search

andyzhshg / syno-acme

通过acme协议更新群晖HTTPS泛域名证书的自动脚本
MIT License
740 stars 259 forks source link

DSM 7.2.1-69057 Update 3无法更新证书 #109

Open tufu9441 opened 8 months ago

tufu9441 commented 8 months ago

日志如下,还请大佬帮忙看看问题出在哪儿了。

begin update cert
------ begin updateCrt ------
begin backupCrt
done backupCrt
begin installAcme
begin downloading acme.sh tool...
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed

  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
100 15866    0 15866    0     0   9704      0 --:--:--  0:00:01 --:--:--  9703
100  277k    0  277k    0     0   125k      0 --:--:--  0:00:02 --:--:--  125k
acme.sh-3.0.7/
acme.sh-3.0.7/.github/
acme.sh-3.0.7/.github/FUNDING.yml
acme.sh-3.0.7/.github/ISSUE_TEMPLATE.md
acme.sh-3.0.7/.github/PULL_REQUEST_TEMPLATE.md
acme.sh-3.0.7/.github/workflows/
acme.sh-3.0.7/.github/workflows/DNS.yml
acme.sh-3.0.7/.github/workflows/DragonFlyBSD.yml
acme.sh-3.0.7/.github/workflows/FreeBSD.yml
acme.sh-3.0.7/.github/workflows/Linux.yml
acme.sh-3.0.7/.github/workflows/MacOS.yml
acme.sh-3.0.7/.github/workflows/NetBSD.yml
acme.sh-3.0.7/.github/workflows/OpenBSD.yml
acme.sh-3.0.7/.github/workflows/PebbleStrict.yml
acme.sh-3.0.7/.github/workflows/Solaris.yml
acme.sh-3.0.7/.github/workflows/Ubuntu.yml
acme.sh-3.0.7/.github/workflows/Windows.yml
acme.sh-3.0.7/.github/workflows/dockerhub.yml
acme.sh-3.0.7/.github/workflows/issue.yml
acme.sh-3.0.7/.github/workflows/pr_dns.yml
acme.sh-3.0.7/.github/workflows/pr_notify.yml
acme.sh-3.0.7/.github/workflows/shellcheck.yml
acme.sh-3.0.7/Dockerfile
acme.sh-3.0.7/LICENSE.md
acme.sh-3.0.7/README.md
acme.sh-3.0.7/acme.sh
acme.sh-3.0.7/deploy/
acme.sh-3.0.7/deploy/README.md
acme.sh-3.0.7/deploy/apache.sh
acme.sh-3.0.7/deploy/cleverreach.sh
acme.sh-3.0.7/deploy/consul.sh
acme.sh-3.0.7/deploy/cpanel_uapi.sh
acme.sh-3.0.7/deploy/docker.sh
acme.sh-3.0.7/deploy/dovecot.sh
acme.sh-3.0.7/deploy/exim4.sh
acme.sh-3.0.7/deploy/fritzbox.sh
acme.sh-3.0.7/deploy/gcore_cdn.sh
acme.sh-3.0.7/deploy/gitlab.sh
acme.sh-3.0.7/deploy/haproxy.sh
acme.sh-3.0.7/deploy/keychain.sh
acme.sh-3.0.7/deploy/kong.sh
acme.sh-3.0.7/deploy/lighttpd.sh
acme.sh-3.0.7/deploy/mailcow.sh
acme.sh-3.0.7/deploy/myapi.sh
acme.sh-3.0.7/deploy/mydevil.sh
acme.sh-3.0.7/deploy/mysqld.sh
acme.sh-3.0.7/deploy/nginx.sh
acme.sh-3.0.7/deploy/openmediavault.sh
acme.sh-3.0.7/deploy/opensshd.sh
acme.sh-3.0.7/deploy/openstack.sh
acme.sh-3.0.7/deploy/panos.sh
acme.sh-3.0.7/deploy/peplink.sh
acme.sh-3.0.7/deploy/proxmoxve.sh
acme.sh-3.0.7/deploy/pureftpd.sh
acme.sh-3.0.7/deploy/qiniu.sh
acme.sh-3.0.7/deploy/routeros.sh
acme.sh-3.0.7/deploy/ssh.sh
acme.sh-3.0.7/deploy/strongswan.sh
acme.sh-3.0.7/deploy/synology_dsm.sh
acme.sh-3.0.7/deploy/truenas.sh
acme.sh-3.0.7/deploy/unifi.sh
acme.sh-3.0.7/deploy/vault.sh
acme.sh-3.0.7/deploy/vault_cli.sh
acme.sh-3.0.7/deploy/vsftpd.sh
acme.sh-3.0.7/dnsapi/
acme.sh-3.0.7/dnsapi/README.md
