Open bluppfisk opened 2 weeks ago
I haven't come across a cert_info
file before. The strings appear in the Synology builtin HTTP-01 binary:
$ grep -w is_broken syno/sbin/syno-letsencrypt
Binary file /usr/syno/sbin/syno-letsencrypt matches
$ grep -w cert_info syno/sbin/syno-letsencrypt
Binary file /usr/syno/sbin/syno-letsencrypt matches
Do you have the builtin HTTP-01 functionality enabled or at some point tried it out?
Regarding scheduling. See the README, it suggests your approach, but running it daily.
Hi, I've definitely tried HTTP challenges before but I don't want that port open on my home network so I figured DNS challenges are more secure. However I haven't run http01 challenge in combination with your script so I don't understand how that file ended up in the _archive/$cert_id folder
re: the 2nd point: I cannot believe I've read over it. Thanks :)
First of all, thanks for the great script. Couple of questions:
The script successfully obtained a certificate from GandiV5 after I had also told it to not wait for full DNS propagation because I am using a local DNS server to which it will probably not propagate. (
LEGO_OPTIONS=(--dns.disable-cp)
)It also installed it correctly so that it showed up in the Synology Control panel (Security > Certificate). However, the certificate shows up as being in "Error". Funnily enough, I can use it, and browsers recognise it as a valid certificate, but synology itself says the certificate is "Error" without further information. Turns out that there's a file in the $cert_id_path that is called cert_info and contains
{"is_broken":true}
. Simply setting that tofalse
solved the display, but I wonder what has caused this. Any ideas?Extra question: any best practices on how to automate this? I have set the Synology Task scheduler to run
/usr/local/bin/synology-letsencrypt.sh
asroot
every week. This seems obvious to me but is perhaps not the way you would do it?