search

acmesh-official / acme.sh

A pure Unix shell script implementing ACME client protocol
https://acme.sh
GNU General Public License v3.0
37.52k stars 4.83k forks source link

Deploy synology_dsm.sh - Error 109 (was succeed 2 months ago) #5191

Open LordDarkneo opened 3 days ago

LordDarkneo commented 3 days ago

Hello all!

I just realized that my certificate has not been newed few weeks ago. After checking the logs, I saw a deployment issue:

Getting certificates in Synology DSM... POST _post_url='http://192.168.1.100:5000/webapi/entry.cgi' _CURL='curl --silent --dump-header /acme.sh/http.header -L -g ' _ret='0' escaped_certificate='Certificat LE pour domaine OVH' Failed to fetch certificate info with error: 119, please try again or contact Synology to learn more. Error deploy for domain:mydomain.ovh Deploy error. Return code: 1 Error renew mydomain.ovh. _error_level='1' _set_level='2' The NOTIFY_HOOK is empty, just return. ===End cron===

I checked the synology_dsm.sh file, and the issue seems to be here:

  _info "Getting certificates in Synology DSM..."
  response=$(_post "api=SYNO.Core.Certificate.CRT&method=list&version=1&_sid=$sid" "$_base_url/webapi/entry.cgi")
  _debug3 response "$response"
  escaped_certificate="$(printf "%s" "$SYNO_CERTIFICATE" | sed 's/\([].*^$[]\)/\\\1/g;s/"/\\\\"/g')"
  _debug escaped_certificate "$escaped_certificate"
  id=$(echo "$response" | sed -n "s/.*\"desc\":\"$escaped_certificate\",\"id\":\"\([^\"]*\).*/\1/p")
  _debug2 id "$id"

  error_code=$(echo "$response" | grep '"error":' | grep -o '"code":[0-9]*' | grep -o '[0-9]*')
  _debug2 error_code "$error_code"
  if [ -n "$error_code" ]; then
    if [ "$error_code" -eq 105 ]; then
      _err "Current user is not administrator and does not have sufficient permission for deploying."
    else
      _err "Failed to fetch certificate info with error: $error_code, please try again or contact Synology to learn more."
    fi
    _temp_admin_cleanup "$SYNO_USE_TEMP_ADMIN" "$SYNO_USERNAME"
    return 1
  fi

I saw there has been a modification on this file 2 month ago... What's surprising is that I normally configured the acme not to be updated automatically.... So I do not understand why I received the updates.

Thanks in advance for your help (I am a real beginner in Docker... So if some can tell me how to download the certificates so I'll update them manually with the DSM interface).

FYI: the Acme is running on a docker (neilpang one) on a Synology. Previous logs in mid april were:

Getting certificates in Synology DSM POST _post_url='http://192.168.1.100:5000/webapi/entry.cgi' _CURL='curl --silent --dump-header /acme.sh/http.header -L -g ' _ret='0' escaped_certificate='Certificat LE pour domaine OVH' Generate form POST request Upload certificate to the Synology DSM POST _post_url='http://192.168.1.100:5000/webapi/entry.cgi?api=SYNO.Core.Certificate&method=import&version=1&SynoToken=xxxxx _CURL='curl --silent --dump-header /acme.sh/http.header -L -g ' _ret='0' Restarting HTTP services succeeded GET url='http://192.168.1.100:5000/webapi/auth.cgi?api=SYNO.API.Auth&version=6&method=logout&_sid=xxxxx timeout= _CURL='curl --silent --dump-header /acme.sh/http.header -L -g ' ret='0' Success Return code: 0 _error_level='2' _set_level='2' The NOTIFY_HOOK is empty, just return. ===End cron===

github-actions[bot] commented 3 days ago

Please upgrade to the latest code and try again first. Maybe it's already fixed. acme.sh --upgrade If it's still not working, please provide the log with --debug 2, otherwise, nobody can help you.

