[GH-ISSUE #397] [Feature] 怎么群晖自动替换 #251

New issue

Closed

opened 2026-03-03 01:01:55 +03:00 by kerem · 10 comments

kerem commented 2026-03-03 01:01:55 +03:00

Owner

Copy link

Originally created by @yeyinghai on GitHub (Dec 27, 2024).
Original GitHub issue: https://github.com/certimate-go/certimate/issues/397

部署成功也会自动签发，就是需要手动在群晖里修改下

Originally created by @yeyinghai on GitHub (Dec 27, 2024). Original GitHub issue: https://github.com/certimate-go/certimate/issues/397 部署成功也会自动签发，就是需要手动在群晖里修改下

kerem 2026-03-03 01:01:55 +03:00

• closed this issue
• added the
  enhancement
  label

kerem commented 2026-03-03 01:01:56 +03:00

Author

Owner

Copy link

@heiyu8 commented on GitHub (Jan 11, 2025):

我也是，签名还有问题

<!-- gh-comment-id:2585309545 --> @heiyu8 commented on GitHub (Jan 11, 2025): 我也是，签名还有问题

kerem commented 2026-03-03 01:01:56 +03:00

Author

Owner

Copy link

@zijiwork commented on GitHub (Jan 21, 2025):

我也是，签名还有问题

可以试试这个 https://ssl.dnsjia.com

<!-- gh-comment-id:2603632233 --> @zijiwork commented on GitHub (Jan 21, 2025): > 我也是，签名还有问题 可以试试这个 https://ssl.dnsjia.com

kerem commented 2026-03-03 01:01:57 +03:00

Author

Owner

Copy link

@fudiwei commented on GitHub (Feb 11, 2025):

可参考此链接，以 SSH 方式部署：

https://taoshu.in/unix/synology-https.html
https://github.com/catchdave/ssl-certs/blob/main/replace_synology_ssl_certs.sh

<!-- gh-comment-id:2650388243 --> @fudiwei commented on GitHub (Feb 11, 2025): 可参考此链接，以 SSH 方式部署： > https://taoshu.in/unix/synology-https.html > https://github.com/catchdave/ssl-certs/blob/main/replace_synology_ssl_certs.sh

kerem commented 2026-03-03 01:01:57 +03:00

Author

Owner

Copy link

@acevsok commented on GitHub (Apr 5, 2025):

如果群晖开启二次验证还有did
不光是文件夹映射的问题
还有证书安装的问题
本地ssh部署 估计必须自己加代码才能实现。

<!-- gh-comment-id:2780636080 --> @acevsok commented on GitHub (Apr 5, 2025): 如果群晖开启二次验证还有did 不光是文件夹映射的问题 还有证书安装的问题 本地ssh部署 估计必须自己加代码才能实现。

kerem commented 2026-03-03 01:01:57 +03:00

Author

Owner

Copy link

@zczc0417 commented on GitHub (May 16, 2025):

@fudiwei 群晖的脚本可能有点问题
failed to execute post-command (stdout: [DEBUG] Default cert directory found: '/usr/syno/etc/certificate/_archive/hdiXXX' [DEBUG] Found proxy dir: /usr/syno/etc/certificate/ReverseProxy/11764be9-f584-4ce6-94b0-96df7aef9383/ [DEBUG] Found proxy dir: /usr/syno/etc/certificate/ReverseProxy/5d98caeb-5cf9-4d5b-bd62-2b0c4e13d6ef/ [DEBUG] Found proxy dir: /usr/syno/etc/certificate/ReverseProxy/69d1f7ec-b080-4af6-986a-708ec4140027/ [ERROR] Halting because of error moving fullchain file , stderr: ash: line 4: =: command not found ash: line 5: =: command not found ash: line 6: =: command not found + cp -rf '' /usr/syno/etc/certificate/system/default/fullchain.pem cp: cannot stat '': No such file or directory + error_exit 'Halting because of error moving fullchain file' + echo '[ERROR] Halting because of error moving fullchain file' + exit 1 ): failed to execute ssh command: Process exited with status 1

<!-- gh-comment-id:2886029705 --> @zczc0417 commented on GitHub (May 16, 2025): @fudiwei 群晖的脚本可能有点问题 failed to execute post-command (stdout: [DEBUG] Default cert directory found: '/usr/syno/etc/certificate/_archive/hdiXXX' [DEBUG] Found proxy dir: /usr/syno/etc/certificate/ReverseProxy/11764be9-f584-4ce6-94b0-96df7aef9383/ [DEBUG] Found proxy dir: /usr/syno/etc/certificate/ReverseProxy/5d98caeb-5cf9-4d5b-bd62-2b0c4e13d6ef/ [DEBUG] Found proxy dir: /usr/syno/etc/certificate/ReverseProxy/69d1f7ec-b080-4af6-986a-708ec4140027/ [ERROR] Halting because of error moving fullchain file , stderr: ash: line 4: =: command not found ash: line 5: =: command not found ash: line 6: =: command not found + cp -rf '' /usr/syno/etc/certificate/system/default/fullchain.pem cp: cannot stat '': No such file or directory + error_exit 'Halting because of error moving fullchain file' + echo '[ERROR] Halting because of error moving fullchain file' + exit 1 ): failed to execute ssh command: Process exited with status 1

kerem commented 2026-03-03 01:01:57 +03:00

Author

Owner

Copy link

@charley008 commented on GitHub (May 30, 2025):

通过
inotifywait -m -r -e create,move,modify --format '%w%f %e'
/usr/syno/etc/
/etc/ssl/certs/
/usr/syno/etc/www/certificate/
/etc/ssl/
/usr/local/etc 2>&1 | tee /tmp/cert_monitor.log
手动更新证书时候发现：
/usr/syno/etc/certificate/_archive/xxxx
/usr/syno/etc/certificate/kmip/kmip
/usr/syno/etc/certificate/smbftpd/ftpd
/usr/local/etc/certificate/WebDAVServer/webdav
/usr/local/etc/certificate/LogCenter/pkg-LogCenter
/usr/local/etc/certificate/ReplicationService/snapshot_receiver
/usr/local/etc/certificate/SynologyDrive/SynologyDrive
/usr/local/etc/certificate/ActiveBackup/ActiveBackup
/usr/local/etc/certificate/ScsiTarget/pkg-scsi-plugin-server
/usr/syno/etc/certificate/system/default
/usr/syno/etc/certificate/AppPortal/VideoStation_AltPort
/usr/syno/etc/certificate/AppPortal/SynologyPhotos_AltPort
/usr/syno/etc/certificate/AppPortal/SynologyDrive_AltPort
/usr/syno/etc/certificate/ReverseProxy/*/
这几个目录有了变更，替换了fullchain.pem privkey.pem cert.pem