acme.sh-3.0.7/dnsapi/dns_1984hosting.sh
acme.sh-3.0.7/dnsapi/dns_acmedns.sh
acme.sh-3.0.7/dnsapi/dns_acmeproxy.sh
acme.sh-3.0.7/dnsapi/dns_active24.sh
acme.sh-3.0.7/dnsapi/dns_ad.sh
acme.sh-3.0.7/dnsapi/dns_ali.sh
acme.sh-3.0.7/dnsapi/dns_anx.sh
acme.sh-3.0.7/dnsapi/dns_artfiles.sh
acme.sh-3.0.7/dnsapi/dns_arvan.sh
acme.sh-3.0.7/dnsapi/dns_aurora.sh
acme.sh-3.0.7/dnsapi/dns_autodns.sh
acme.sh-3.0.7/dnsapi/dns_aws.sh
acme.sh-3.0.7/dnsapi/dns_azion.sh
acme.sh-3.0.7/dnsapi/dns_azure.sh
acme.sh-3.0.7/dnsapi/dns_bookmyname.sh
acme.sh-3.0.7/dnsapi/dns_bunny.sh
acme.sh-3.0.7/dnsapi/dns_cf.sh
acme.sh-3.0.7/dnsapi/dns_clouddns.sh
acme.sh-3.0.7/dnsapi/dns_cloudns.sh
acme.sh-3.0.7/dnsapi/dns_cn.sh
acme.sh-3.0.7/dnsapi/dns_conoha.sh
acme.sh-3.0.7/dnsapi/dns_constellix.sh
acme.sh-3.0.7/dnsapi/dns_cpanel.sh
acme.sh-3.0.7/dnsapi/dns_curanet.sh
acme.sh-3.0.7/dnsapi/dns_cyon.sh
acme.sh-3.0.7/dnsapi/dns_da.sh
acme.sh-3.0.7/dnsapi/dns_ddnss.sh
acme.sh-3.0.7/dnsapi/dns_desec.sh
acme.sh-3.0.7/dnsapi/dns_df.sh
acme.sh-3.0.7/dnsapi/dns_dgon.sh
acme.sh-3.0.7/dnsapi/dns_dnsexit.sh
acme.sh-3.0.7/dnsapi/dns_dnshome.sh
acme.sh-3.0.7/dnsapi/dns_dnsimple.sh
acme.sh-3.0.7/dnsapi/dns_dnsservices.sh
acme.sh-3.0.7/dnsapi/dns_do.sh
acme.sh-3.0.7/dnsapi/dns_doapi.sh
acme.sh-3.0.7/dnsapi/dns_domeneshop.sh
acme.sh-3.0.7/dnsapi/dns_dp.sh
acme.sh-3.0.7/dnsapi/dns_dpi.sh
acme.sh-3.0.7/dnsapi/dns_dreamhost.sh
acme.sh-3.0.7/dnsapi/dns_duckdns.sh
acme.sh-3.0.7/dnsapi/dns_durabledns.sh
acme.sh-3.0.7/dnsapi/dns_dyn.sh
acme.sh-3.0.7/dnsapi/dns_dynu.sh
acme.sh-3.0.7/dnsapi/dns_dynv6.sh
acme.sh-3.0.7/dnsapi/dns_easydns.sh
acme.sh-3.0.7/dnsapi/dns_edgedns.sh
acme.sh-3.0.7/dnsapi/dns_euserv.sh
acme.sh-3.0.7/dnsapi/dns_exoscale.sh
acme.sh-3.0.7/dnsapi/dns_fornex.sh
acme.sh-3.0.7/dnsapi/dns_freedns.sh
acme.sh-3.0.7/dnsapi/dns_gandi_livedns.sh
acme.sh-3.0.7/dnsapi/dns_gcloud.sh
acme.sh-3.0.7/dnsapi/dns_gcore.sh
acme.sh-3.0.7/dnsapi/dns_gd.sh
acme.sh-3.0.7/dnsapi/dns_geoscaling.sh
acme.sh-3.0.7/dnsapi/dns_googledomains.sh
acme.sh-3.0.7/dnsapi/dns_he.sh
acme.sh-3.0.7/dnsapi/dns_hetzner.sh
acme.sh-3.0.7/dnsapi/dns_hexonet.sh
acme.sh-3.0.7/dnsapi/dns_hostingde.sh
acme.sh-3.0.7/dnsapi/dns_huaweicloud.sh
acme.sh-3.0.7/dnsapi/dns_infoblox.sh
acme.sh-3.0.7/dnsapi/dns_infomaniak.sh
acme.sh-3.0.7/dnsapi/dns_internetbs.sh
acme.sh-3.0.7/dnsapi/dns_inwx.sh
acme.sh-3.0.7/dnsapi/dns_ionos.sh
acme.sh-3.0.7/dnsapi/dns_ipv64.sh
acme.sh-3.0.7/dnsapi/dns_ispconfig.sh
acme.sh-3.0.7/dnsapi/dns_jd.sh
acme.sh-3.0.7/dnsapi/dns_joker.sh
acme.sh-3.0.7/dnsapi/dns_kappernet.sh
acme.sh-3.0.7/dnsapi/dns_kas.sh
acme.sh-3.0.7/dnsapi/dns_kinghost.sh
acme.sh-3.0.7/dnsapi/dns_knot.sh
acme.sh-3.0.7/dnsapi/dns_la.sh
acme.sh-3.0.7/dnsapi/dns_leaseweb.sh
acme.sh-3.0.7/dnsapi/dns_lexicon.sh
acme.sh-3.0.7/dnsapi/dns_linode.sh
acme.sh-3.0.7/dnsapi/dns_linode_v4.sh
acme.sh-3.0.7/dnsapi/dns_loopia.sh
acme.sh-3.0.7/dnsapi/dns_lua.sh
acme.sh-3.0.7/dnsapi/dns_maradns.sh
