gtrabanco · July 18, 2021 10:49
diff --git a/syno-wildcard.sh b/syno-wildcard.sh
 #!/usr/bin/env bash

 # DOMAINS
 DOMAINS="example.com,*.example.com"

 # DNS Provider
 CERT_DNS="dns_namecheap" # For more: https://github.com/acmesh-official/acme.sh/wiki/dnsapi
 NAMECHEAP_API_KEY=''
 NAMECHEAP_USERNAME=''
 NAMECHEAP_SOURCEIP=''

 # Synology DSM
 SYNO_Scheme="http" # Can be set to HTTPS, defaults to HTTP
 SYNO_Hostname="localhost" # Specify if not using on localhost
 SYNO_Port="5000" # Port of DSM WebUI, defaults to 5000 for HTTP and 5001 for HTTPS
 SYNO_Username="synology_cert_user_change_yours" # Synology user must be an administrator. I suggest to create one only for this
 SYNO_Password="synology_cert_user_password_change_yours"  # Password of the user
 SYNO_Certificate="acme.sh wildcard certificate" # Description text in Control Panel -> Security -> Certificates
 SYNO_Create=1 # defaults to off, this setting is not saved.  By setting to 1 we create the certificate if it's not in DSM
 SYNO_DID="" # Cookie ID for 2FA Auth
 # About cert generation with acme.sh for Synology: https://github.com/acmesh-official/acme.sh/wiki/Synology-NAS-Guide
 # About deploy a wildcard cert with 2FA: https://github.com/acmesh-official/acme.sh/wiki/deployhooks#20-deploy-the-cert-into-synology-dsm


 # ACME.SH Paths
 ACME_DIR="/usr/local/share/acme.sh"
 ACME_CONF_DIR="/usr/local/share/acme.sh/"
 ACME_CERT_DIR="/volume1/certs"
 ACME_BIN="${ACME_DIR}/acme.sh"


 ###### End of configuration

 DOMAINS_CMD=()
 for DOMAIN in $(echo $DOMAINS | tr "," "\n"); do
    DOMAINS_CMD+=(-d "${DOMAIN}")
 done

 function issue_new_cert () {
    # Get the certificates First Time
    ${ACME_BIN} --issue --dns ${CERT_DNS} \
        ${DOMAINS_CMD[@]} \
        --home $ACME_DIR \
        --cert-home $ACME_CERT_DIR \
        --config-home $ACME_CONF_DIR
 }


 function deploy_cert_dsm () {
    ${ACME_BIN} --insecure --deploy --deploy-hook synology_dsm\
 	    ${DOMAINS_CMD[@]} \
 	    --home $ACME_DIR \
 		--cert-home $ACME_CERT_DIR \
 		--config-home $ACME_CONF_DIR
 }

 echo "----- ISSUE NEW CERT -----"
 issue_new_cert
 echo

 echo "----- DEPLOY CERT -----"
 deploy_cert_dsm
 echo



 # Goto: "Control Panel" -> "Security" -> "Certificates" and can be assigned to Services or set as the default certificate
 echo "FINALIZING"
 echo "----------"
 echo "1. Go to Control Panel > Security > Certificates to assign the new certificates"
 echo "2. Create a Schedubled Task to run weekly for"
 echo "   the user ${SYNO_Username} with the content:"
 echo
 echo "SYNO_DID=${SYNO_DID:-''} ${ACME_BIN} --insecure --cron --home ${ACME_DIR} --cert-home ${ACME_CERT_DIR} --config-home ${ACME_CONF_DIR}"
 echo
	#!/usr/bin/env bash

	# DOMAINS
	DOMAINS="example.com,*.example.com"

	# DNS Provider
	CERT_DNS="dns_namecheap" # For more: https://github.com/acmesh-official/acme.sh/wiki/dnsapi
	NAMECHEAP_API_KEY=''
	NAMECHEAP_USERNAME=''
	NAMECHEAP_SOURCEIP=''

	# Synology DSM
	SYNO_Scheme="http" # Can be set to HTTPS, defaults to HTTP
	SYNO_Hostname="localhost" # Specify if not using on localhost
	SYNO_Port="5000" # Port of DSM WebUI, defaults to 5000 for HTTP and 5001 for HTTPS
	SYNO_Username="synology_cert_user_change_yours" # Synology user must be an administrator. I suggest to create one only for this
	SYNO_Password="synology_cert_user_password_change_yours" # Password of the user
	SYNO_Certificate="acme.sh wildcard certificate" # Description text in Control Panel -> Security -> Certificates
	SYNO_Create=1 # defaults to off, this setting is not saved. By setting to 1 we create the certificate if it's not in DSM
	SYNO_DID="" # Cookie ID for 2FA Auth
	# About cert generation with acme.sh for Synology: https://github.com/acmesh-official/acme.sh/wiki/Synology-NAS-Guide
	# About deploy a wildcard cert with 2FA: https://github.com/acmesh-official/acme.sh/wiki/deployhooks#20-deploy-the-cert-into-synology-dsm


	# ACME.SH Paths
	ACME_DIR="/usr/local/share/acme.sh"
	ACME_CONF_DIR="/usr/local/share/acme.sh/"
	ACME_CERT_DIR="/volume1/certs"
	ACME_BIN="${ACME_DIR}/acme.sh"


	###### End of configuration

	DOMAINS_CMD=()
	for DOMAIN in $(echo $DOMAINS \| tr "," "\n"); do
	DOMAINS_CMD+=(-d "${DOMAIN}")
	done

	function issue_new_cert () {
	# Get the certificates First Time
	${ACME_BIN} --issue --dns ${CERT_DNS} \
	${DOMAINS_CMD[@]} \
	--home $ACME_DIR \
	--cert-home $ACME_CERT_DIR \
	--config-home $ACME_CONF_DIR
	}


	function deploy_cert_dsm () {
	${ACME_BIN} --insecure --deploy --deploy-hook synology_dsm\
	${DOMAINS_CMD[@]} \
	--home $ACME_DIR \
	--cert-home $ACME_CERT_DIR \
	--config-home $ACME_CONF_DIR
	}

	echo "----- ISSUE NEW CERT -----"
	issue_new_cert
	echo

	echo "----- DEPLOY CERT -----"
	deploy_cert_dsm
	echo



	# Goto: "Control Panel" -> "Security" -> "Certificates" and can be assigned to Services or set as the default certificate
	echo "FINALIZING"
	echo "----------"
	echo "1. Go to Control Panel > Security > Certificates to assign the new certificates"
	echo "2. Create a Schedubled Task to run weekly for"
	echo " the user ${SYNO_Username} with the content:"
	echo
	echo "SYNO_DID=${SYNO_DID:-''} ${ACME_BIN} --insecure --cron --home ${ACME_DIR} --cert-home ${ACME_CERT_DIR} --config-home ${ACME_CONF_DIR}"
	echo