search

acmesh-official / acme.sh

A pure Unix shell script implementing ACME client protocol
https://acme.sh
GNU General Public License v3.0
39.4k stars 4.98k forks source link

Deploy certificate failed with synology_dsm #5306

Closed KexinCC closed 1 month ago

KexinCC commented 1 month ago

I use neilpang/acme.sh docker to deploy my certificate, i got my certificate correctly but cannot deploy it.

[Fri Sep 27 09:56:46 UTC 2024] Domain config new key exists, old key SYNO_Certificate='""' has been removed.
[Fri Sep 27 09:56:46 UTC 2024] SYNO_CERTIFICATE='""'
[Fri Sep 27 09:56:46 UTC 2024] Getting API version...
[Fri Sep 27 09:56:46 UTC 2024] _base_url='http://localhost:5000'
[Fri Sep 27 09:56:46 UTC 2024] GET
[Fri Sep 27 09:56:46 UTC 2024] url='http://localhost:5000/webapi/query.cgi?api=SYNO.API.Info&version=1&method=query&query=SYNO.API.Auth'
[Fri Sep 27 09:56:46 UTC 2024] timeout=
[Fri Sep 27 09:56:46 UTC 2024] _CURL='curl --silent --dump-header /acme.sh/http.header  -L  --trace-ascii /tmp/tmp.oTk0oDAOPo  -g '
[Fri Sep 27 09:56:46 UTC 2024] ret='0'
[Fri Sep 27 09:56:46 UTC 2024] Logging into localhost:5000...
[Fri Sep 27 09:56:46 UTC 2024] GET
[Fri Sep 27 09:56:46 UTC 2024] url='http://localhost:5000/webapi/entry.cgi?api=SYNO.API.Auth&version=7&method=login&format=sid&account=root&passwd=Dzl%40002120&enable_syno_token=yes'
[Fri Sep 27 09:56:46 UTC 2024] timeout=
[Fri Sep 27 09:56:46 UTC 2024] _CURL='curl --silent --dump-header /acme.sh/http.header  -L  --trace-ascii /tmp/tmp.xSZ750QPWl  -g '
[Fri Sep 27 09:56:46 UTC 2024] ret='0'
[Fri Sep 27 09:56:46 UTC 2024] error_code='402'
[Fri Sep 27 09:56:46 UTC 2024] Failed to authenticate with error: 402.
[Fri Sep 27 09:56:46 UTC 2024] Error encountered while deploying.
github-actions[bot] commented 1 month ago

Please upgrade to the latest code and try again first. Maybe it's already fixed. acme.sh --upgrade If it's still not working, please provide the log with --debug 2, otherwise, nobody can help you.

kapsh commented 1 month ago

@KexinCC please also post how do you run docker image, account.conf without sensitive info and full deploy command. Are you using admin account with password or SYNO_USE_TEMP_ADMIN=1?

Deploy hook works for me in 7.2, without docker though. If that's possible, try to login into DS using SSH, fetch this git repo and run acme.sh directly on host (probably requires su to root).

nillebor commented 1 month ago

@KexinCC, please delete define domain in the log and others user and password (see log). You specify the user root. Please create another user for acme and create a new password. You save both in the account.conf.

@kapsh, SYNO_USE_TEMP_ADMIN=1 does not work in Docker. This option is only for the native installation directly in the Synology! Acme requires only one account with administrator rights. You don't need root or sudo in docker. Acme Docker has been working for years without problems in different DiskStations.