<!-- gh-comment-id:2921560996 --> @charley008 commented on GitHub (May 30, 2025): 通过 inotifywait -m -r -e create,move,modify --format '%w%f %e' \ /usr/syno/etc/ \ /etc/ssl/certs/ \ /usr/syno/etc/www/certificate/ \ /etc/ssl/ \ /usr/local/etc 2>&1 | tee /tmp/cert_monitor.log 手动更新证书时候发现： /usr/syno/etc/certificate/_archive/xxxx /usr/syno/etc/certificate/kmip/kmip /usr/syno/etc/certificate/smbftpd/ftpd /usr/local/etc/certificate/WebDAVServer/webdav /usr/local/etc/certificate/LogCenter/pkg-LogCenter /usr/local/etc/certificate/ReplicationService/snapshot_receiver /usr/local/etc/certificate/SynologyDrive/SynologyDrive /usr/local/etc/certificate/ActiveBackup/ActiveBackup /usr/local/etc/certificate/ScsiTarget/pkg-scsi-plugin-server /usr/syno/etc/certificate/system/default /usr/syno/etc/certificate/AppPortal/VideoStation_AltPort /usr/syno/etc/certificate/AppPortal/SynologyPhotos_AltPort /usr/syno/etc/certificate/AppPortal/SynologyDrive_AltPort /usr/syno/etc/certificate/ReverseProxy/*/ 这几个目录有了变更，替换了fullchain.pem privkey.pem cert.pem

kerem commented 2026-03-03 01:01:57 +03:00

Author

Owner

Copy link

@zczc0417 commented on GitHub (May 30, 2025):

这个是我用AI修改后的群晖替换脚本,在我的DSM上经过验证,希望可以帮到你们

#!/bin/bash

设置脚本遇到错误时自动退出

set -e

开启调试模式（设为0则关闭）

DEBUG=1

错误退出函数

error_exit() {
echo "[ERROR] $1"
exit 1
}

警告信息函数

warn() {
echo "[WARN] $1"
}

普通信息输出

info() {
echo "[INFO] $1"
}

调试信息输出

debug() {
"${DEBUG}" && echo "[DEBUG] $1"
}

默认系统证书存放路径（你已将新证书上传到这里）

certs_src_dir="/usr/syno/etc/certificate/system/default"

其他需要更新证书的目录列表

target_cert_dirs=(
"/usr/syno/etc/certificate/system/FQDN"
"/usr/local/etc/certificate/ScsiTarget/pkg-scsi-plugin-server/"
"/usr/local/etc/certificate/SynologyDrive/SynologyDrive/"
"/usr/local/etc/certificate/WebDAVServer/webdav/"
"/usr/syno/etc/certificate/smbftpd/ftpd/"
)

获取默认证书目录名（用于定位 _archive 目录）

default_dir_name=$(</usr/syno/etc/certificate/_archive/DEFAULT)
if -n "$default_dir_name" ; then
target_cert_dirs+=("/usr/syno/etc/certificate/_archive/${default_dir_name}")
debug "找到默认证书归档目录: '/usr/syno/etc/certificate/_archive/${default_dir_name}'"
else
warn "未找到默认证书归档目录，请检查 '/usr/syno/etc/certificate/_archive/DEFAULT'"
fi

查找所有反向代理证书目录并加入目标列表

for proxy in /usr/syno/etc/certificate/ReverseProxy/*/
do
debug "发现反向代理证书目录: ${proxy}"
target_cert_dirs+=("${proxy}")
done

显示调试命令（仅当 DEBUG=1 时）

"${DEBUG}" && set -x

=== 复制证书到各个目标目录 ===

for target_dir in "${target_cert_dirs[@]}"
do
if ! -d "$target_dir" ; then
debug "目标证书目录 '$target_dir' 不存在，跳过..."
continue
fi

info "正在复制证书到目录: $target_dir"

只复制证书文件，不更改权限或属主

cp "${certs_src_dir}/"{privkey,fullchain,cert}.pem "$target_dir/" ||
warn "⚠️ 无法复制证书到目录: $target_dir"
done

=== 重启相关服务使证书生效 ===

通用服务重启函数（带成功/失败提示）

restart_service() {
local service="$1"
/usr/syno/bin/synosystemctl restart "$service"
&& info "✅ 已重启服务: $service"
|| warn "⚠️ 重启服务失败: $service"
}

重启基础网络服务

restart_service nmbd
restart_service avahi
restart_service ldap-server

有条件地重启插件服务（只在运行时重启）

restart_if_running() {
local package="$1"
if /usr/syno/bin/synopkg status "$package" | grep -q 'running'; then
/usr/syno/bin/synopkg restart "$package"
info "✅ 已重启插件: $package"
else
debug "插件未运行，跳过重启: $package"
fi
}

restart_if_running ScsiTarget
restart_if_running SynologyDrive
restart_if_running WebDAVServer

更新 Web 服务器配置并重启 nginx

/usr/syno/bin/synow3tool --gen-all
if /usr/syno/bin/synosystemctl restart nginx; then
info "✅ Nginx 服务已重启"
else
warn "⚠️ Nginx 重启失败，请手动检查配置"
fi

=== 脚本执行完毕 ===

info "🎉 证书更新与服务重启已完成！"

<!-- gh-comment-id:2921619982 --> @zczc0417 commented on GitHub (May 30, 2025): 这个是我用AI修改后的群晖替换脚本,在我的DSM上经过验证,希望可以帮到你们 #!/bin/bash # 设置脚本遇到错误时自动退出 set -e # 开启调试模式（设为0则关闭） DEBUG=1 # 错误退出函数 error_exit() { echo "[ERROR] $1" exit 1 } # 警告信息函数 warn() { echo "[WARN] $1" } # 普通信息输出 info() { echo "[INFO] $1" } # 调试信息输出 debug() { [[ "${DEBUG}" ]] && echo "[DEBUG] $1" } # 默认系统证书存放路径（你已将新证书上传到这里） certs_src_dir="/usr/syno/etc/certificate/system/default" # 其他需要更新证书的目录列表 target_cert_dirs=( "/usr/syno/etc/certificate/system/FQDN" "/usr/local/etc/certificate/ScsiTarget/pkg-scsi-plugin-server/" "/usr/local/etc/certificate/SynologyDrive/SynologyDrive/" "/usr/local/etc/certificate/WebDAVServer/webdav/" "/usr/syno/etc/certificate/smbftpd/ftpd/" ) # 获取默认证书目录名（用于定位 _archive 目录） default_dir_name=$(</usr/syno/etc/certificate/_archive/DEFAULT) if [[ -n "$default_dir_name" ]]; then target_cert_dirs+=("/usr/syno/etc/certificate/_archive/${default_dir_name}") debug "找到默认证书归档目录: '/usr/syno/etc/certificate/_archive/${default_dir_name}'" else warn "未找到默认证书归档目录，请检查 '/usr/syno/etc/certificate/_archive/DEFAULT'" fi # 查找所有反向代理证书目录并加入目标列表 for proxy in /usr/syno/etc/certificate/ReverseProxy/*/ do debug "发现反向代理证书目录: ${proxy}" target_cert_dirs+=("${proxy}") done # 显示调试命令（仅当 DEBUG=1 时） [[ "${DEBUG}" ]] && set -x # === 复制证书到各个目标目录 === for target_dir in "${target_cert_dirs[@]}" do if [[ ! -d "$target_dir" ]]; then debug "目标证书目录 '$target_dir' 不存在，跳过..." continue fi info "正在复制证书到目录: $target_dir" # 只复制证书文件，不更改权限或属主 cp "${certs_src_dir}/"{privkey,fullchain,cert}.pem "$target_dir/" || \ warn "⚠️ 无法复制证书到目录: $target_dir" done # === 重启相关服务使证书生效 === # 通用服务重启函数（带成功/失败提示） restart_service() { local service="$1" /usr/syno/bin/synosystemctl restart "$service" \ && info "✅ 已重启服务: $service" \ || warn "⚠️ 重启服务失败: $service" } # 重启基础网络服务 restart_service nmbd restart_service avahi restart_service ldap-server # 有条件地重启插件服务（只在运行时重启） restart_if_running() { local package="$1" if /usr/syno/bin/synopkg status "$package" | grep -q 'running'; then /usr/syno/bin/synopkg restart "$package" info "✅ 已重启插件: $package" else debug "插件未运行，跳过重启: $package" fi } restart_if_running ScsiTarget restart_if_running SynologyDrive restart_if_running WebDAVServer # 更新 Web 服务器配置并重启 nginx /usr/syno/bin/synow3tool --gen-all if /usr/syno/bin/synosystemctl restart nginx; then info "✅ Nginx 服务已重启" else warn "⚠️ Nginx 重启失败，请手动检查配置" fi # === 脚本执行完毕 === info "🎉 证书更新与服务重启已完成！" 

