search

acmesh-official / acme.sh

A pure Unix shell script implementing ACME client protocol
https://acme.sh
GNU General Public License v3.0
39.61k stars 4.99k forks source link

Reversing changes Broken CERTS - Synology NAS #1656

Open buzurk26 opened 6 years ago

buzurk26 commented 6 years ago

Hi

I have followed your guide for LE and Letencrypt on one NAS and it worked a treat

I got a new NAS and for some unknown reason i cannot get it to work, and now i believe i am in a bad state where i dont have any certificates

i did get it to a point where by my LE cert installed, and was recognised, but the browser still deemed it self signed

[Wed Jun 6 22:44:27 AEST 2018] Your cert is in /root/.acme.sh/my.domain/my.domain.cer [Wed Jun 6 22:44:27 AEST 2018] Your cert key is in /root/.acme.sh/my.domain/my.domain.key [Wed Jun 6 22:44:27 AEST 2018] The intermediate CA cert is in /root/.acme.sh/my.domain/ca.cer [Wed Jun 6 22:44:27 AEST 2018] And the full chain certs is there: /root/.acme.sh/my.domain/fullchain.cer [Wed Jun 6 22:44:28 AEST 2018] Installing cert to:/usr/syno/etc/certificate/_archive/azShyV/cert.pem [Wed Jun 6 22:44:28 AEST 2018] Installing CA to:/usr/syno/etc/certificate/_archive/azShyV/chain.pem [Wed Jun 6 22:44:28 AEST 2018] Installing key to:/usr/syno/etc/certificate/_archive/azShyV/privkey.pem [Wed Jun 6 22:44:28 AEST 2018] Installing full chain to:/usr/syno/etc/certificate/_archive/azShyV/fullchain.pem [Wed Jun 6 22:44:28 AEST 2018] Run reload cmd: /usr/syno/sbin/synoservicectl --reload nginx

I tried both methods, including issuing the following command export CERT_FOLDER="$(find /usr/syno/etc/certificate/_archive/ -maxdepth 1 -mindepth 1 -type d)" then running the script again, i believe this has given me an _archive folder with some certs in it also which is where i think it broke

any help would be greatly appreciated.

FernandoMiguel commented 6 years ago

no useful errors here... just steps. have you tried rebooting the NAS to see if it assumes the new cert?

buzurk26 commented 6 years ago

Yes, sure have.

Cert appears to be there as i manually copied it to the /usr/syno/etc/certificate/system/default folder

i can make it default, but this is not ideal im sure, and it wont let me bind https://imgur.com/a/VyzROOa

buzurk26 commented 6 years ago

Is there any way to revert this

my certs are missing, logs showing

synoscgi_SYNO.Core.Certificate.CRT_1_list[18080]: certificate.cpp:1100 Lack of necessary files in cert dir.

i ran this command when i first run your guide $ export CERT_FOLDER="$(find /usr/syno/etc/certificate/_archive/ -maxdepth 1 -mindepth 1 -type d)"