LordDarkneo commented 3 days ago

Well... trying to get the level 3 debug logs, I ran this command: acme.sh --deploy -d 'mydomain.ovh' --deploy-hook synology_dsm --debug 3

And the deployment.... Has succeeded.... without changing anything.....

[Sun Jun 30 13:11:57 UTC 2024] readlink exists=0 [Sun Jun 30 13:11:57 UTC 2024] dirname exists=0 [Sun Jun 30 13:11:57 UTC 2024] Lets find script dir. [Sun Jun 30 13:11:57 UTC 2024] SCRIPT='/usr/local/bin/acme.sh' [Sun Jun 30 13:11:57 UTC 2024] _script='/root/.acme.sh/acme.sh' [Sun Jun 30 13:11:57 UTC 2024] _script_home='/root/.acme.sh' [Sun Jun 30 13:11:57 UTC 2024] Using default home:/root/.acme.sh [Sun Jun 30 13:11:57 UTC 2024] Using config home:/acme.sh [Sun Jun 30 13:11:57 UTC 2024] ACCOUNT_CONF_PATH='/acme.sh/account.conf' [Sun Jun 30 13:11:57 UTC 2024] OK [Sun Jun 30 13:11:57 UTC 2024] 4:AUTO_UPGRADE='0' [Sun Jun 30 13:11:57 UTC 2024] LE_WORKING_DIR='/root/.acme.sh' https://github.com/acmesh-official/acme.sh v3.0.8 [Sun Jun 30 13:11:57 UTC 2024] Running cmd: deploy [Sun Jun 30 13:11:57 UTC 2024] Using config home:/acme.sh [Sun Jun 30 13:11:57 UTC 2024] ACCOUNT_CONF_PATH='/acme.sh/account.conf' [Sun Jun 30 13:11:57 UTC 2024] default_acme_server='https://acme-v02.api.letsencrypt.org/directory' [Sun Jun 30 13:11:57 UTC 2024] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory' [Sun Jun 30 13:11:57 UTC 2024] _ACME_SERVER_HOST='acme-v02.api.letsencrypt.org' [Sun Jun 30 13:11:57 UTC 2024] _ACME_SERVER_PATH='directory' [Sun Jun 30 13:11:57 UTC 2024] CA_CONF='/acme.sh/ca/acme-v02.api.letsencrypt.org/directory/ca.conf' [Sun Jun 30 13:11:57 UTC 2024] DOMAIN_PATH='/acme.sh/mydomain.ovh' [Sun Jun 30 13:11:57 UTC 2024] DOMAIN_CONF='/acme.sh/mydomain.ovh/mydomain.ovh.conf' [Sun Jun 30 13:11:57 UTC 2024] OK [Sun Jun 30 13:11:57 UTC 2024] 16:Le_DeployHook='synology_dsm,' [Sun Jun 30 13:11:57 UTC 2024] _deployApi='/root/.acme.sh/deploy/synology_dsm.sh' [Sun Jun 30 13:11:57 UTC 2024] synology_dsm_deploy exists=0 [Sun Jun 30 13:11:57 UTC 2024] _cdomain='mydomain.ovh' [Sun Jun 30 13:11:57 UTC 2024] Domain config new key exists, old key SAVED_SYNO_Username='user' has been removed. [Sun Jun 30 13:11:57 UTC 2024] Domain config new key exists, old key SAVED_SYNO_Password='password' has been removed. [Sun Jun 30 13:11:57 UTC 2024] Domain config new key exists, old key SAVED_SYNO_Device_ID='xxxxx' has been removed. [Sun Jun 30 13:11:57 UTC 2024] SYNO_USE_TEMP_ADMIN [Sun Jun 30 13:11:57 UTC 2024] SYNO_USE_TEMP_ADMIN [Sun Jun 30 13:11:57 UTC 2024] SYNO_USERNAME='Acme-cert' [Sun Jun 30 13:11:57 UTC 2024] SYNO_PASSWORD='[hidden](please add '--output-insecure' to see this value)' [Sun Jun 30 13:11:57 UTC 2024] SYNO_DEVICE_NAME='CertRenewal' [Sun Jun 30 13:11:57 UTC 2024] SYNO_DEVICE_ID='[hidden](please add '--output-insecure' to see this