kerem commented 2026-03-03 01:01:57 +03:00

Author

Owner

Copy link

@charley008 commented on GitHub (May 31, 2025):

@zczc0417 nmbd服务不存在，/usr/syno/etc/certificate/system/FQDN 目录不存在，我的是dsm7.2.1，我对你的脚本做了相应修改。

#!/bin/bash
# *** 需要 root 权限 ***
# dsm7.2.1 dsm7.2.2验证过，其他版本自己摸索
# 把新证书privkey.pem,fullchain.pem,cert.pem上传到 /usr/syno/etc/certificate/system/default 目录下

DEBUG=1 # 开启调试模式（设为0则关闭）

error_exit() { echo "[ERROR] $1"; exit 1; }  # 错误退出函数
warn() { echo "[WARN] $1"; } # 警告信息函数
info() { echo "[INFO] $1"; } # 普通信息输出
debug() { [[ "${DEBUG}" ]] && echo "[DEBUG] $1"; }  # 调试信息输出

certs_src_dir="/usr/syno/etc/certificate/system/default" # 默认系统证书存放路径（请将新证书上传到这里）

# 其他需要更新证书的目录列表
target_cert_dirs=(
  "/usr/local/etc/certificate/ScsiTarget/pkg-scsi-plugin-server/"
  "/usr/local/etc/certificate/SynologyDrive/SynologyDrive/"
  "/usr/local/etc/certificate/WebDAVServer/webdav/"
  "/usr/local/etc/certificate/ActiveBackup/ActiveBackup/"
  "/usr/local/etc/certificate/LogCenter/pkg-LogCenter/"
  "/usr/local/etc/certificate/ReplicationService/snapshot_receiver/"
  "/usr/syno/etc/certificate/smbftpd/ftpd/"
  "/usr/syno/etc/certificate/AppPortal/VideoStation_AltPort/"
  "/usr/syno/etc/certificate/AppPortal/SynologyPhotos_AltPort/"
  "/usr/syno/etc/certificate/AppPortal/SynologyDrive_AltPort/"
  "/usr/syno/etc/certificate/kmip/kmip"
)

# 获取默认证书目录名（用于定位 _archive 目录）
default_dir_name=$(</usr/syno/etc/certificate/_archive/DEFAULT)
if [[ -n "$default_dir_name" ]]; then
target_cert_dirs+=("/usr/syno/etc/certificate/_archive/${default_dir_name}")
debug "找到默认证书归档目录: '/usr/syno/etc/certificate/_archive/${default_dir_name}'"
else
warn "⚠️未找到默认证书归档目录，请检查 '/usr/syno/etc/certificate/_archive/DEFAULT'"
fi
 
# 查找所有反向代理证书目录并加入目标列表
for proxy in /usr/syno/etc/certificate/ReverseProxy/*/
do
debug "发现反向代理证书目录: ${proxy}"
target_cert_dirs+=("${proxy}")
done
 

 [[ "${DEBUG}" ]] && set -x  # 显示调试命令（仅当 DEBUG=1 时）
 
 # === 复制证书到各个目标目录 ===
 for target_dir in "${target_cert_dirs[@]}"
do
if [[ ! -d "$target_dir" ]]; then
debug "⚠️目标证书目录 '$target_dir' 不存在，跳过..."
continue
fi
info "正在复制证书到目录: $target_dir"
 
 # 只复制证书文件，不更改权限或属主
cp -f "${certs_src_dir}/"{privkey,fullchain,cert}.pem "$target_dir/" ||
warn "⚠️ 无法复制证书到目录: $target_dir"
done

 # === 重启相关服务使证书生效 ===
 # 通用服务重启函数（带成功/失败提示）
restart_service() {
local service="$1"
/usr/syno/bin/synosystemctl restart "$service" \
&& info "✅ 已重启服务: $service" \
|| warn "⚠️ 重启服务失败: $service"
}
 
 # 重启基础网络服务(根据自身需求注释)
#restart_service ftpd
#restart_service avahi
#restart_service ldap-server
 
# 有条件地重启插件服务（只在运行时重启）
restart_if_running() {
local package="$1"
if /usr/syno/bin/synopkg status "$package" | grep -q 'running'; then
/usr/syno/bin/synopkg restart "$package"
info "✅ 已重启插件: $package"
else
debug "插件未运行，跳过重启: $package"
fi
}

#根据自身安装的套件做相应的注释
restart_if_running ScsiTarget
#restart_if_running WebDAVServer
#restart_if_running ReplicationService
restart_if_running LogCenter
#restart_if_running ActiveBackup
#restart_if_running SynologyPhotos
#restart_if_running VideoStation
#restart_if_running SynologyDrive

 # 更新 Web 服务器配置并重启 nginx
/usr/syno/bin/synow3tool --gen-all
/usr/syno/bin/synow3tool --nginx=reload
/usr/syno/bin/synow3tool --restart-dsm-service
 # === 脚本执行完毕 ===
 info "🎉 证书更新与服务重启已完成！"

