert.pem

    cd /usr/syno/etc/certificate/system/default
    ls -al

    sudo synoservice --restart nginx
}
Well done indeed
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Similar threads

  • Question
In Synology DSM 7.1.1-42962 Update 6 I have number of reverse proxy rules on different domains, and in the...
Replies
0
Views
542
thanks a lot my friend, I will ask their costumer service on Monday /hug
Replies
4
Views
934
  • Question
Thanks for the input Telos. Yes I have had that on my mind for some time. Found some potential guides on...
Replies
2
Views
1,063
  • Question
The whole world agrees that https is the right and secure way to access web applications. The question is...
Replies
1
Views
2,357
If a answer is still needed! You should import the cloudflare orgin server RSA PEM see doc. Origin CA...
Replies
1
Views
4,359
Replies
2
Views
3,086

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Back
Top