value)' [Sun Jun 30 13:11:57 UTC 2024] Domain config new key exists, old key SAVED_SYNO_Scheme='http' has been removed. [Sun Jun 30 13:11:57 UTC 2024] Domain config new key exists, old key SAVED_SYNO_Hostname='192.168.1.100' has been removed. [Sun Jun 30 13:11:57 UTC 2024] Domain config new key exists, old key SAVED_SYNO_Port='5000' has been removed. [Sun Jun 30 13:11:57 UTC 2024] OK [Sun Jun 30 13:11:57 UTC 2024] 30:SAVED_SYNO_SCHEME='http' [Sun Jun 30 13:11:57 UTC 2024] OK [Sun Jun 30 13:11:57 UTC 2024] 31:SAVED_SYNO_HOSTNAME='192.168.1.100' [Sun Jun 30 13:11:57 UTC 2024] OK [Sun Jun 30 13:11:57 UTC 2024] 32:SAVED_SYNO_PORT='5000' [Sun Jun 30 13:11:57 UTC 2024] SYNO_SCHEME='http' [Sun Jun 30 13:11:57 UTC 2024] SYNO_HOSTNAME='192.168.1.100' [Sun Jun 30 13:11:57 UTC 2024] SYNO_PORT='5000' [Sun Jun 30 13:11:57 UTC 2024] Domain config new key exists, old key SAVED_SYNO_Certificate='Certificat LE pour domaine OVH' has been removed. [Sun Jun 30 13:11:57 UTC 2024] SYNO_CERTIFICATE='Certificat LE pour domaine OVH' [Sun Jun 30 13:11:57 UTC 2024] Getting API version... [Sun Jun 30 13:11:57 UTC 2024] _base_url='http://192.168.1.100:5000' [Sun Jun 30 13:11:57 UTC 2024] GET [Sun Jun 30 13:11:57 UTC 2024] url='http://192.168.1.100:5000/webapi/query.cgi?api=SYNO.API.Info&version=1&method=query&query=SYNO.API.Auth' [Sun Jun 30 13:11:57 UTC 2024] timeout= [Sun Jun 30 13:11:57 UTC 2024] curl exists=0 [Sun Jun 30 13:11:57 UTC 2024] mktemp exists=0 [Sun Jun 30 13:11:57 UTC 2024] wget exists=0 [Sun Jun 30 13:11:57 UTC 2024] _CURL='curl --silent --dump-header /acme.sh/http.header -L --trace-ascii /tmp/tmp.iD1d7FuriB -g ' [Sun Jun 30 13:11:58 UTC 2024] ret='0' [Sun Jun 30 13:11:58 UTC 2024] response='{"data":{"SYNO.API.Auth":{"maxVersion":6,"minVersion":1,"path":"auth.cgi"}},"success":true}' [Sun Jun 30 13:11:58 UTC 2024] api_path='auth.cgi' [Sun Jun 30 13:11:58 UTC 2024] api_version='6' [Sun Jun 30 13:11:58 UTC 2024] Logging into 192.168.1.100:5000... [Sun Jun 30 13:11:58 UTC 2024] od exists=0 [Sun Jun 30 13:11:58 UTC 2024] _url_encode [Sun Jun 30 13:11:58 UTC 2024] _hex_str=' 41 63 6d 65 2d 63 65 72 74' [Sun Jun 30 13:11:58 UTC 2024] od exists=0 [Sun Jun 30 13:11:58 UTC 2024] _url_encode [Sun Jun 30 13:11:58 UTC 2024] _hex_str=' 7a 42 6e 71 24 4b 31 38 31 38 31 38 21' [Sun Jun 30 13:11:58 UTC 2024] error_code='403' [Sun Jun 30 13:11:58 UTC 2024] GET [Sun Jun 30 13:11:58 UTC 2024] url='http://192.168.1.100:5000/webapi/auth.cgi?api=SYNO.API.Auth&version=6&method=login&format=sid&account=user&passwd=pwd&enable_syno_token=yes&device_name=CertRenewal&device_id=B3J4N01003' [Sun Jun 30 13:11:58 UTC 2024] timeout= [Sun Jun 30 13:11:58 UTC 2024] curl exists=0 [Sun Jun 30 13:11:58 UTC 2024] mktemp exists=0 [Sun Jun 30 13:11:58 UTC 2024] wget exists=0 [Sun Jun 30 13:11:58 UTC 2024] _CURL='curl --silent --dump-header /acme.sh/http.header -L --trace-ascii /tmp/tmp.cgFXRZtbLB -g ' [Sun Jun 30 13:11:59 UTC 2024] ret='0' [Sun Jun 30 13:11:59 UTC 2024] response='[hidden](please add '--output-insecure' to see this value)' [Sun Jun 30 13:11:59 UTC 2024] error_code [Sun Jun 30 13:11:59 UTC 2024] Session ID='zAQ7x2jazj99AB3J4N01003' [Sun Jun 30 13:11:59 UTC 2024] SynoToken='IAk.m0v9Bqlcg' [Sun Jun 30 13:11:59 UTC 2024] H1='X-SYNO-TOKEN: IAk.m0v9Bqlcg' [Sun Jun 30 13:11:59 UTC 2024] OK [Sun Jun 30 13:11:59 UTC 2024] 26:SAVED_SYNO_USERNAME='user' [Sun Jun 30 13:11:59 UTC 2024] OK [Sun Jun 30 13:11:59 UTC 2024] 27:SAVED_SYNO_PASSWORD='password' [Sun Jun 30 13:11:59 UTC 2024] OK [Sun Jun 30 13:11:59 UTC 2024] 28:SAVED_SYNO_DEVICE_ID='xxx' [Sun Jun 30 13:11:59 UTC 2024] OK [Sun Jun 30 13:11:59 UTC 2024] 29:SAVED_SYNO_DEVICE_NAME='CertRenewal' [Sun Jun 30 13:11:59 UTC 2024] Getting certificates in Synology DSM... [Sun Jun 30 13:11:59 UTC 2024] POST [Sun Jun 30 13:11:59 UTC 2024] _post_url='http://192.168.1.100:5000/webapi/entry.cgi' [Sun Jun 30 13:11:59 UTC 2024] body='api=SYNO.Core.Certificate.CRT&method=list&version=1&_sid=zAQ7x2jazj99AB3J4N01003' [Sun Jun 30 13:11:59 UTC 2024] _postContentType [Sun Jun 30 13:11:59 UTC 2024] curl exists=0 [Sun Jun 30 13:11:59 UTC 2024] mktemp exists=0 [Sun Jun 30 13:11:59 UTC 2024] wget exists=0 [Sun Jun 30 13:11:59 UTC 2024] _CURL='curl --silent --dump-header /acme.sh/http.header -L --trace-ascii /tmp/tmp.lP5f5rBE4W -g ' [Sun Jun 30 13:11:59 UTC 2024] _ret='0' [Sun Jun 30 13:11:59 UTC 2024] response='{"data":{"certificates":[{"desc":"","id":"AeNVW2","is_default":false,"issuer":{"common_name":"R3","country":"US","organization":"Let's Encrypt"},"services":[],"signature_algorithm":[...] },"success":true}' [Sun Jun 30 13:11:59 UTC 2024] escaped_certificate='Certificat LE pour domaine OVH' [Sun Jun 30 13:11:59 UTC 2024] id='Cbb2wb' [Sun Jun 30 13:11:59 UTC 2024] error_code [Sun Jun 30 13:11:59 UTC 2024] SYNO_CREATE [Sun Jun 30 13:11:59 UTC 2024] base64 single line. [Sun Jun 30 13:11:59 UTC 2024] OK [Sun Jun 30 13:11:59 UTC 2024] 33:SAVED_SYNO_CERTIFICATE='ACME_BASE64__START_Q2VydGlmaWNhdCBMRSBwb3VyIGRvbWFpbmUgT1ZIACME_BASE64_END' [Sun Jun 30 13:11:59 UTC 2024] Generating form POST request... [Sun Jun 30 13:11:59 UTC 2024] default='This is the default certificate' [Sun Jun 30 13:11:59 UTC 2024] Upload certificate to the Synology DSM. [Sun Jun 30 13:11:59 UTC 2024] POST [Sun Jun 30 13:11:59 UTC 2024] _post_url='http://192.168.1.100:5000/webapi/entry.cgi?api=SYNO.Core.Certificate&method=import&version=1&SynoToken=IAk.m0v9Bqlcg&_sid=zAQ7x2jazj99AB3J4N01003' [Sun Jun 30 13:11:59 UTC 2024] body='----------------------------20240630131159 Content-Disposition: form-data; name="key"; filename="mydomain.ovh.key" Content-Type: application/octet-stream