通过dsm web手动更新证书的话，看到/var/log/system.log

2025-06-01T23:10:18+08:00 NAS systemd[1]: Reloaded FTP Daemon.
2025-06-01T23:10:19+08:00 NAS systemd[1]: Stopping Log Center syslog server...
2025-06-01T23:10:20+08:00 NAS systemd[1]: Reloaded Log Center package daemon.
2025-06-01T23:10:20+08:00 NAS systemd[1]: Starting Log Center syslog server...
2025-06-01T23:10:20+08:00 NAS systemd[1]: Reloaded Log Center package daemon.
2025-06-01T23:10:20+08:00 NAS systemd[1]: Started Log Center syslog server.
2025-06-01T23:10:21+08:00 NAS systemd[1]: Stopping Synology Storage Console Server...
2025-06-01T23:10:21+08:00 NAS systemd[1]: Started Synology Storage Console Server.
2025-06-01T23:10:21+08:00 NAS systemd[1]: Starting Synology Storage Console Server...
2025-06-01T23:10:21+08:00 NAS systemd[1]: Reloaded Nginx.
2025-06-01T23:10:22+08:00 NAS systemd[1]: Reloaded Nginx.
2025-06-01T23:10:22+08:00 NAS systemd[1]: Reloaded Nginx.
2025-06-01T23:10:25+08:00 NAS systemd[6875]: SYSTEM:	Last message 'Reloaded Nginx.' repeated 7 times, suppressed by syslog-ng on NAS
2025-06-01T23:10:24+08:00 NAS systemd[1]: Reloaded synorelay daemon.
2025-06-01T23:10:25+08:00 NAS systemd[1]: Reloaded Nginx.
2025-06-01T23:10:25+08:00 NAS systemd[1]: Reloaded synorelay daemon.
2025-06-01T23:10:26+08:00 NAS systemd[1]: Reloaded Nginx.

所以好像没有必要重启那么多服务或者套件。

<!-- gh-comment-id:2924085114 --> @charley008 commented on GitHub (May 31, 2025): @zczc0417 nmbd服务不存在，/usr/syno/etc/certificate/system/FQDN 目录不存在，我的是dsm7.2.1，我对你的脚本做了相应修改。 ``` #!/bin/bash # *** 需要 root 权限 *** # dsm7.2.1 dsm7.2.2验证过，其他版本自己摸索 # 把新证书privkey.pem,fullchain.pem,cert.pem上传到 /usr/syno/etc/certificate/system/default 目录下 DEBUG=1 # 开启调试模式（设为0则关闭） error_exit() { echo "[ERROR] $1"; exit 1; } # 错误退出函数 warn() { echo "[WARN] $1"; } # 警告信息函数 info() { echo "[INFO] $1"; } # 普通信息输出 debug() { [[ "${DEBUG}" ]] && echo "[DEBUG] $1"; } # 调试信息输出 certs_src_dir="/usr/syno/etc/certificate/system/default" # 默认系统证书存放路径（请将新证书上传到这里） # 其他需要更新证书的目录列表 target_cert_dirs=( "/usr/local/etc/certificate/ScsiTarget/pkg-scsi-plugin-server/" "/usr/local/etc/certificate/SynologyDrive/SynologyDrive/" "/usr/local/etc/certificate/WebDAVServer/webdav/" "/usr/local/etc/certificate/ActiveBackup/ActiveBackup/" "/usr/local/etc/certificate/LogCenter/pkg-LogCenter/" "/usr/local/etc/certificate/ReplicationService/snapshot_receiver/" "/usr/syno/etc/certificate/smbftpd/ftpd/" "/usr/syno/etc/certificate/AppPortal/VideoStation_AltPort/" "/usr/syno/etc/certificate/AppPortal/SynologyPhotos_AltPort/" "/usr/syno/etc/certificate/AppPortal/SynologyDrive_AltPort/" "/usr/syno/etc/certificate/kmip/kmip" ) # 获取默认证书目录名（用于定位 _archive 目录） default_dir_name=$(</usr/syno/etc/certificate/_archive/DEFAULT) if [[ -n "$default_dir_name" ]]; then target_cert_dirs+=("/usr/syno/etc/certificate/_archive/${default_dir_name}") debug "找到默认证书归档目录: '/usr/syno/etc/certificate/_archive/${default_dir_name}'" else warn "⚠️未找到默认证书归档目录，请检查 '/usr/syno/etc/certificate/_archive/DEFAULT'" fi # 查找所有反向代理证书目录并加入目标列表 for proxy in /usr/syno/etc/certificate/ReverseProxy/*/ do debug "发现反向代理证书目录: ${proxy}" target_cert_dirs+=("${proxy}") done [[ "${DEBUG}" ]] && set -x # 显示调试命令（仅当 DEBUG=1 时） # === 复制证书到各个目标目录 === for target_dir in "${target_cert_dirs[@]}" do if [[ ! -d "$target_dir" ]]; then debug "⚠️目标证书目录 '$target_dir' 不存在，跳过..." continue fi info "正在复制证书到目录: $target_dir" # 只复制证书文件，不更改权限或属主 cp -f "${certs_src_dir}/"{privkey,fullchain,cert}.pem "$target_dir/" || warn "⚠️ 无法复制证书到目录: $target_dir" done # === 重启相关服务使证书生效 === # 通用服务重启函数（带成功/失败提示） restart_service() { local service="$1" /usr/syno/bin/synosystemctl restart "$service" \ && info "✅ 已重启服务: $service" \ || warn "⚠️ 重启服务失败: $service" } # 重启基础网络服务(根据自身需求注释) #restart_service ftpd #restart_service avahi #restart_service ldap-server # 有条件地重启插件服务（只在运行时重启） restart_if_running() { local package="$1" if /usr/syno/bin/synopkg status "$package" | grep -q 'running'; then /usr/syno/bin/synopkg restart "$package" info "✅ 已重启插件: $package" else debug "插件未运行，跳过重启: $package" fi } #根据自身安装的套件做相应的注释 restart_if_running ScsiTarget #restart_if_running WebDAVServer #restart_if_running ReplicationService restart_if_running LogCenter #restart_if_running ActiveBackup #restart_if_running SynologyPhotos #restart_if_running VideoStation #restart_if_running SynologyDrive # 更新 Web 服务器配置并重启 nginx /usr/syno/bin/synow3tool --gen-all /usr/syno/bin/synow3tool --nginx=reload /usr/syno/bin/synow3tool --restart-dsm-service # === 脚本执行完毕 === info "🎉 证书更新与服务重启已完成！" ``` 通过dsm web手动更新证书的话，看到/var/log/system.log ``` 2025-06-01T23:10:18+08:00 NAS systemd[1]: Reloaded FTP Daemon. 2025-06-01T23:10:19+08:00 NAS systemd[1]: Stopping Log Center syslog server... 2025-06-01T23:10:20+08:00 NAS systemd[1]: Reloaded Log Center package daemon. 2025-06-01T23:10:20+08:00 NAS systemd[1]: Starting Log Center syslog server... 2025-06-01T23:10:20+08:00 NAS systemd[1]: Reloaded Log Center package daemon. 2025-06-01T23:10:20+08:00 NAS systemd[1]: Started Log Center syslog server. 2025-06-01T23:10:21+08:00 NAS systemd[1]: Stopping Synology Storage Console Server... 2025-06-01T23:10:21+08:00 NAS systemd[1]: Started Synology Storage Console Server. 2025-06-01T23:10:21+08:00 NAS systemd[1]: Starting Synology Storage Console Server... 2025-06-01T23:10:21+08:00 NAS systemd[1]: Reloaded Nginx. 2025-06-01T23:10:22+08:00 NAS systemd[1]: Reloaded Nginx. 2025-06-01T23:10:22+08:00 NAS systemd[1]: Reloaded Nginx. 2025-06-01T23:10:25+08:00 NAS systemd[6875]: SYSTEM: Last message 'Reloaded Nginx.' repeated 7 times, suppressed by syslog-ng on NAS 2025-06-01T23:10:24+08:00 NAS systemd[1]: Reloaded synorelay daemon. 2025-06-01T23:10:25+08:00 NAS systemd[1]: Reloaded Nginx. 2025-06-01T23:10:25+08:00 NAS systemd[1]: Reloaded synorelay daemon. 2025-06-01T23:10:26+08:00 NAS systemd[1]: Reloaded Nginx. ``` 所以好像没有必要重启那么多服务或者套件。

