zakes-it · April 30, 2025 19:59
diff --git a/acme-renewal.sh b/acme-renewal.sh
 #!/bin/sh

 cd /root || exit

 SSL_VAR=$(cat /usr/syno/etc/certificate/_archive/DEFAULT)
 MY_DOMAIN='example.com'
 DNS_PROVIDER='dns_namecom'
 DOCKER_USER='docker-admin'
 NGINX_SSL_PATH='/volume2/docker/nginx/ssl/'
 CADDY_SSL_PATH='/volume2/docker/caddy/ssl/'

 if [ -f /root/.acme.sh/acme.sh ]; then 
    echo "Attempt To Renew Certificate and reload synology nginx service"
    /root/.acme.sh/acme.sh --issue \
        --server letsencrypt \
        -d '*.'"${MY_DOMAIN}" \
        -d "${MY_DOMAIN}" \
        --dns "${DNS_PROVIDER}" \
        --certpath /usr/syno/etc/certificate/_archive/${SSL_VAR}/cert.pem \
        --keypath /usr/syno/etc/certificate/_archive/${SSL_VAR}/privkey.pem \
        --fullchainpath /usr/syno/etc/certificate/_archive/${SSL_VAR}/fullchain.pem \
        --capath /usr/syno/etc/certificate/_archive/${SSL_VAR}/chain.pem \
        --reloadcmd "/usr/syno/bin/synow3tool --gen-all && sudo systemctl reload nginx"

    if [ $? -ne 0 ]; then
        echo "Cert renew for ${MY_DOMAIN} failed"
        exit 1
    else
        # Renew docker container certs
        cp /usr/syno/etc/certificate/_archive/${SSL_VAR}/fullchain.pem "${NGINX_SSL_PATH}"
        cp /usr/syno/etc/certificate/_archive/${SSL_VAR}/privkey.pem "${NGINX_SSL_PATH}"
        chown "${DOCKER_USER}" "${NGINX_SSL_PATH}fullchain.pem"
        chown "${DOCKER_USER}" "${NGINX_SSL_PATH}privkey.pem"
        cp /usr/syno/etc/certificate/_archive/${SSL_VAR}/fullchain.pem "${CADDY_SSL_PATH}"
        cp /usr/syno/etc/certificate/_archive/${SSL_VAR}/privkey.pem "${CADDY_SSL_PATH}"
        chown "${DOCKER_USER}" "${CADDY_SSL_PATH}fullchain.pem"
        chown "${DOCKER_USER}" "${CADDY_SSL_PATH}privkey.pem"
        synowebapi --exec api=SYNO.Docker.Container version=1 method=restart name="nginx1"
        synowebapi --exec api=SYNO.Docker.Container version=1 method=restart name="caddy-1"
    fi

 else 
    echo "Install acme.sh" 
    export FORCE=1
    wget -O -  https://get.acme.sh | sh
    cp /volume1/path/to/ACME/account.conf /root/.acme.sh/account.conf
 fi
	#!/bin/sh

	cd /root \|\| exit

	SSL_VAR=$(cat /usr/syno/etc/certificate/_archive/DEFAULT)
	MY_DOMAIN='example.com'
	DNS_PROVIDER='dns_namecom'
	DOCKER_USER='docker-admin'
	NGINX_SSL_PATH='/volume2/docker/nginx/ssl/'
	CADDY_SSL_PATH='/volume2/docker/caddy/ssl/'

	if [ -f /root/.acme.sh/acme.sh ]; then
	echo "Attempt To Renew Certificate and reload synology nginx service"
	/root/.acme.sh/acme.sh --issue \
	--server letsencrypt \
	-d '*.'"${MY_DOMAIN}" \
	-d "${MY_DOMAIN}" \
	--dns "${DNS_PROVIDER}" \
	--certpath /usr/syno/etc/certificate/_archive/${SSL_VAR}/cert.pem \
	--keypath /usr/syno/etc/certificate/_archive/${SSL_VAR}/privkey.pem \
	--fullchainpath /usr/syno/etc/certificate/_archive/${SSL_VAR}/fullchain.pem \
	--capath /usr/syno/etc/certificate/_archive/${SSL_VAR}/chain.pem \
	--reloadcmd "/usr/syno/bin/synow3tool --gen-all && sudo systemctl reload nginx"

	if [ $? -ne 0 ]; then
	echo "Cert renew for ${MY_DOMAIN} failed"
	exit 1
	else
	# Renew docker container certs
	cp /usr/syno/etc/certificate/_archive/${SSL_VAR}/fullchain.pem "${NGINX_SSL_PATH}"
	cp /usr/syno/etc/certificate/_archive/${SSL_VAR}/privkey.pem "${NGINX_SSL_PATH}"
	chown "${DOCKER_USER}" "${NGINX_SSL_PATH}fullchain.pem"
	chown "${DOCKER_USER}" "${NGINX_SSL_PATH}privkey.pem"
	cp /usr/syno/etc/certificate/_archive/${SSL_VAR}/fullchain.pem "${CADDY_SSL_PATH}"
	cp /usr/syno/etc/certificate/_archive/${SSL_VAR}/privkey.pem "${CADDY_SSL_PATH}"
	chown "${DOCKER_USER}" "${CADDY_SSL_PATH}fullchain.pem"
	chown "${DOCKER_USER}" "${CADDY_SSL_PATH}privkey.pem"
	synowebapi --exec api=SYNO.Docker.Container version=1 method=restart name="nginx1"
	synowebapi --exec api=SYNO.Docker.Container version=1 method=restart name="caddy-1"
	fi

	else
	echo "Install acme.sh"
	export FORCE=1
	wget -O - https://get.acme.sh \| sh
	cp /volume1/path/to/ACME/account.conf /root/.acme.sh/account.conf
	fi