josiah
7b7284c32f
all of this is required for the synology LE role to work. this is still a massive WIP commit. synology LE works, but synology webdav using that LE cert does not yet work. there appears to be some cipher mismatch issue by default.
43 lines
1.3 KiB
Django/Jinja
43 lines
1.3 KiB
Django/Jinja
#!/bin/sh
|
|
set -eu
|
|
|
|
export DO_AUTH_TOKEN={{ acmedns_syno_auth_token }}
|
|
|
|
echoexec() { echo "Running: $*"; $*; }
|
|
|
|
echoexec /usr/local/bin/wraplego.py \
|
|
--verbose \
|
|
--legodir "{{ acmedns_syno_updater_certificate_dir }}" \
|
|
--email "{{ acmedns_syno_updater_email }}" \
|
|
--domain "{{ acmedns_syno_updater_domain }}" \
|
|
--authenticator "digitalocean" \
|
|
|
|
host="{{ acmedns_syno_updater_syn_user }}@{{ acmedns_syno_updater_syn_server }}"
|
|
date=$(date +%Y%m%d)
|
|
tmppath=/tmp/${date}-acme-update
|
|
scp -r {{ acmedns_syno_updater_certificate_dir }}/certificates $host:$tmppath
|
|
|
|
#
|
|
# SSH to the remote server and install the certs:
|
|
#
|
|
|
|
echo "$(cat <<ENDSSH
|
|
echo "$(cat <<ENDSUDO
|
|
echo 'Copying files...'
|
|
cd /usr/syno/etc/ssl
|
|
if ! test -d /usr/syno/etc/certificate.acme_renew_hook_backup; then
|
|
cp -r /usr/syno/etc/certificate /usr/syno/etc/certificate.acme_renew_hook_backup
|
|
fi
|
|
chown -R root:root "$tmppath"
|
|
mv $tmppath/{{ acmedns_syno_updater_domain }}.crt /usr/syno/etc/certificate/system/default/fullchain.pem
|
|
mv $tmppath/{{ acmedns_syno_updater_domain }}.key /usr/syno/etc/certificate/system/default/privkey.pem
|
|
echo 'Removing temp dir...'
|
|
rm -rf $tmppath
|
|
echo 'Reloading webserver...'
|
|
sudo /usr/syno/sbin/synoservicecfg --reload nginx
|
|
echo 'Done'
|
|
ENDSUDO
|
|
)" | sudo su -
|
|
ENDSSH
|
|
)" | ssh $host
|