kerem commented 2026-03-03 01:01:57 +03:00

Author

Owner

Copy link

@charley008 commented on GitHub (Jun 5, 2025):

新增验证证书文件是否需要替换

#!/bin/bash
# *** 需要 root 权限 ***
# 把新证书privkey.pem,fullchain.pem,cert.pem上传到 /usr/syno/etc/certificate/system/default 目录下

DEBUG=1 # 开启调试模式（设为0则关闭）

error_exit() { echo "[ERROR] $1"; exit 1; }  # 错误退出函数
warn() { echo "[WARN] $1"; } # 警告信息函数
info() { echo "[INFO] $1"; } # 普通信息输出
debug() { [[ "${DEBUG}" ]] && echo "[DEBUG] $1"; }  # 调试信息输出

certs_src_dir="/usr/syno/etc/certificate/system/default" # 默认系统证书存放路径（请将新证书上传到这里）

# 其他需要更新证书的目录列表
target_cert_dirs=(
  "/usr/local/etc/certificate/ScsiTarget/pkg-scsi-plugin-server/"
  "/usr/local/etc/certificate/SynologyDrive/SynologyDrive/"
  "/usr/local/etc/certificate/WebDAVServer/webdav/"
  "/usr/local/etc/certificate/ActiveBackup/ActiveBackup/"
  "/usr/local/etc/certificate/LogCenter/pkg-LogCenter/"
  "/usr/local/etc/certificate/ReplicationService/snapshot_receiver/"
  "/usr/syno/etc/certificate/smbftpd/ftpd/"
  "/usr/syno/etc/certificate/AppPortal/VideoStation_AltPort/"
  "/usr/syno/etc/certificate/AppPortal/SynologyPhotos_AltPort/"
  "/usr/syno/etc/certificate/AppPortal/SynologyDrive_AltPort/"
  "/usr/syno/etc/certificate/kmip/kmip"
)

# 获取默认证书目录名（用于定位 _archive 目录）
default_dir_name=$(</usr/syno/etc/certificate/_archive/DEFAULT)
if [[ -n "$default_dir_name" ]]; then
target_cert_dirs+=("/usr/syno/etc/certificate/_archive/${default_dir_name}")
debug "找到默认证书归档目录: '/usr/syno/etc/certificate/_archive/${default_dir_name}'"
else
warn "⚠️未找到默认证书归档目录，请检查 '/usr/syno/etc/certificate/_archive/DEFAULT'"
fi
 
# 查找所有反向代理证书目录并加入目标列表
for proxy in /usr/syno/etc/certificate/ReverseProxy/*/
do
debug "发现反向代理证书目录: ${proxy}"
target_cert_dirs+=("${proxy}")
done
 

 [[ "${DEBUG}" ]] && set -x  # 显示调试命令（仅当 DEBUG=1 时）
 
 # === 复制证书到各个目标目录 ===
# === 复制证书到各个目标目录（仅当内容变更时） ===
cert_changed=0  # 标记是否有证书被更新
for target_dir in "${target_cert_dirs[@]}"; do
  if [[ ! -d "$target_dir" ]]; then
    debug "⚠️目标证书目录 '$target_dir' 不存在，跳过..."
    continue
  fi

  src_cert="${certs_src_dir}/cert.pem"
  dst_cert="${target_dir}/cert.pem"

  if [[ -f "$dst_cert" ]]; then
    src_md5=$(md5sum "$src_cert" | awk '{print $1}')
    dst_md5=$(md5sum "$dst_cert" | awk '{print $1}')
    if [[ "$src_md5" == "$dst_md5" ]]; then
      debug "目标目录 '$target_dir' 的证书未变更，跳过复制。"
      continue
    fi
  fi

  info "正在复制证书到目录: $target_dir"
  cp -f "${certs_src_dir}/"{privkey,fullchain,cert}.pem "$target_dir/" ||
    warn "⚠️ 无法复制证书到目录: $target_dir"

# 设置文件所有者和权限
  chown root:root "$target_dir"/{privkey,fullchain,cert}.pem
  chmod 400 "$target_dir"/{privkey,fullchain,cert}.pem
  cert_changed=1  # 标记为已更新
done


 # === 重启相关服务使证书生效 ===
 # 通用服务重启函数（带成功/失败提示）
if [[ "$cert_changed" -eq 1 ]]; then
restart_service() {
local service="$1"
/usr/syno/bin/synosystemctl restart "$service" \
&& info "✅ 已重启服务: $service" \
|| warn "⚠️ 重启服务失败: $service"
}
 
 # 重启基础网络服务
restart_service ftpd
 
# 有条件地重启插件服务（只在运行时重启）
restart_if_running() {
local package="$1"
if /usr/syno/bin/synopkg status "$package" | grep -q 'running'; then
/usr/syno/bin/synopkg restart "$package"
info "✅ 已重启插件: $package"
else
debug "插件未运行，跳过重启: $package"
fi
}

restart_if_running ScsiTarget
#restart_if_running WebDAVServer
#restart_if_running ReplicationService
restart_if_running LogCenter
#restart_if_running ActiveBackup
#restart_if_running SynologyPhotos
#restart_if_running VideoStation
#restart_if_running SynologyDrive

 # 更新 Web 服务器配置并重启 nginx
/usr/syno/bin/synow3tool --gen-all
/usr/syno/bin/synow3tool --nginx=reload
/usr/syno/bin/synow3tool --restart-dsm-service
 # === 脚本执行完毕 ===
 info "🎉 证书更新与服务重启已完成！"
 else
  info "证书未发生变化，跳过服务重启。"
fi

