● 시놀로지작업)동영상 분석 테스트 letsencrypt 업데이트 및 자동 업 데이트

주) 1일 5회이상 발급 안됨,,,,에러 나옴  >>> 2~3일  후 재설정

주) 동영상 경로 상이함

동영상 정보

주) 경로 상이함

https://www.youtube.com/watch?v=GBX-hLV34XY

---이하 정보 ----

1.도메인 동작 확인

syno-letsencrypt new-cert -d yourdomain.com -m sinsung21@nate.com -v

자신의 도메인 인증서 포스팅 저장위치

syno-letsencrypt new-cert -d 11q.kr -m ss1145@gmail.com -v

syno-letsencrypt new-cert -d 11q.duckdns.org -m ss1145@gmail.com -v

/var/services/homes/shimss/acme.sh 

/var/services/homes/shimss/.acme.sh/acme.sh --renew --dns --force -d 1q.kr -d *.11q.kr --yes-I-know-dns-manual-mode-enough-go-ahead-please --server letsencrypt

===================

1-1.ssh를통해 acme.sh 스크립트 다운로드

cd /var/services/homes/shimss/

wget https://raw.githubusercontent.com/acmesh-official/acme.sh/master/acme.sh

cd /var/services/homes/shimss/.acme.sh

clear

ls -lrt /var/services/homes/shimss/

ls -lrt  /var/services/homes/shimss/.acme.sh

2.실행권한 부여

cd /var/services/homes/shimss/.acme.sh

chmod a+x acme.sh

acme.sh --upgrade

/var/services/homes/shimss/.acme.sh 에 생성

3.zeroSSl 사이트 계정 등록

acme.sh --register-account --server letsencrypt

acme.sh --set-default-ca --server letsencrypt

acme.sh --cron

또는 

/var/services/homes/shimss/.acme.sh/acme.sh --register-account --server letsencrypt

/var/services/homes/shimss/.acme.sh/acme.sh --set-default-ca --server letsencrypt

/var/services/homes/shimss/.acme.sh/acme.sh --cron

https://toolbox.googleapps.com/apps/dig/?lang=ko#TXT/11q.kr

https://hosting.cafe24.com/?controller=myservice_domain_vservice&method=dnsManager&serverMode=&domain=11q.kr&searchDomain=&selectedViewArea=div_txt

4.인증서 발급

acme.sh --issue --dns --force -d yourdomain.com -d *.yourdomain.com --yes-I-know-dns-manual-mode-enough-go-ahead-please --server letsencrypt

실패

/var/services/homes/shimss/.acme.sh/acme.sh --issue --dns --force -d 11q.kr -d *.11q.kr --yes-I-know-dns-manual-mode-enough-go-ahead-please --server letsencrypt --renew

실패

/var/services/homes/shimss/.acme.sh/acme.sh --issue --dns --force -d 11q.duckdns.org -d *.11q.duckdns.org --yes-I-know-dns-manual-mode-enough-go-ahead-please --server letsencrypt --force  --debug  --renew --reloadcmd "systemctl reload nginx.service"

??

/var/services/homes/shimss/.acme.sh/acme.sh --issue --dns --force -d 11q.kr -d *.11q.kr --yes-I-know-dns-manual-mode-enough-go-ahead-please --server letsencrypt --force  --debug  --renew --reloadcmd "systemctl reload nginx.service"

1일 5회 생성 불가능,,,,성공

성공

5. 도메인 레코드값 TXT value값 생성 

===========> 확인 합니다

[Mon Apr  3 03:18:43 KST 2023] d='11q.kr'

[Mon Apr  3 03:18:43 KST 2023] _d_alias

[Mon Apr  3 03:18:43 KST 2023] txtdomain='_acme-challenge.11q.kr'

[Mon Apr  3 03:18:43 KST 2023] txt='j2En7Nd-GFU1zCGu7DH76Kv73sFloB8q-cp9_rv8Pr4'

