3 # Here is a script to deploy cert to Synology DSM
5 # it requires the jq and curl are in the $PATH and the following
6 # environment variables must be set:
8 # SYNO_Username - Synology Username to login (must be an administrator)
9 # SYNO_Password - Synology Password to login
10 # SYNO_Certificate - Certificate description to target for replacement
12 # The following environmental variables may be set if you don't like their
15 # SYNO_Scheme - defaults to http
16 # SYNO_Hostname - defaults to localhost
17 # SYNO_Port - defaults to 5000
18 # SYNO_DID - device ID to skip OTP - defaults to empty
20 #returns 0 means success, otherwise error.
22 ######## Public functions #####################
24 #domain keyfile certfile cafile fullchain
25 synology_dsm_deploy
() {
32 _debug _cdomain
"$_cdomain"
34 # Get Username and Password, but don't save until we successfully authenticate
35 _getdeployconf SYNO_Username
36 _getdeployconf SYNO_Password
37 _getdeployconf SYNO_Create
38 _getdeployconf SYNO_DID
39 if [ -z "${SYNO_Username:-}" ] ||
[ -z "${SYNO_Password:-}" ]; then
40 _err
"SYNO_Username & SYNO_Password must be set"
43 _debug2 SYNO_Username
"$SYNO_Username"
44 _secure_debug2 SYNO_Password
"$SYNO_Password"
46 # Optional scheme, hostname, and port for Synology DSM
47 _getdeployconf SYNO_Scheme
48 _getdeployconf SYNO_Hostname
49 _getdeployconf SYNO_Port
51 # default vaules for scheme, hostname, and port
52 # defaulting to localhost and http because it's localhost...
53 [ -n "${SYNO_Scheme}" ] || SYNO_Scheme
="http"
54 [ -n "${SYNO_Hostname}" ] || SYNO_Hostname
="localhost"
55 [ -n "${SYNO_Port}" ] || SYNO_Port
="5000"
57 _savedeployconf SYNO_Scheme
"$SYNO_Scheme"
58 _savedeployconf SYNO_Hostname
"$SYNO_Hostname"
59 _savedeployconf SYNO_Port
"$SYNO_Port"
61 _debug2 SYNO_Scheme
"$SYNO_Scheme"
62 _debug2 SYNO_Hostname
"$SYNO_Hostname"
63 _debug2 SYNO_Port
"$SYNO_Port"
65 # Get the certificate description, but don't save it until we verfiy it's real
66 _getdeployconf SYNO_Certificate
67 _debug SYNO_Certificate
"${SYNO_Certificate:-}"
69 _base_url
="$SYNO_Scheme://$SYNO_Hostname:$SYNO_Port"
70 _debug _base_url
"$_base_url"
72 _debug
"Getting API version"
73 response
=$
(_get
"$_base_url/webapi/query.cgi?api=SYNO.API.Info&version=1&method=query&query=SYNO.API.Auth")
74 api_version
=$
(echo "$response" |
grep "SYNO.API.Auth" |
sed -n 's/.*"maxVersion" *: *\([0-9]*\).*/\1/p')
75 _debug3 response
"$response"
76 _debug3 api_version
"$api_version"
78 # Login, get the token from JSON and session id from cookie
79 _info
"Logging into $SYNO_Hostname:$SYNO_Port"
80 encoded_username
="$(printf "%s
" "$SYNO_Username" | _url_encode)"
81 encoded_password
="$(printf "%s
" "$SYNO_Password" | _url_encode)"
83 if [ -n "$SYNO_DID" ]; then
84 _H1
="Cookie: did=$SYNO_DID"
89 response
=$
(_post
"method=login&account=$encoded_username&passwd=$encoded_password&api=SYNO.API.Auth&version=$api_version&enable_syno_token=yes" "$_base_url/webapi/auth.cgi?enable_syno_token=yes")
90 token
=$
(echo "$response" |
grep "synotoken" |
sed -n 's/.*"synotoken" *: *"\([^"]*\).*/\1/p')
91 _debug3 response
"$response"
94 if [ -z "$token" ]; then
95 _err
"Unable to authenticate to $SYNO_Hostname:$SYNO_Port using $SYNO_Scheme."
96 _err
"Check your username and password."
99 sid
=$
(echo "$response" |
grep "sid" |
sed -n 's/.*"sid" *: *"\([^"]*\).*/\1/p')
101 _H1
="X-SYNO-TOKEN: $token"
105 # Now that we know the username and password are good, save them
106 _savedeployconf SYNO_Username
"$SYNO_Username"
107 _savedeployconf SYNO_Password
"$SYNO_Password"
108 _savedeployconf SYNO_DID
"$SYNO_DID"
110 _info
"Getting certificates in Synology DSM"
111 response
=$
(_post
"api=SYNO.Core.Certificate.CRT&method=list&version=1&_sid=$sid" "$_base_url/webapi/entry.cgi")
112 _debug3 response
"$response"
113 id
=$
(echo "$response" |
sed -n "s/.*\"desc\":\"$SYNO_Certificate\",\"id\":\"\([^\"]*\).*/\1/p")
116 if [ -z "$id" ] && [ -z "${SYNO_Create:-}" ]; then
117 _err
"Unable to find certificate: $SYNO_Certificate and \$SYNO_Create is not set"
121 # we've verified this certificate description is a thing, so save it
122 _savedeployconf SYNO_Certificate
"$SYNO_Certificate"
125 if echo "$response" |
sed -n "s/.*\"desc\":\"$SYNO_Certificate\",\([^{]*\).*/\1/p" |
grep -- 'is_default":true' >/dev
/null
; then
128 _debug2 default
"$default"
130 _info
"Generate form POST request"
132 delim
="--------------------------$(_utc_date | tr -d -- '-: ')"
133 content
="--$delim${nl}Content-Disposition: form-data; name=\"key\"; filename=\"$(basename "$_ckey")\"${nl}Content-Type: application/octet-stream${nl}${nl}$(cat "$_ckey")\0012"
134 content
="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"cert\"; filename=\"$(basename "$_ccert")\"${nl}Content-Type: application/octet-stream${nl}${nl}$(cat "$_ccert")\0012"
135 content
="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"inter_cert\"; filename=\"$(basename "$_cca")\"${nl}Content-Type: application/octet-stream${nl}${nl}$(cat "$_cca")\0012"
136 content
="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"id\"${nl}${nl}$id"
137 content
="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"desc\"${nl}${nl}${SYNO_Certificate}"
138 content
="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"as_default\"${nl}${nl}${default}"
139 content
="$content${nl}--$delim--${nl}"
140 content
="$(printf "%b_
" "$content")"
141 content
="${content%_}" # protect trailing \n
143 _info
"Upload certificate to the Synology DSM"
144 response
=$
(_post
"$content" "$_base_url/webapi/entry.cgi?api=SYNO.Core.Certificate&method=import&version=1&SynoToken=$token&_sid=$sid" "" "POST" "multipart/form-data; boundary=${delim}")
145 _debug3 response
"$response"
147 if ! echo "$response" |
grep '"error":' >/dev
/null
; then
148 if echo "$response" |
grep '"restart_httpd":true' >/dev
/null
; then
149 _info
"http services were restarted"
151 _info
"http services were NOT restarted"
155 _err
"Unable to update certificate, error code $response"
projects / mirror_acme.sh.git / blob