<!-- gh-comment-id:2942404766 --> @charley008 commented on GitHub (Jun 5, 2025): 新增验证证书文件是否需要替换 ``` #!/bin/bash # *** 需要 root 权限 *** # 把新证书privkey.pem,fullchain.pem,cert.pem上传到 /usr/syno/etc/certificate/system/default 目录下 DEBUG=1 # 开启调试模式（设为0则关闭） error_exit() { echo "[ERROR] $1"; exit 1; } # 错误退出函数 warn() { echo "[WARN] $1"; } # 警告信息函数 info() { echo "[INFO] $1"; } # 普通信息输出 debug() { [[ "${DEBUG}" ]] && echo "[DEBUG] $1"; } # 调试信息输出 certs_src_dir="/usr/syno/etc/certificate/system/default" # 默认系统证书存放路径（请将新证书上传到这里） # 其他需要更新证书的目录列表 target_cert_dirs=( "/usr/local/etc/certificate/ScsiTarget/pkg-scsi-plugin-server/" "/usr/local/etc/certificate/SynologyDrive/SynologyDrive/" "/usr/local/etc/certificate/WebDAVServer/webdav/" "/usr/local/etc/certificate/ActiveBackup/ActiveBackup/" "/usr/local/etc/certificate/LogCenter/pkg-LogCenter/" "/usr/local/etc/certificate/ReplicationService/snapshot_receiver/" "/usr/syno/etc/certificate/smbftpd/ftpd/" "/usr/syno/etc/certificate/AppPortal/VideoStation_AltPort/" "/usr/syno/etc/certificate/AppPortal/SynologyPhotos_AltPort/" "/usr/syno/etc/certificate/AppPortal/SynologyDrive_AltPort/" "/usr/syno/etc/certificate/kmip/kmip" ) # 获取默认证书目录名（用于定位 _archive 目录） default_dir_name=$(</usr/syno/etc/certificate/_archive/DEFAULT) if [[ -n "$default_dir_name" ]]; then target_cert_dirs+=("/usr/syno/etc/certificate/_archive/${default_dir_name}") debug "找到默认证书归档目录: '/usr/syno/etc/certificate/_archive/${default_dir_name}'" else warn "⚠️未找到默认证书归档目录，请检查 '/usr/syno/etc/certificate/_archive/DEFAULT'" fi # 查找所有反向代理证书目录并加入目标列表 for proxy in /usr/syno/etc/certificate/ReverseProxy/*/ do debug "发现反向代理证书目录: ${proxy}" target_cert_dirs+=("${proxy}") done [[ "${DEBUG}" ]] && set -x # 显示调试命令（仅当 DEBUG=1 时） # === 复制证书到各个目标目录 === # === 复制证书到各个目标目录（仅当内容变更时） === cert_changed=0 # 标记是否有证书被更新 for target_dir in "${target_cert_dirs[@]}"; do if [[ ! -d "$target_dir" ]]; then debug "⚠️目标证书目录 '$target_dir' 不存在，跳过..." continue fi src_cert="${certs_src_dir}/cert.pem" dst_cert="${target_dir}/cert.pem" if [[ -f "$dst_cert" ]]; then src_md5=$(md5sum "$src_cert" | awk '{print $1}') dst_md5=$(md5sum "$dst_cert" | awk '{print $1}') if [[ "$src_md5" == "$dst_md5" ]]; then debug "目标目录 '$target_dir' 的证书未变更，跳过复制。" continue fi fi info "正在复制证书到目录: $target_dir" cp -f "${certs_src_dir}/"{privkey,fullchain,cert}.pem "$target_dir/" || warn "⚠️ 无法复制证书到目录: $target_dir" # 设置文件所有者和权限 chown root:root "$target_dir"/{privkey,fullchain,cert}.pem chmod 400 "$target_dir"/{privkey,fullchain,cert}.pem cert_changed=1 # 标记为已更新 done # === 重启相关服务使证书生效 === # 通用服务重启函数（带成功/失败提示） if [[ "$cert_changed" -eq 1 ]]; then restart_service() { local service="$1" /usr/syno/bin/synosystemctl restart "$service" \ && info "✅ 已重启服务: $service" \ || warn "⚠️ 重启服务失败: $service" } # 重启基础网络服务 restart_service ftpd # 有条件地重启插件服务（只在运行时重启） restart_if_running() { local package="$1" if /usr/syno/bin/synopkg status "$package" | grep -q 'running'; then /usr/syno/bin/synopkg restart "$package" info "✅ 已重启插件: $package" else debug "插件未运行，跳过重启: $package" fi } restart_if_running ScsiTarget #restart_if_running WebDAVServer #restart_if_running ReplicationService restart_if_running LogCenter #restart_if_running ActiveBackup #restart_if_running SynologyPhotos #restart_if_running VideoStation #restart_if_running SynologyDrive # 更新 Web 服务器配置并重启 nginx /usr/syno/bin/synow3tool --gen-all /usr/syno/bin/synow3tool --nginx=reload /usr/syno/bin/synow3tool --restart-dsm-service # === 脚本执行完毕 === info "🎉 证书更新与服务重启已完成！" else info "证书未发生变化，跳过服务重启。" fi ```

kerem commented 2026-03-03 01:01:57 +03:00

Author

Owner

Copy link

@LuCatIsFun commented on GitHub (Aug 12, 2025):

@zczc0417 nmbd服务不存在，/usr/syno/etc/certificate/system/FQDN 目录不存在，我的是dsm7.2.1，我对你的脚本做了相应修改。

#!/bin/bash
# *** 需要 root 权限 ***
# 把新证书privkey.pem,fullchain.pem,cert.pem上传到 /usr/syno/etc/certificate/system/default 目录下

DEBUG=1 # 开启调试模式（设为0则关闭）

error_exit() { echo "[ERROR] $1"; exit 1; }  # 错误退出函数
warn() { echo "[WARN] $1"; } # 警告信息函数
info() { echo "[INFO] $1"; } # 普通信息输出
debug() { [[ "${DEBUG}" ]] && echo "[DEBUG] $1"; }  # 调试信息输出

certs_src_dir="/usr/syno/etc/certificate/system/default" # 默认系统证书存放路径（请将新证书上传到这里）

# 其他需要更新证书的目录列表
target_cert_dirs=(
  "/usr/local/etc/certificate/ScsiTarget/pkg-scsi-plugin-server/"
  "/usr/local/etc/certificate/SynologyDrive/SynologyDrive/"
  "/usr/local/etc/certificate/WebDAVServer/webdav/"
  "/usr/local/etc/certificate/ActiveBackup/ActiveBackup/"
  "/usr/local/etc/certificate/LogCenter/pkg-LogCenter/"
  "/usr/local/etc/certificate/ReplicationService/snapshot_receiver/"
  "/usr/syno/etc/certificate/smbftpd/ftpd/"
  "/usr/syno/etc/certificate/AppPortal/VideoStation_AltPort/"
  "/usr/syno/etc/certificate/AppPortal/SynologyPhotos_AltPort/"
  "/usr/syno/etc/certificate/AppPortal/SynologyDrive_AltPort/"
  "/usr/syno/etc/certificate/kmip/kmip"
)