[Mon Apr  3 03:18:43 KST 2023] d_api

[Mon Apr  3 03:18:43 KST 2023] Add the following TXT record:

[Mon Apr  3 03:18:43 KST 2023] Domain: '_acme-challenge.11q.kr'

[Mon Apr  3 03:18:43 KST 2023] TXT value: 'j2En7Nd-GFU1zCGu7DH76Kv73sFloB8q-cp9_rv8Pr4'

[Mon Apr  3 03:18:43 KST 2023] Please be aware that you prepend _acme-challenge. before your domain

[Mon Apr  3 03:18:43 KST 2023] so the resulting subdomain will be: _acme-challenge.11q.kr

[Mon Apr  3 03:18:43 KST 2023] d='*.11q.kr'

[Mon Apr  3 03:18:43 KST 2023] _d_alias

[Mon Apr  3 03:18:43 KST 2023] txtdomain='_acme-challenge.11q.kr'

[Mon Apr  3 03:18:43 KST 2023] txt='ZZBFz87nu3e1QCzqvACQWleh6zd85iAqgLWs9xnaL1Y'

[Mon Apr  3 03:18:43 KST 2023] d_api

[Mon Apr  3 03:18:43 KST 2023] Add the following TXT record:

[Mon Apr  3 03:18:43 KST 2023] Domain: '_acme-challenge.11q.kr'

[Mon Apr  3 03:18:43 KST 2023] TXT value: 'ZZBFz87nu3e1QCzqvACQWleh6zd85iAqgLWs9xnaL1Y'

[Mon Apr  3 03:18:43 KST 2023] Please be aware that you prepend _acme-challenge. before your domain

[Mon Apr  3 03:18:43 KST 2023] so the resulting subdomain will be: _acme-challenge.11q.kr

[Mon Apr  3 03:18:43 KST 2023] Dns record not added yet, so, save to /root/.acme.sh/11q.kr_ecc/11q.kr.conf and exit.

[Mon Apr  3 03:18:43 KST 2023] Please add the TXT records to the domains, and re-run with --renew.

[Mon Apr  3 03:18:43 KST 2023] _on_issue_err

<  카페24시에서 txt를  수정 합니다>

https://hosting.cafe24.com/?controller=myservice_domain_vservice&method=dnsManager&serverMode=&domain=11q.kr&searchDomain=&selectedViewArea=div_txt

< 구글 에서 확인 >

https://toolbox.googleapps.com/apps/dig/?lang=ko#TXT/11q.kr

6. 도메인 txt 레코드 등록 확인

nslookup

set type=txt

_acme-challenge.도메인

------------------------

root@www11qkr:~# nslookup

> set type=txt

> _acme-challenge.11q.kr

Server:         8.8.8.8

Address:        8.8.8.8#53

Non-authoritative answer:

_acme-challenge.11q.kr  text = "ZZBFz87nu3e1QCzqvACQWleh6zd85iAqgLWs9xnaL1Y"

_acme-challenge.11q.kr  text = "j2En7Nd-GFU1zCGu7DH76Kv73sFloB8q-cp9_rv8Pr4"

Authoritative answers can be found from:

>

> exit

root@www11qkr:~#

-------------------

7. 도메인 최종 발급갱신

./acme.sh --renew --dns --force -d yourdomain.com -d *.yourdomain.com --yes-I-know-dns-manual-mode-enough-go-ahead-please --server letsencrypt

/var/services/homes/shimss/.acme.sh/acme.sh --renew --dns --force -d 11q.kr -d *.11q.kr --yes-I-know-dns-manual-mode-enough-go-ahead-please --server letsencrypt

8. root/.acme.sh/yourdomain 디렉토리안에 인증서 파일이 생성됨

[Fri Jul 30 03:18:22 KST 2021] Your cert is in  /root/.acme.sh/yourdomain.com/yourdomain.com.cer 

