群晖DSM7.2系统自动申请SSL证书 acme.sh
1.ssh进入群晖
sudo -i 切换至 root 账户
2.新建目录。绝对路径(实际目录)/volume2/docker/acme.sh
3.ssh运行
1 2 3 4 5 6 7 8 9 10 11 12 13 |
docker run -itd \ -v "/volume2/docker/acme.sh":/acme.sh \ -e CF_Key="此处替换为key" \ -e CF_Email="ddns邮箱" \ -e SYNO_Username="群晖管理员用户名" \ -e SYNO_Password="群晖管理员密码" \ -e SYNO_Certificate="" \ -e SYNO_Create=1 \ --net=host \ --restart=always \ --name=acme \ neilpang/acme.sh \ daemon |
这样会自动运行一个名为 acme 的容器,接下来更改默认ca
1 |
docker exec acme acme.sh --set-default-ca --server letsencrypt |
4.重启容器
5.申请证书
1 2 3 4 |
docker exec acme \ acme.sh --issue \ -d examples.com -d *.examples.com \ --dns dns_cf \ |
6,回到群晖web网页,添加计划任务
新增一个计划任务脚本
1 2 3 4 5 |
docker exec acme \ acme.sh --issue \ -d examples.com -d *.examples.com \ --dns dns_cf \ --deploy --deploy-hook synology_dsm |
发现了这个错误:
1 2 3 4 5 6 |
[Sat May 25 17:00:42 UTC 2024] The domain '**.com' seems to have a ECC cert already, lets use ecc cert. [Sat May 25 17:00:43 UTC 2024] Logging into localhost:5000... [Sat May 25 17:00:44 UTC 2024] Getting certificates in Synology DSM... [Sat May 25 17:00:44 UTC 2024] Unable to find certificate: "" and is not set. [Sat May 25 17:00:44 UTC 2024] Error deploy for domain:**.com [Sat May 25 17:00:44 UTC 2024] Deploy error. |
这是2024年5月份刚出来的错误,暂不清楚原因,只需要在容器的环境中,增加SYNO_Create数值为1
本文出自E星期五的博客,转载时请注明出处及相应链接。
本文永久链接: https://exqw.com/archives/1786.html
2 条评论
你好,运行最后一步报这个问题,账号没有开启两步验证
Enter OTP code for user ‘root’: Enter device name or leave empty for default (CertRenewal): [Wed Sep 27 12:54:09 UTC 2023] Unable to authenticate to http://localhost:5000 – check your username & password.
[Wed Sep 27 12:54:09 UTC 2023] If two-factor authentication is enabled for the user, set SYNO_Device_ID.
[Wed Sep 27 12:54:09 UTC 2023] Error deploy for domain:xxx.xx
[Wed Sep 27 12:54:09 UTC 2023] Deploy error.
拉取旧版本镜像试试,如:neilpang/acme.sh:3.06