# 获取默认证书目录名（用于定位 _archive 目录）
default_dir_name=$(</usr/syno/etc/certificate/_archive/DEFAULT)
if [[ -n "$default_dir_name" ]]; then
target_cert_dirs+=("/usr/syno/etc/certificate/_archive/${default_dir_name}")
debug "找到默认证书归档目录: '/usr/syno/etc/certificate/_archive/${default_dir_name}'"
else
warn "⚠️未找到默认证书归档目录，请检查 '/usr/syno/etc/certificate/_archive/DEFAULT'"
fi
 
# 查找所有反向代理证书目录并加入目标列表
for proxy in /usr/syno/etc/certificate/ReverseProxy/*/
do
debug "发现反向代理证书目录: ${proxy}"
target_cert_dirs+=("${proxy}")
done
 

 [[ "${DEBUG}" ]] && set -x  # 显示调试命令（仅当 DEBUG=1 时）
 
 # === 复制证书到各个目标目录 ===
 for target_dir in "${target_cert_dirs[@]}"
do
if [[ ! -d "$target_dir" ]]; then
debug "⚠️目标证书目录 '$target_dir' 不存在，跳过..."
continue
fi
info "正在复制证书到目录: $target_dir"
 
 # 只复制证书文件，不更改权限或属主
cp -f "${certs_src_dir}/"{privkey,fullchain,cert}.pem "$target_dir/" ||
warn "⚠️ 无法复制证书到目录: $target_dir"
done

 # === 重启相关服务使证书生效 ===
 # 通用服务重启函数（带成功/失败提示）
restart_service() {
local service="$1"
/usr/syno/bin/synosystemctl restart "$service" \
&& info "✅ 已重启服务: $service" \
|| warn "⚠️ 重启服务失败: $service"
}
 
 # 重启基础网络服务
restart_service ftpd
 
# 有条件地重启插件服务（只在运行时重启）
restart_if_running() {
local package="$1"
if /usr/syno/bin/synopkg status "$package" | grep -q 'running'; then
/usr/syno/bin/synopkg restart "$package"
info "✅ 已重启插件: $package"
else
debug "插件未运行，跳过重启: $package"
fi
}

restart_if_running ScsiTarget
#restart_if_running WebDAVServer
#restart_if_running ReplicationService
restart_if_running LogCenter
#restart_if_running ActiveBackup
#restart_if_running SynologyPhotos
#restart_if_running VideoStation
#restart_if_running SynologyDrive

 # 更新 Web 服务器配置并重启 nginx
/usr/syno/bin/synow3tool --gen-all
/usr/syno/bin/synow3tool --nginx=reload
/usr/syno/bin/synow3tool --restart-dsm-service
 # === 脚本执行完毕 ===
 info "🎉 证书更新与服务重启已完成！"

通过dsm web手动更新证书的话，看到/var/log/system.log 2025-06-01T23:10:18+08:00 NAS systemd[1]: Reloaded FTP Daemon. 2025-06-01T23:10:19+08:00 NAS systemd[1]: Stopping Log Center syslog server... 2025-06-01T23:10:20+08:00 NAS systemd[1]: Reloaded Log Center package daemon. 2025-06-01T23:10:20+08:00 NAS systemd[1]: Starting Log Center syslog server... 2025-06-01T23:10:20+08:00 NAS systemd[1]: Reloaded Log Center package daemon. 2025-06-01T23:10:20+08:00 NAS systemd[1]: Started Log Center syslog server. 2025-06-01T23:10:21+08:00 NAS systemd[1]: Stopping Synology Storage Console Server... 2025-06-01T23:10:21+08:00 NAS systemd[1]: Started Synology Storage Console Server. 2025-06-01T23:10:21+08:00 NAS systemd[1]: Starting Synology Storage Console Server... 2025-06-01T23:10:21+08:00 NAS systemd[1]: Reloaded Nginx. 2025-06-01T23:10:22+08:00 NAS systemd[1]: Reloaded Nginx. 2025-06-01T23:10:22+08:00 NAS systemd[1]: Reloaded Nginx. 2025-06-01T23:10:25+08:00 NAS systemd[6875]: SYSTEM: Last message 'Reloaded Nginx.' repeated 7 times, suppressed by syslog-ng on NAS 2025-06-01T23:10:24+08:00 NAS systemd[1]: Reloaded synorelay daemon. 2025-06-01T23:10:25+08:00 NAS systemd[1]: Reloaded Nginx. 2025-06-01T23:10:25+08:00 NAS systemd[1]: Reloaded synorelay daemon. 2025-06-01T23:10:26+08:00 NAS systemd[1]: Reloaded Nginx. 所以好像没有必要重启那么多服务或者套件。