-----BEGIN RSA PRIVATE KEY----- M g= -----END RSA PRIVATE KEY-----

----------------------------20240630131159 Content-Disposition: form-data; name="cert"; filename="mydomain.ovh.cer" Content-Type: application/octet-stream

-----BEGIN CERTIFICATE----- M gB5b -----END CERTIFICATE-----

----------------------------20240630131159 Content-Disposition: form-data; name="inter_cert"; filename="ca.cer" Content-Type: application/octet-stream

-----BEGIN CERTIFICATE----- MI A -----END CERTIFICATE-----

----------------------------20240630131159 Content-Disposition: form-data; name="id"

Cbb2wb ----------------------------20240630131159 Content-Disposition: form-data; name="desc"

Certificat LE pour domaine OVH ----------------------------20240630131159 Content-Disposition: form-data; name="as_default"

true ----------------------------20240630131159-- ' [Sun Jun 30 13:11:59 UTC 2024] _postContentType='multipart/form-data; boundary=--------------------------20240630131159' [Sun Jun 30 13:11:59 UTC 2024] curl exists=0 [Sun Jun 30 13:11:59 UTC 2024] mktemp exists=0 [Sun Jun 30 13:11:59 UTC 2024] wget exists=0 [Sun Jun 30 13:11:59 UTC 2024] _CURL='curl --silent --dump-header /acme.sh/http.header -L --trace-ascii /tmp/tmp.azZ57SEeHi -g ' [Sun Jun 30 13:12:04 UTC 2024] _ret='0' [Sun Jun 30 13:12:04 UTC 2024] response='{"data":{"id":"Cbb2wb","restart_httpd":true},"success":true}' [Sun Jun 30 13:12:04 UTC 2024] Restart HTTP services succeeded. [Sun Jun 30 13:12:04 UTC 2024] GET [Sun Jun 30 13:12:04 UTC 2024] url='http://192.168.1.100:5000/webapi/auth.cgi?api=SYNO.API.Auth&version=6&method=logout&_sid=zAQ7x2jazj99AB3J4N01003' [Sun Jun 30 13:12:04 UTC 2024] timeout= [Sun Jun 30 13:12:04 UTC 2024] curl exists=0 [Sun Jun 30 13:12:04 UTC 2024] mktemp exists=0 [Sun Jun 30 13:12:04 UTC 2024] wget exists=0 [Sun Jun 30 13:12:04 UTC 2024] _CURL='curl --silent --dump-header /acme.sh/http.header -L --trace-ascii /tmp/tmp.PQpNgU1c8L -g ' [Sun Jun 30 13:12:04 UTC 2024] ret='0' [Sun Jun 30 13:12:04 UTC 2024] response='{"success":true}' [Sun Jun 30 13:12:04 UTC 2024] Success

Any clue why I had this 119 error message?