search

acmesh-official / acme.sh

A pure Unix shell script implementing ACME client protocol
https://acme.sh
GNU General Public License v3.0
39.29k stars 4.96k forks source link

Certificate renewal succeeds but cannot deploy certificate - Unable to find certificate: mydomain.tld is not set #5292

Closed spicygardener closed 1 month ago

spicygardener commented 1 month ago

Hi, I've been unable to deploy a certificate that I recently renewed on a Synology NAS. I can get the certificate with no issue but deploying it is where I run into errors. I upgraded acme.sh and was considering reinstalling it but I am not sure if that will really do anything to help this situation. I'm bad with shell commands and not sure how to export the certificate files off of the Synology, otherwise I would feel comfortable with deleting all of them and starting over.

I also copied the certificate from the folder where they were created (/usr/local/share/acme.sh/mydomain.tld) into the working directory of (/usr/local/share/acme.sh) just in case it couldn't 'find' the files for some reason.

Steps to reproduce

Obtain certificate from LE using: ./acme.sh --issue --keylength 2048 --server letsencrypt --home . -d "mydomain.tld" --dns "$CERT_DNS" –-log

Debug log

ash-4.4# ./acme.sh --deploy --home . -d "mydomain.tld" --deploy-hook synology_dsm --debug 2 [Wed Sep 18 12:35:09 PM EDT 2024] Lets find script dir. [Wed Sep 18 12:35:09 PM EDT 2024] SCRIPT='./acme.sh' [Wed Sep 18 12:35:09 PM EDT 2024] _script='/usr/local/share/acme.sh/acme.sh' [Wed Sep 18 12:35:09 PM EDT 2024] _script_home='/usr/local/share/acme.sh' [Wed Sep 18 12:35:09 PM EDT 2024] Using config home:. [Wed Sep 18 12:35:10 PM EDT 2024] LE_WORKING_DIR='.' https://github.com/acmesh-official/acme.sh v3.0.8 [Wed Sep 18 12:35:10 PM EDT 2024] Running cmd: deploy [Wed Sep 18 12:35:10 PM EDT 2024] Using config home:. [Wed Sep 18 12:35:10 PM EDT 2024] default_acme_server [Wed Sep 18 12:35:10 PM EDT 2024] ACME_DIRECTORY='https://acme.zerossl.com/v2/DV90' [Wed Sep 18 12:35:10 PM EDT 2024] _ACME_SERVER_HOST='acme.zerossl.com' [Wed Sep 18 12:35:10 PM EDT 2024] _ACME_SERVER_PATH='v2/DV90' [Wed Sep 18 12:35:10 PM EDT 2024] DOMAIN_PATH='./mydomain.tld' [Wed Sep 18 12:35:10 PM EDT 2024] DOMAIN_CONF='./mydomain.tld/mydomain.tld.conf' [Wed Sep 18 12:35:10 PM EDT 2024] _deployApi='/usr/local/share/acme.sh/deploy/synology_dsm.sh' [Wed Sep 18 12:35:10 PM EDT 2024] _cdomain='mydomain.tld' [Wed Sep 18 12:35:10 PM EDT 2024] SYNO_USE_TEMP_ADMIN [Wed Sep 18 12:35:10 PM EDT 2024] SYNO_USE_TEMP_ADMIN='1' [Wed Sep 18 12:35:10 PM EDT 2024] Setting temp admin user credential... [Wed Sep 18 12:35:10 PM EDT 2024] SYNO_SCHEME='http' [Wed Sep 18 12:35:10 PM EDT 2024] SYNO_HOSTNAME='localhost' [Wed Sep 18 12:35:10 PM EDT 2024] SYNO_PORT='5500' [Wed Sep 18 12:35:10 PM EDT 2024] SYNO_CERTIFICATE='mydomain.tld' [Wed Sep 18 12:35:10 PM EDT 2024] Getting API version... [Wed Sep 18 12:35:10 PM EDT 2024] _base_url='http://localhost:5500' [Wed Sep 18 12:35:10 PM EDT 2024] GET [Wed Sep 18 12:35:10 PM EDT 2024] url='http://localhost:5500/webapi/query.cgi?api=SYNO.API.Info&version=1&method=query&query=SYNO.API.Auth' [Wed Sep 18 12:35:10 PM EDT 2024] timeout= [Wed Sep 18 12:35:10 PM EDT 2024] _CURL='curl --silent --dump-header ./http.header -L --trace-ascii /tmp/tmp.J5OKU47YeA -g ' [Wed Sep 18 12:35:11 PM EDT 2024] ret='0' [Wed Sep 18 12:35:11 PM EDT 2024] Logging into localhost:5500... [Wed Sep 18 12:35:11 PM EDT 2024] SYNO_LOCAL_HOSTNAME='localhost' [Wed Sep 18 12:35:11 PM EDT 2024] Creating temp admin user in Synology DSM... [Wed Sep 18 12:35:12 PM EDT 2024] GET [Wed Sep 18 12:35:12 PM EDT 2024] url='http://localhost:5500/webapi/entry.cgi?api=SYNO.API.Auth&version=7&method=login&format=sid&account=sc-acmesh-tmp&passwd=QmHVjnFwkt11zaSd&enable_syno_token=yes' [Wed Sep 18 12:35:12 PM EDT 2024] timeout= [Wed Sep 18 12:35:12 PM EDT 2024] _CURL='curl --silent --dump-header ./http.header -L --trace-ascii /tmp/tmp.akRdhBLx7L -g ' [Wed Sep 18 12:35:13 PM EDT 2024] ret='0' [Wed Sep 18 12:35:13 PM EDT 2024] error_code [Wed Sep 18 12:35:13 PM EDT 2024] Session ID='redacted' [Wed Sep 18 12:35:13 PM EDT 2024] SynoToken='redacted' [Wed Sep 18 12:35:13 PM EDT 2024] H1='X-SYNO-TOKEN: redacted' [Wed Sep 18 12:35:13 PM EDT 2024] Getting certificates in Synology DSM... [Wed Sep 18 12:35:13 PM EDT 2024] POST [Wed Sep 18 12:35:13 PM EDT 2024] _post_url='http://localhost:5500/webapi/entry.cgi' [Wed Sep 18 12:35:13 PM EDT 2024] body='api=SYNO.Core.Certificate.CRT&method=list&version=1&_sid=redacted' [Wed Sep 18 12:35:13 PM EDT 2024] _postContentType [Wed Sep 18 12:35:13 PM EDT 2024] _CURL='curl --silent --dump-header ./http.header -L --trace-ascii /tmp/tmp.1qyEiQPoVf -g ' [Wed Sep 18 12:35:13 PM EDT 2024] _ret='0' [Wed Sep 18 12:35:13 PM EDT 2024] escaped_certificate='my.domain.tld' [Wed Sep 18 12:35:13 PM EDT 2024] id [Wed Sep 18 12:35:13 PM EDT 2024] error_code [Wed Sep 18 12:35:13 PM EDT 2024] SYNO_CREATE [Wed Sep 18 12:35:13 PM EDT 2024] Unable to find certificate: mydomain.tld and is not set. [Wed Sep 18 12:35:13 PM EDT 2024] Cleanuping temp admin info... [Wed Sep 18 12:35:14 PM EDT 2024] Error deploy for domain:mydomain.tld [Wed Sep 18 12:35:14 PM EDT 2024] Deploy error.