[Fri Jul 30 03:18:22 KST 2021] Your cert key is in  /root/.acme.sh/yourdomain.com/yourdomain.com.key 

[Fri Jul 30 03:18:22 KST 2021] The intermediate CA cert is in  /root/.acme.sh/yourdomain.com/ca.cer 

[Fri Jul 30 03:18:22 KST 2021] And the full chain certs is there:  /root/.acme.sh/yourdomain.com/fullchain.cer 

< 생성 확인>

clear

cat /usr/syno/etc/certificate/_archive/DEFAULT

ls -lrt /root/.acme.sh/11q.kr/

ls -lrt /usr/syno/etc/certificate/_archive/9voMnZ

# ================================================

ls -l /root/.acme.sh/11q.kr/

root@www11qkr:~# ll /root/.acme.sh/11q.kr/

total 40

drwx------ 2 root root 4096 Oct 25 11:00 .

drwx------ 8 root root 4096 Apr  3 03:15 ..

-rw-r--r-- 1 root root 1818 Apr  3 10:41 11q.kr.cer

-rw------- 1 root root  595 Apr  3 10:41 11q.kr.conf

-rw------- 1 root root  976 Apr  3 10:41 11q.kr.csr

-rw------- 1 root root  179 Apr  3 10:41 11q.kr.csr.conf

-rw------- 1 root root 1679 Oct 23 01:49 11q.kr.key

-rw-r--r-- 1 root root 3751 Apr  3 10:41 ca.cer

-rw-r--r-- 1 root root 5569 Apr  3 10:41 fullchain.cer

root@www11qkr:~#

시놀로지 dsm의 인증서 경로 확인

ll /usr/syno/etc/certificate/_archive/

---

root@www11qkr:~# ll /usr/syno/etc/certificate/_archive/

total 32

drwx------ 4 root root 4096 Apr  2 04:15 .

drwxr-xr-x 7 root root 4096 Jul 24  2022 ..

drwx------ 2 root root 4096 Mar 22 11:03 9voMnZ

-rw------- 1 root root    7 Jul 25  2022 DEFAULT

-rw------- 1 root root 2979 Apr  2 04:15 INFO

drwx------ 2 root root 4096 Jul 24  2022 LjavGO

-rwx------ 1 root root 2324 Apr  2 04:15 SERVICES

-rw-r--r-- 1 root root   41 Apr  1 17:06 .syno-ca-cert.srl

root@www11qkr:~# cat /usr/syno/etc/certificate/_archive/DEFAULT

9voMnZ

---------------

ll /root/.acme.sh/11q.kr/

에서

ll /usr/syno/etc/certificate/_archive/9voMnZ

로 복사해야 합니다

---------

# 인증서 생성1

# cafe24 txt 변경

# https://hosting.cafe24.com/?controller=myservice_domain_vservice&method=dnsManager&serverMode=&domain=11q.kr&searchDomain=&selectedViewArea=div_txt

# https://toolbox.googleapps.com/apps/dig/?lang=ko#TXT/11q.kr

# 인증서 생성2 (정상)

/var/services/homes/shimss/.acme.sh/acme.sh --issue --dns --force -d 11q.kr -d *.11q.kr --yes-I-know-dns-manual-mode-enough-go-ahead-please --server letsencrypt --force  --debug  --renew --reloadcmd "systemctl reload nginx.service"

/var/services/homes/shimss/.acme.sh/acme.sh --issue --dns --force -d 11q.duckdns.org -d *.duckdns.org --yes-I-know-dns-manual-mode-enough-go-ahead-please --server letsencrypt --force  --debug  --renew --reloadcmd "systemctl reload nginx.service"

/root/.acme.sh/acme.sh --issue --dns --force -d 11q.duckdns.org -d *.duckdns.org --yes-I-know-dns-manual-mode-enough-go-ahead-please --server letsencrypt --force  --debug  --renew --reloadcmd "systemctl reload nginx.service"

