Let's Encrypt自动续期后自动同步Proxmox VE和DSM证书

上次我们讲了Let's Encrypt通过DNS TXT记录来验证域名有效性,其中文章最后写了,如何使用certbot renew进行自动续期。那自动续期成功了,如何同步到PVEDSM呢?

下面我们使用脚本来进行自动同步。

  • 需要在Proxmox VEDSM服务器配置SSH免密登录

自动同步Proxmox VE证书

  • 同步到本机的Proxmox VE
cp /etc/letsencrypt/live/blog.margrop.net/fullchain.pem /etc/pve/local/pveproxy-ssl.pem
cp /etc/letsencrypt/live/blog.margrop.net/privkey.pem /etc/pve/local/pveproxy-ssl.key
systemctl restart pveproxy
  • 同步到局域网的Proxmox VE
scp  /etc/letsencrypt/live/blog.margrop.net/fullchain.pem root@192.168.1.155:/etc/pve/local/pveproxy-ssl.pem
scp  /etc/letsencrypt/live/blog.margrop.net/privkey.pem root@192.168.1.155:/etc/pve/local/pveproxy-ssl.key
ssh root@192.168.1.155 "systemctl restart pveproxy"

自动同步DSM证书

  • 同步到局域网的DSM
  • 脚本里面的gnEsPP,每个群晖的路径都不一样,请根据实际情况自行替换。
scp  /etc/letsencrypt/live/blog.margrop.net/fullchain.pem root@192.168.1.55:/usr/syno/etc/certificate/_archive/gnEsPP/fullchain.pem
scp  /etc/letsencrypt/live/blog.margrop.net/privkey.pem   root@192.168.1.55:/usr/syno/etc/certificate/_archive/gnEsPP/privkey.pem
scp  /etc/letsencrypt/live/blog.margrop.net/chain.pem     root@192.168.1.55:/usr/syno/etc/certificate/_archive/gnEsPP/chain.pem
scp  /etc/letsencrypt/live/blog.margrop.net/cert.pem      root@192.168.1.55:/usr/syno/etc/certificate/_archive/gnEsPP/cert.pem
scp  /etc/letsencrypt/live/blog.margrop.net/fullchain.pem root@192.168.1.55:/usr/syno/etc/certificate/system/default/fullchain.pem
scp  /etc/letsencrypt/live/blog.margrop.net/privkey.pem   root@192.168.1.55:/usr/syno/etc/certificate/system/default/privkey.pem
scp  /etc/letsencrypt/live/blog.margrop.net/chain.pem     root@192.168.1.55:/usr/syno/etc/certificate/system/default/chain.pem
scp  /etc/letsencrypt/live/blog.margrop.net/cert.pem      root@192.168.1.55:/usr/syno/etc/certificate/system/default/cert.pem