Let's Encrypt automatically synchronizes Proxmox VE and DSM certificates after automatic renewal

Published: 2021-02-02

PVE Proxmox VE dsm HTTPS ssl sync Renew Certificate letsencrypt Certificate scp synology key PEM systemctl

Last time we talked about Let’s Encrypt通过DNS TXT记录来验证域名有效性, and the last part of the article was about how to use certbot renew for automatic renewal. Then the automatic renewal is successful, how to synchronize it to PVE and DSM?

Below we use a script to perform automatic synchronization.

Need to configure SSH password-free login on Proxmox VE and DSM servers

Automatically synchronize Proxmox VE certificate

Proxmox VE synchronized to this machine
Proxmox VE synchronized to LAN

cp /etc/letsencrypt/live/blog.margrop.net/fullchain.pem /etc/pve/local/pveproxy-ssl.pem
cp /etc/letsencrypt/live/blog.margrop.net/privkey.pem /etc/pve/local/pveproxy-ssl.key
systemctl restart pveproxy

scp  /etc/letsencrypt/live/blog.margrop.net/fullchain.pem root@192.168.1.155:/etc/pve/local/pveproxy-ssl.pem
scp  /etc/letsencrypt/live/blog.margrop.net/privkey.pem root@192.168.1.155:/etc/pve/local/pveproxy-ssl.key
ssh root@192.168.1.155 "systemctl restart pveproxy"

Automatically synchronize DSM certificates

DSM synchronized to LAN
gnEsPP in the script, the path of each Synology is different, please replace it according to the actual situation.

scp  /etc/letsencrypt/live/blog.margrop.net/fullchain.pem root@192.168.1.55:/usr/syno/etc/certificate/_archive/gnEsPP/fullchain.pem
scp  /etc/letsencrypt/live/blog.margrop.net/privkey.pem   root@192.168.1.55:/usr/syno/etc/certificate/_archive/gnEsPP/privkey.pem
scp  /etc/letsencrypt/live/blog.margrop.net/chain.pem     root@192.168.1.55:/usr/syno/etc/certificate/_archive/gnEsPP/chain.pem
scp  /etc/letsencrypt/live/blog.margrop.net/cert.pem      root@192.168.1.55:/usr/syno/etc/certificate/_archive/gnEsPP/cert.pem
scp  /etc/letsencrypt/live/blog.margrop.net/fullchain.pem root@192.168.1.55:/usr/syno/etc/certificate/system/default/fullchain.pem
scp  /etc/letsencrypt/live/blog.margrop.net/privkey.pem   root@192.168.1.55:/usr/syno/etc/certificate/system/default/privkey.pem
scp  /etc/letsencrypt/live/blog.margrop.net/chain.pem     root@192.168.1.55:/usr/syno/etc/certificate/system/default/chain.pem
scp  /etc/letsencrypt/live/blog.margrop.net/cert.pem      root@192.168.1.55:/usr/syno/etc/certificate/system/default/cert.pem