acme.sh
acme.sh copied to clipboard
Published
20 hours ago •
acmesh-official
acmesh-official
The latest docker image seems to use ECC cert as default which is not compatible with synology_dsm deploy hook
trafficstars
步骤
# 签发证书
docker run --rm \
-v "/xxx/acme.sh":/acme.sh \
-e Ali_Key="xxx" \
-e Ali_Secret="xxx" \
--net=host \
neilpang/acme.sh \
--issue --dns dns_ali --dnssleep 60 -d "xxx.com" -d "*.xxx.com" --server letsencrypt
# 部署到群晖
docker run --rm \
-v "/xxx/acme.sh":/acme.sh \
-e SYNO_Username="xxx" \
-e SYNO_Password="xxx" \
-e SYNO_Scheme="http" \
-e SYNO_Port="5007" \
-e SYNO_Certificate="" \
--net=host \
neilpang/acme.sh \
--deploy -d "xxx.com" \
--deploy-hook synology_dsm
使用的镜像是 2023-04-21 发布的:
neilpang/acme.sh:latest
DIGEST:sha256:0fb1e0f72e47ca25d56842f35025fc51f96afa8c91ea53f0251df20554694694
现象:
证书目录多了一个 _ecc 后缀的目录,在该文件夹中生成了新的证书,但并未能正常 deploy 到群晖中。
Please upgrade to the latest code and try again first. Maybe it's already fixed. acme.sh --upgrade If it's still not working, please provide the log with --debug 2, otherwise, nobody can help you.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
脚本参数更改为acme.sh --renew --dns --server letsencrypt -k 2048 -d your.domain.com,即可正常签发非ECC证书 。 for details/refers:#2350
脚本参数更改为acme.sh --renew --dns --server letsencrypt -k 2048 -d your.domain.com,即可正常签发非ECC证书 。 for details/refers:#2350
嗯。手动添加参数是可以正常签发的,提这个 issue 主要是反馈镜像突然更新了一个不兼容的版本导致了问题