acme.sh-3.0.7/dnsapi/dns_me.sh
acme.sh-3.0.7/dnsapi/dns_miab.sh
acme.sh-3.0.7/dnsapi/dns_misaka.sh
acme.sh-3.0.7/dnsapi/dns_myapi.sh
acme.sh-3.0.7/dnsapi/dns_mydevil.sh
acme.sh-3.0.7/dnsapi/dns_mydnsjp.sh
acme.sh-3.0.7/dnsapi/dns_mythic_beasts.sh
acme.sh-3.0.7/dnsapi/dns_namecheap.sh
acme.sh-3.0.7/dnsapi/dns_namecom.sh
acme.sh-3.0.7/dnsapi/dns_namesilo.sh
acme.sh-3.0.7/dnsapi/dns_nanelo.sh
acme.sh-3.0.7/dnsapi/dns_nederhost.sh
acme.sh-3.0.7/dnsapi/dns_neodigit.sh
acme.sh-3.0.7/dnsapi/dns_netcup.sh
acme.sh-3.0.7/dnsapi/dns_netlify.sh
acme.sh-3.0.7/dnsapi/dns_nic.sh
acme.sh-3.0.7/dnsapi/dns_njalla.sh
acme.sh-3.0.7/dnsapi/dns_nm.sh
acme.sh-3.0.7/dnsapi/dns_nsd.sh
acme.sh-3.0.7/dnsapi/dns_nsone.sh
acme.sh-3.0.7/dnsapi/dns_nsupdate.sh
acme.sh-3.0.7/dnsapi/dns_nw.sh
acme.sh-3.0.7/dnsapi/dns_oci.sh
acme.sh-3.0.7/dnsapi/dns_one.sh
acme.sh-3.0.7/dnsapi/dns_online.sh
acme.sh-3.0.7/dnsapi/dns_openprovider.sh
acme.sh-3.0.7/dnsapi/dns_openstack.sh
acme.sh-3.0.7/dnsapi/dns_opnsense.sh
acme.sh-3.0.7/dnsapi/dns_ovh.sh
acme.sh-3.0.7/dnsapi/dns_pdns.sh
acme.sh-3.0.7/dnsapi/dns_pleskxml.sh
acme.sh-3.0.7/dnsapi/dns_pointhq.sh
acme.sh-3.0.7/dnsapi/dns_porkbun.sh
acme.sh-3.0.7/dnsapi/dns_rackcorp.sh
acme.sh-3.0.7/dnsapi/dns_rackspace.sh
acme.sh-3.0.7/dnsapi/dns_rage4.sh
acme.sh-3.0.7/dnsapi/dns_rcode0.sh
acme.sh-3.0.7/dnsapi/dns_regru.sh
acme.sh-3.0.7/dnsapi/dns_scaleway.sh
acme.sh-3.0.7/dnsapi/dns_schlundtech.sh
acme.sh-3.0.7/dnsapi/dns_selectel.sh
acme.sh-3.0.7/dnsapi/dns_selfhost.sh
acme.sh-3.0.7/dnsapi/dns_servercow.sh
acme.sh-3.0.7/dnsapi/dns_simply.sh
acme.sh-3.0.7/dnsapi/dns_tele3.sh
acme.sh-3.0.7/dnsapi/dns_tencent.sh
acme.sh-3.0.7/dnsapi/dns_transip.sh
acme.sh-3.0.7/dnsapi/dns_udr.sh
acme.sh-3.0.7/dnsapi/dns_ultra.sh
acme.sh-3.0.7/dnsapi/dns_unoeuro.sh
acme.sh-3.0.7/dnsapi/dns_variomedia.sh
acme.sh-3.0.7/dnsapi/dns_veesp.sh
acme.sh-3.0.7/dnsapi/dns_vercel.sh
acme.sh-3.0.7/dnsapi/dns_vscale.sh
acme.sh-3.0.7/dnsapi/dns_vultr.sh
acme.sh-3.0.7/dnsapi/dns_websupport.sh
acme.sh-3.0.7/dnsapi/dns_world4you.sh
acme.sh-3.0.7/dnsapi/dns_yandex.sh
acme.sh-3.0.7/dnsapi/dns_yc.sh
acme.sh-3.0.7/dnsapi/dns_zilore.sh
acme.sh-3.0.7/dnsapi/dns_zone.sh
acme.sh-3.0.7/dnsapi/dns_zonomi.sh
acme.sh-3.0.7/notify/
acme.sh-3.0.7/notify/aws_ses.sh
acme.sh-3.0.7/notify/bark.sh
acme.sh-3.0.7/notify/callmebotWhatsApp.sh
acme.sh-3.0.7/notify/cqhttp.sh
acme.sh-3.0.7/notify/dingtalk.sh
acme.sh-3.0.7/notify/discord.sh
acme.sh-3.0.7/notify/feishu.sh
acme.sh-3.0.7/notify/gotify.sh
acme.sh-3.0.7/notify/ifttt.sh
acme.sh-3.0.7/notify/mail.sh
acme.sh-3.0.7/notify/mailgun.sh
acme.sh-3.0.7/notify/pop.sh
acme.sh-3.0.7/notify/postmark.sh
acme.sh-3.0.7/notify/pushbullet.sh
acme.sh-3.0.7/notify/pushover.sh
acme.sh-3.0.7/notify/sendgrid.sh
acme.sh-3.0.7/notify/slack.sh
acme.sh-3.0.7/notify/slack_app.sh
acme.sh-3.0.7/notify/smtp.sh
acme.sh-3.0.7/notify/teams.sh
acme.sh-3.0.7/notify/telegram.sh
acme.sh-3.0.7/notify/weixin_work.sh
