Let's Encrypt自动续期后自动同步Proxmox VE和DSM证书
上次我们讲了Let’s Encrypt通过DNS TXT记录来验证域名有效性,其中文章最后写了,如何使用certbot renew进行自动续期。那自动续期成功了,如何同步到PVE和DSM呢?
下面我们使用脚本来进行自动同步。
- 需要在
Proxmox VE和DSM服务器配置SSH免密登录
自动同步Proxmox VE证书
- 同步到本机的
Proxmox VE1
2
3cp /etc/letsencrypt/live/blog.margrop.net/fullchain.pem /etc/pve/local/pveproxy-ssl.pem
cp /etc/letsencrypt/live/blog.margrop.net/privkey.pem /etc/pve/local/pveproxy-ssl.key
systemctl restart pveproxy - 同步到局域网的
Proxmox VE1
2
3scp /etc/letsencrypt/live/blog.margrop.net/fullchain.pem [email protected]:/etc/pve/local/pveproxy-ssl.pem
scp /etc/letsencrypt/live/blog.margrop.net/privkey.pem [email protected]:/etc/pve/local/pveproxy-ssl.key
ssh [email protected] "systemctl restart pveproxy"
自动同步DSM证书
- 同步到局域网的
DSM - 脚本里面的
gnEsPP,每个群晖的路径都不一样,请根据实际情况自行替换。1
2
3
4
5
6
7
8scp /etc/letsencrypt/live/blog.margrop.net/fullchain.pem [email protected]:/usr/syno/etc/certificate/_archive/gnEsPP/fullchain.pem
scp /etc/letsencrypt/live/blog.margrop.net/privkey.pem [email protected]:/usr/syno/etc/certificate/_archive/gnEsPP/privkey.pem
scp /etc/letsencrypt/live/blog.margrop.net/chain.pem [email protected]:/usr/syno/etc/certificate/_archive/gnEsPP/chain.pem
scp /etc/letsencrypt/live/blog.margrop.net/cert.pem [email protected]:/usr/syno/etc/certificate/_archive/gnEsPP/cert.pem
scp /etc/letsencrypt/live/blog.margrop.net/fullchain.pem [email protected]:/usr/syno/etc/certificate/system/default/fullchain.pem
scp /etc/letsencrypt/live/blog.margrop.net/privkey.pem [email protected]:/usr/syno/etc/certificate/system/default/privkey.pem
scp /etc/letsencrypt/live/blog.margrop.net/chain.pem [email protected]:/usr/syno/etc/certificate/system/default/chain.pem
scp /etc/letsencrypt/live/blog.margrop.net/cert.pem [email protected]:/usr/syno/etc/certificate/system/default/cert.pem