补充一点，昨天凌晨按计划执行的完之后我的nas温度超过了90°，导致关机，具体原因还没查到

亲测可用，可以参考这个配置

<!-- gh-comment-id:3179877693 --> @LuCatIsFun commented on GitHub (Aug 12, 2025): > [@zczc0417](https://github.com/zczc0417) nmbd服务不存在，/usr/syno/etc/certificate/system/FQDN 目录不存在，我的是dsm7.2.1，我对你的脚本做了相应修改。 > > ``` > #!/bin/bash > # *** 需要 root 权限 *** > # 把新证书privkey.pem,fullchain.pem,cert.pem上传到 /usr/syno/etc/certificate/system/default 目录下 > > DEBUG=1 # 开启调试模式（设为0则关闭） > > error_exit() { echo "[ERROR] $1"; exit 1; } # 错误退出函数 > warn() { echo "[WARN] $1"; } # 警告信息函数 > info() { echo "[INFO] $1"; } # 普通信息输出 > debug() { [[ "${DEBUG}" ]] && echo "[DEBUG] $1"; } # 调试信息输出 > > certs_src_dir="/usr/syno/etc/certificate/system/default" # 默认系统证书存放路径（请将新证书上传到这里） > > # 其他需要更新证书的目录列表 > target_cert_dirs=( > "/usr/local/etc/certificate/ScsiTarget/pkg-scsi-plugin-server/" > "/usr/local/etc/certificate/SynologyDrive/SynologyDrive/" > "/usr/local/etc/certificate/WebDAVServer/webdav/" > "/usr/local/etc/certificate/ActiveBackup/ActiveBackup/" > "/usr/local/etc/certificate/LogCenter/pkg-LogCenter/" > "/usr/local/etc/certificate/ReplicationService/snapshot_receiver/" > "/usr/syno/etc/certificate/smbftpd/ftpd/" > "/usr/syno/etc/certificate/AppPortal/VideoStation_AltPort/" > "/usr/syno/etc/certificate/AppPortal/SynologyPhotos_AltPort/" > "/usr/syno/etc/certificate/AppPortal/SynologyDrive_AltPort/" > "/usr/syno/etc/certificate/kmip/kmip" > ) > > # 获取默认证书目录名（用于定位 _archive 目录） > default_dir_name=$(</usr/syno/etc/certificate/_archive/DEFAULT) > if [[ -n "$default_dir_name" ]]; then > target_cert_dirs+=("/usr/syno/etc/certificate/_archive/${default_dir_name}") > debug "找到默认证书归档目录: '/usr/syno/etc/certificate/_archive/${default_dir_name}'" > else > warn "⚠️未找到默认证书归档目录，请检查 '/usr/syno/etc/certificate/_archive/DEFAULT'" > fi > > # 查找所有反向代理证书目录并加入目标列表 > for proxy in /usr/syno/etc/certificate/ReverseProxy/*/ > do > debug "发现反向代理证书目录: ${proxy}" > target_cert_dirs+=("${proxy}") > done > > > [[ "${DEBUG}" ]] && set -x # 显示调试命令（仅当 DEBUG=1 时） > > # === 复制证书到各个目标目录 === > for target_dir in "${target_cert_dirs[@]}" > do > if [[ ! -d "$target_dir" ]]; then > debug "⚠️目标证书目录 '$target_dir' 不存在，跳过..." > continue > fi > info "正在复制证书到目录: $target_dir" > > # 只复制证书文件，不更改权限或属主 > cp -f "${certs_src_dir}/"{privkey,fullchain,cert}.pem "$target_dir/" || > warn "⚠️ 无法复制证书到目录: $target_dir" > done > > # === 重启相关服务使证书生效 === > # 通用服务重启函数（带成功/失败提示） > restart_service() { > local service="$1" > /usr/syno/bin/synosystemctl restart "$service" \ > && info "✅ 已重启服务: $service" \ > || warn "⚠️ 重启服务失败: $service" > } > > # 重启基础网络服务 > restart_service ftpd > > # 有条件地重启插件服务（只在运行时重启） > restart_if_running() { > local package="$1" > if /usr/syno/bin/synopkg status "$package" | grep -q 'running'; then > /usr/syno/bin/synopkg restart "$package" > info "✅ 已重启插件: $package" > else > debug "插件未运行，跳过重启: $package" > fi > } > > restart_if_running ScsiTarget > #restart_if_running WebDAVServer > #restart_if_running ReplicationService > restart_if_running LogCenter > #restart_if_running ActiveBackup > #restart_if_running SynologyPhotos > #restart_if_running VideoStation > #restart_if_running SynologyDrive > > # 更新 Web 服务器配置并重启 nginx > /usr/syno/bin/synow3tool --gen-all > /usr/syno/bin/synow3tool --nginx=reload > /usr/syno/bin/synow3tool --restart-dsm-service > # === 脚本执行完毕 === > info "🎉 证书更新与服务重启已完成！" > ``` > > 通过dsm web手动更新证书的话，看到/var/log/system.log 2025-06-01T23:10:18+08:00 NAS systemd[1]: Reloaded FTP Daemon. 2025-06-01T23:10:19+08:00 NAS systemd[1]: Stopping Log Center syslog server... 2025-06-01T23:10:20+08:00 NAS systemd[1]: Reloaded Log Center package daemon. 2025-06-01T23:10:20+08:00 NAS systemd[1]: Starting Log Center syslog server... 2025-06-01T23:10:20+08:00 NAS systemd[1]: Reloaded Log Center package daemon. 2025-06-01T23:10:20+08:00 NAS systemd[1]: Started Log Center syslog server. 2025-06-01T23:10:21+08:00 NAS systemd[1]: Stopping Synology Storage Console Server... 2025-06-01T23:10:21+08:00 NAS systemd[1]: Started Synology Storage Console Server. 2025-06-01T23:10:21+08:00 NAS systemd[1]: Starting Synology Storage Console Server... 2025-06-01T23:10:21+08:00 NAS systemd[1]: Reloaded Nginx. 2025-06-01T23:10:22+08:00 NAS systemd[1]: Reloaded Nginx. 2025-06-01T23:10:22+08:00 NAS systemd[1]: Reloaded Nginx. 2025-06-01T23:10:25+08:00 NAS systemd[6875]: SYSTEM: Last message 'Reloaded Nginx.' repeated 7 times, suppressed by syslog-ng on NAS 2025-06-01T23:10:24+08:00 NAS systemd[1]: Reloaded synorelay daemon. 2025-06-01T23:10:25+08:00 NAS systemd[1]: Reloaded Nginx. 2025-06-01T23:10:25+08:00 NAS systemd[1]: Reloaded synorelay daemon. 2025-06-01T23:10:26+08:00 NAS systemd[1]: Reloaded Nginx. 所以好像没有必要重启那么多服务或者套件。 > > 补充一点，昨天凌晨按计划执行的完之后我的nas温度超过了90°，导致关机，具体原因还没查到 亲测可用，可以参考这个配置 <img width="1464" height="744" alt="Image" src="https://github.com/user-attachments/assets/c38f1c8f-fc98-42c4-8f06-aaa89f2b3ffd" />

kerem referenced this issue 2026-03-03 01:06:40 +03:00

[PR #251] [MERGED] Support create secret, add cert annotations. #884

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

next

archive/v0.3

archive/v0.2

v0.4.21

v0.4.20

v0.4.19

v0.4.18

v0.4.17

v0.4.16

v0.4.15

v0.4.14

v0.4.13

v0.4.12

v0.4.11

v0.4.10

v0.4.9

v0.4.8

v0.4.7

v0.4.6

v0.4.5

v0.4.4

v0.4.3

v0.4.2

v0.4.1

v0.4.0

v0.3.27

v0.3.26

v0.3.25

v0.3.24

v0.3.23

v0.3.22

v0.3.21

v0.3.20

v0.3.19

v0.3.18

v0.3.17

v0.3.16

v0.3.15

v0.3.14

v0.3.13

v0.3.12

v0.3.11

v0.3.10

v0.3.9

v0.3.8

v0.3.7

v0.3.6

v0.3.5

v0.3.4

v0.3.3

v0.3.2

v0.3.1

v0.3.0

v0.2.24-beta

v0.2.23-beta

v0.2.21

v0.2.20

v0.2.19

v0.2.18

v0.2.17

v0.2.16

v0.2.15

v0.2.14

v0.2.13

v0.2.12

v0.2.11

v0.2.10

v0.2.9

v0.2.8

v0.2.7

v0.2.6

v0.2.5

v0.2.4

v0.2.3

v0.2.2

v0.2.1

v0.2.0

v0.1.19

v0.1.18

v0.1.17

v0.1.16

v0.1.15

v0.1.14

v0.1.13

v0.1.12

v0.1.11

v0.1.10

v0.1.9

v0.1.8

v0.1.7

v0.1.6

v0.1.5

v0.1.4

v0.1.3

v0.1.2

v0.1.1

v0.1.0

v0.0.1

Labels

Clear labels   

announcement

  

backlog

  

bug

  

declined

  

documentation

  

duplicate

  

enhancement

  

good first issue

  

good first issue

  

help wanted

  

invalid

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

stale

No labels

announcement

backlog

bug

declined

documentation

duplicate

enhancement

good first issue

good first issue

help wanted

invalid

pull-request

question

stale

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/certimate#251

No description provided.