acme.sh-3.0.7/notify/xmpp.sh
begin installing acme.sh tool...
[Sat Jan 27 12:00:07 PM CST 2024] It is recommended to install socat first.
[Sat Jan 27 12:00:07 PM CST 2024] We use socat for standalone server if you use standalone mode.
[Sat Jan 27 12:00:07 PM CST 2024] If you don't use standalone mode, just ignore this warning.
[Sat Jan 27 12:00:07 PM CST 2024] Installing to /volume1/Download/syno-acme/acme.sh
[Sat Jan 27 12:00:07 PM CST 2024] Installed to /volume1/Download/syno-acme/acme.sh/acme.sh
[Sat Jan 27 12:00:07 PM CST 2024] Installing alias to '/root/.profile'
[Sat Jan 27 12:00:07 PM CST 2024] OK, Close and reopen your terminal to start using acme.sh
[Sat Jan 27 12:00:08 PM CST 2024] Good, bash is found, so change the shebang to use bash as preferred.
[Sat Jan 27 12:00:15 PM CST 2024] OK
done installAcme
begin generateCrt
begin updating default cert by acme.sh tool
[Sat Jan 27 12:00:18 PM CST 2024] Registering account: https://acme.zerossl.com/v2/DV90
[Sat Jan 27 12:00:50 PM CST 2024] Already registered
[Sat Jan 27 12:00:50 PM CST 2024] ACCOUNT_THUMBPRINT='i9A5P5mAGL7-hRHhrfNSPl3bNn9KQst_JxrVZS7r6N4'
[Sat Jan 27 12:00:50 PM CST 2024] Changed default CA to: https://acme.zerossl.com/v2/DV90
[Sat Jan 27 12:00:50 PM CST 2024] Set notify hook to: bark
[Sat Jan 27 12:00:50 PM CST 2024] Sending via: bark
[Sat Jan 27 12:00:51 PM CST 2024] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 60
[Sat Jan 27 12:00:51 PM CST 2024] Bark API fired error.
[Sat Jan 27 12:00:51 PM CST 2024] 
[Sat Jan 27 12:00:51 PM CST 2024] Error send message by bark_send
[Sat Jan 27 12:00:51 PM CST 2024] Set /volume1/Download/syno-acme/acme.sh/notify/bark.sh error.
[Sat Jan 27 12:00:51 PM CST 2024] Can not set notify hook to: bark
[Sat Jan 27 12:00:51 PM CST 2024] Installing cert to: /usr/syno/etc/certificate/_archive/6aGOUN/cert.pem
[Sat Jan 27 12:00:51 PM CST 2024] Installing key to: /usr/syno/etc/certificate/_archive/6aGOUN/privkey.pem
[Sat Jan 27 12:00:51 PM CST 2024] Installing full chain to: /usr/syno/etc/certificate/_archive/6aGOUN/fullchain.pem
done generateCrt
begin updateService
cp cert path to des
MajorVersion = 7, use system default python2
Copy cert for KMIP
Copy cert for FTPS
Copy cert for Synology Storage Console Server
Copy cert for WebDAVServer
Copy cert for tr.v2cn.win:12345
Copy cert for dsm.v2cn.win:12345
Copy cert for op.v2cn.win:12345
Copy cert for ql.v2cn.win:12345
Copy cert for nas.v2cn.win:12345
Copy cert for qd.v2cn.win:12345
Copy cert for emby.v2cn.win:12345
Copy cert for iyuu.v2cn.win:12345
Copy cert for qb.v2cn.win:12345
Copy cert for bark.v2cn.win:12345
Copy cert for DSM Desktop Service
done updateService
begin reloadWebService
reloading new cert...
MajorVersion = 7
Sync W3 certificate info successfully
Generate nginx tmp config successfully
MajorVersion = 7, no need to reload apache
done reloadWebService
------ end updateCrt ------

