Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

The latest docker image seems to use ECC cert as default which is not compatible with synology_dsm deploy hook #4621

Open
HADB opened this issue May 1, 2023 · 4 comments
Open

The latest docker image seems to use ECC cert as default which is not compatible with synology_dsm deploy hook #4621

HADB opened this issue May 1, 2023 · 4 comments

Comments

@HADB
Copy link

HADB commented May 1, 2023
edited

步骤

# 签发证书
docker run --rm \
-v "/xxx/acme.sh":/acme.sh \
-e Ali_Key="xxx" \
-e Ali_Secret="xxx" \
--net=host \
neilpang/acme.sh \
--issue --dns dns_ali --dnssleep 60 -d "xxx.com" -d "*.xxx.com" --server letsencrypt


# 部署到群晖
docker run --rm \
-v "/xxx/acme.sh":/acme.sh \
-e SYNO_Username="xxx" \
-e SYNO_Password="xxx" \
-e SYNO_Scheme="http" \
-e SYNO_Port="5007" \
-e SYNO_Certificate="" \
--net=host \
neilpang/acme.sh \
--deploy -d "xxx.com" \
--deploy-hook synology_dsm

使用的镜像是 2023-04-21 发布的:

neilpang/acme.sh:latest
DIGEST:sha256:0fb1e0f72e47ca25d56842f35025fc51f96afa8c91ea53f0251df20554694694

现象:

证书目录多了一个 _ecc 后缀的目录,在该文件夹中生成了新的证书,但并未能正常 deploy 到群晖中。
@github-actions
Copy link

github-actions bot commented May 1, 2023

Please upgrade to the latest code and try again first. Maybe it's already fixed. acme.sh --upgrade If it's still not working, please provide the log with --debug 2, otherwise, nobody can help you.

@HADB HADB changed the title The latest docker image seem to use ECC cert as default which is not compatible with synology_dsm deploy hook The latest docker image seems to use ECC cert as default which is not compatible with synology_dsm deploy hook May 1, 2023
@HADB
Copy link
Author

HADB commented May 1, 2023

退回至 neilpang/acme.sh:3.0.5 可解决该问题,3.0.5 版本可正常签发并正常部署至群晖

@HADB HADB mentioned this issue May 1, 2023
Open
@AAkira45
Copy link

AAkira45 commented May 4, 2023
edited

脚本参数更改为acme.sh --renew --dns --server letsencrypt -k 2048 -d your.domain.com,即可正常签发非ECC证书 。
for details/refers:#2350

@HADB
Copy link
Author

HADB commented May 11, 2023

脚本参数更改为acme.sh --renew --dns --server letsencrypt -k 2048 -d your.domain.com,即可正常签发非ECC证书 。 for details/refers:#2350

嗯。手动添加参数是可以正常签发的,提这个 issue 主要是反馈镜像突然更新了一个不兼容的版本导致了问题

@war59312 war59312 mentioned this issue Jul 31, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@HADB @AAkira45