# ==============================================

# 정기적인 갱신 작업(작업 스케줄러에 복사)

# ==============================================

# 인증서 임시폴더에서 디볼트로  복사 진행  합니다(2차는 작업 스케쥴러 업데이트용)

# 인증서 갱신  ============================

/var/services/homes/shimss/.acme.sh/acme.sh --renew --dns --force -d 11q.kr -d *.11q.kr --yes-I-know-dns-manual-mode-enough-go-ahead-please --server letsencrypt --force  --debug  --renew --reloadcmd "systemctl reload nginx.service"

/var/services/homes/shimss/.acme.sh/acme.sh --renew --dns --force -d 11q.duckdns.org -d *.11q.duckdns.org --yes-I-know-dns-manual-mode-enough-go-ahead-please --server letsencrypt --force  --debug  --renew --reloadcmd "systemctl reload nginx.service"

# 인증서 dsm으로 복사 =================

clear

cat /usr/syno/etc/certificate/_archive/DEFAULT

ls -lrt /root/.acme.sh/11q.kr/

ls -lrt /usr/syno/etc/certificate/_archive/bN4LAZ

/bin/cp /root/.acme.sh/11q.kr/11q.kr.cer  /usr/syno/etc/certificate/_archive/bN4LAZ/cert.pem

/bin/cp /root/.acme.sh/11q.kr/11q.kr.key /usr/syno/etc/certificate/_archive/bN4LAZ/privkey.pem

/bin/cp /root/.acme.sh/11q.kr/ca.cer /usr/syno/etc/certificate/_archive/bN4LAZ/chain.pem

/bin/cp /root/.acme.sh/11q.kr/fullchain.cer  /usr/syno/etc/certificate/_archive/bN4LAZ/fullchain.pem

# 복사후 제어판_보안_인증서 확인

clear

cat /usr/syno/etc/certificate/_archive/DEFAULT

ls -lrt /root/.acme.sh/11q.kr/

ls -lrt /usr/syno/etc/certificate/_archive/bN4LAZ

# ================================================

------------------

9. root/.acme.sh/yourdomain의 모든 인증서 파일을 /var/services/homes/yourdirectory 로 복사

root@baseyou21:# cd /root/.acme.sh/yourdomain

root@baseyou21:~/.acme.sh/yourdomain# cp .  /var/services/homes/yourdirectory/

10.나스의 diskstation에서 homes/yourdirectory 계정안의 인증서 파일 모두 다운로드

yourdomain.csr, ca.cer

yourdomain.cer   yourdomain.csr.conf      fullchain.cer

yourdomain.conf  yourdomain.key  

11. 제어판-보안-인증서

추가-새인증서-인증서 가져오기

개인키 : yourdomain.key

인증서 : yourdomain.cer

중간 인증서 : ca.cer

로 인증서파일 불러오기 및 등록

-----------------------------------------------------------------------------------------------------------------------------------

/var/services/homes/shimss/.acme.sh/acme.sh

#  인증서 임시폴더에서 디볼트로  복사 진행  합니다(2차는 작업 스케쥴러 업데이트용)

# ============================

/bin/cp /root/.acme.sh/11q.kr/11q.kr.cer  /usr/syno/etc/certificate/_archive/9voMnZ/cert.pem

/bin/cp /root/.acme.sh/11q.kr/11q.kr.key /usr/syno/etc/certificate/_archive/9voMnZ/privkey.pem

/bin/cp /root/.acme.sh/11q.kr/ca.cer /usr/syno/etc/certificate/_archive/9voMnZ/chain.pem

/bin/cp /root/.acme.sh/11q.kr/fullchain.cer  /usr/syno/etc/certificate/_archive/9voMnZ/fullchain.pem

systemctl restart pkgctl-WebStation

☞ https://11q.kr 에 등록된 자료 입니다. ♠ 정보찾아 공유 드리며 출처는 링크 참조 바랍니다♠