看着是运行完了,但是浏览器里还是显示证书过期了,也收到ZeroSSL的邮件了。

chinesepy commented 8 months ago

更新了ECC证书,但是安装的好像还RSA证书,解决方法参考https://github.com/andyzhshg/syno-acme/issues/108

tufu9441 commented 8 months ago

更新了ECC证书,但是安装的好像还RSA证书,解决方法参考#108

按照108的改了一下,好像还是没有更新到……

iromise commented 6 months ago

@tufu9441 我也是这个情况(和你的 DSM 一个版本),发现其实有些证书没有没有更新,位于 /usr/syno/etc/www/certificate/ 目录下,可以在执行完 update 操作后,可以执行以下命令来更新证书

mv /usr/syno/etc/www/certificate/ /usr/syno/etc/www/certificate_bak
synow3tool --gen-all
systemctl restart nginx # must restart, reload doesn't work
new1943 commented 5 months ago

@tufu9441 我也是这个情况(和你的 DSM 一个版本),发现其实有些证书没有没有更新,位于 /usr/syno/etc/www/certificate/ 目录下,可以在执行完 update 操作后,可以执行以下命令来更新证书

mv /usr/syno/etc/www/certificate/ /usr/syno/etc/www/certificate_bak
synow3tool --gen-all
systemctl restart nginx # must restart, reload doesn't work

有用。试了各种,什么--max-length 2048。108问题里的那个2891没找到。。

咱们这个方法每次运行都要执行么?还是第一次执行下?

iromise commented 5 months ago

可能每次都要执行一下?这得下次过期了试一下才知道(或者手动构造一下试试看

huhpc commented 3 months ago

我之前也碰到无法自动更新证书,不会看代码,不知道哪里出问题。我自己的解决办法就是在执行更新证书前,删除syno-acme指定目录下的所有文件,就可以正常更新。不知道是不是同一个问题。 rm -r -f /volume1/xxx/syno-acme/acme.sh/[yourdomain]_ecc/*