If anyone could point me in the right direction I'd really appreciate it. I was able to renew certificates on all of my other Synologies except this specific one.

Thanks.

github-actions[bot] commented 1 month ago

Please upgrade to the latest code and try again first. Maybe it's already fixed. acme.sh --upgrade If it's still not working, please provide the log with --debug 2, otherwise, nobody can help you.

spicygardener commented 1 month ago

I just wanted to add a few updates to this thread.

I uninstalled acme.sh and deleted all related directories, tried getting the certificate again (successful), but experienced the same exact issue with deploying the certificate.

I moved the certificate files out of the NAS and uploaded them to my computer, then used the Synology's web GUI to manually add the certificate. This was successful. I had a feeling that it was not the certificate so this is reassuring, but this does point to an issue with deploying certificates via acme.sh on this particular NAS:

Certificate files moved to my machine from /root/mydomain.tld directory on the NAS: image

Certificate being added to Synology NAS through web GUI: image image

spicygardener commented 1 month ago

This has been solved. See this thread for more information: https://github.com/acmesh-official/acme.sh/issues/2727

"

Can you try SYNO_LOCAL_HOSTNAME set to 1?

Maybe deploy with --insecure?

Also there might be something escaped_certificate='my.domain.tld' And Unable to find certificate: mydomain.tld and is not set. But not sure if there is any meaning behind the difference.

Not sure if that is an issue when you run the certificate issue with explicitly setting the letsencrypt server and the deploy without. Since I am directly setting my config to letsencrypt when installing acme.sh I have no clue if there could be any issue with directory structure or something.

Which DSM are you running?

Setting SYNO_LOCAL_HOSTNAME to 1 worked, I was able to deploy the certificate and no longer receive the "Unable to find certificate: and is not set" error. I set this on both synology_dsm.sh files in the directories /root/acme.sh-master/deploy and /usr/local/share/acme.sh/deploy

image image image

Certificate was successfully deployed and is now in use:

image image

You were so helpful and I am glad that I learned something new. I will update my other thread and include this as a solution. Many thanks!"

spicygardener commented 1 month ago

Resolved