search

acmesh-official / acme.sh

A pure Unix shell script implementing ACME client protocol
https://acme.sh
GNU General Public License v3.0
39.23k stars 4.96k forks source link

The latest docker image seems to use ECC cert as default which is not compatible with synology_dsm deploy hook #4621

Open HADB opened 1 year ago

HADB commented 1 year ago

步骤

# 签发证书
docker run --rm \
-v "/xxx/acme.sh":/acme.sh \
-e Ali_Key="xxx" \
-e Ali_Secret="xxx" \
--net=host \
neilpang/acme.sh \
--issue --dns dns_ali --dnssleep 60 -d "xxx.com" -d "*.xxx.com" --server letsencrypt

# 部署到群晖
docker run --rm \
-v "/xxx/acme.sh":/acme.sh \
-e SYNO_Username="xxx" \
-e SYNO_Password="xxx" \
-e SYNO_Scheme="http" \
-e SYNO_Port="5007" \
-e SYNO_Certificate="" \
--net=host \
neilpang/acme.sh \
--deploy -d "xxx.com" \
--deploy-hook synology_dsm

使用的镜像是 2023-04-21 发布的:

neilpang/acme.sh:latest
DIGEST:sha256:0fb1e0f72e47ca25d56842f35025fc51f96afa8c91ea53f0251df20554694694

现象:

证书目录多了一个 _ecc 后缀的目录,在该文件夹中生成了新的证书,但并未能正常 deploy 到群晖中。

github-actions[bot] commented 1 year ago

Please upgrade to the latest code and try again first. Maybe it's already fixed. acme.sh --upgrade If it's still not working, please provide the log with --debug 2, otherwise, nobody can help you.

HADB commented 1 year ago

退回至 neilpang/acme.sh:3.0.5 可解决该问题,3.0.5 版本可正常签发并正常部署至群晖

AAkira45 commented 1 year ago

脚本参数更改为acme.sh --renew --dns --server letsencrypt -k 2048 -d your.domain.com,即可正常签发非ECC证书 。 for details/refers:#2350

HADB commented 1 year ago

脚本参数更改为acme.sh --renew --dns --server letsencrypt -k 2048 -d your.domain.com,即可正常签发非ECC证书 。 for details/refers:#2350

嗯。手动添加参数是可以正常签发的,提这个 issue 主要是反馈镜像突然更新了一个不兼容的版本导致了问题