[{"data":1,"prerenderedAt":374},["ShallowReactive",2],{"navigation":3,"post-\u002Fposts\u002F2021\u002Fsynology-letsencrypt-multiple-domain-cert-configuration":20,"surroundPosts-\u002Fposts\u002F2021\u002Fsynology-letsencrypt-multiple-domain-cert-configuration":362},[4,8,12,16],{"title":5,"path":6,"stem":7},"首页","\u002F","00.index",{"title":9,"path":10,"stem":11},"文章","\u002Fposts","01.posts",{"title":13,"path":14,"stem":15},"动态","\u002Fmoments","02.moments",{"title":17,"path":18,"stem":19},"关于","\u002Fabout","09.about",{"id":21,"title":22,"body":23,"class":339,"cover":340,"coverSize":339,"date":341,"description":342,"draft":343,"extension":344,"hideComments":343,"location":339,"meta":345,"navigation":346,"path":347,"readingTime":348,"seo":353,"sitemap":354,"stem":355,"tags":356,"time":339,"weather":339,"__hash__":361},"posts\u002Fposts\u002F2021\u002F20210108.synology-letsencrypt-multiple-domain-cert-configuration.md","群晖 Let's Encrypt 配置多个泛域名 SSL 证书自动更新",{"type":24,"value":25,"toc":337},"minimark",[26,42,69,72,79,126,132,320,330,333],[27,28,29,30,37,38,41],"p",{},"之前一直用的 ",[31,32,36],"a",{"href":33,"rel":34},"https:\u002F\u002Fgithub.com\u002Fandyzhshg\u002Fsyno-acme",[35],"nofollow","syno-acme"," 配合群晖的计划任务实现泛域名 SSL 证书的更新，但是最近想切换域名，但是又要保持原有域名一段时间可用。",[39,40,36],"code",{}," 的方案只支持默认证书的配置，群晖上多个证书的配置确实比较麻烦，几年前也折腾过。",[27,43,44,45,47,48,53,54,56,57,62,63,68],{},"不过调研了下发现，Let's Encrypt 支持将多个域名绑定到同一个证书里，于是找了下解决方案，果然有位兄弟基于 ",[39,46,36],{}," 做了些",[31,49,52],{"href":50,"rel":51},"https:\u002F\u002F10001blog.xslinc.com\u002F?p=89",[35],"修改","，支持多个域名。不过这位兄弟是 Hard Code 的，不够通用化，于是对 ",[39,55,36],{}," 做了些改进，并提交了 ",[31,58,61],{"href":59,"rel":60},"https:\u002F\u002Fgithub.com\u002Fandyzhshg\u002Fsyno-acme\u002Fpull\u002F58",[35],"Pull request","，希望对大家有帮助，",[31,64,67],{"href":65,"rel":66},"https:\u002F\u002Fgithub.com\u002FHADB\u002Fsyno-acme",[35],"Fork 仓库","。",[27,70,71],{},"主要修改内容：",[27,73,74,75,78],{},"配置时可通过逗号分隔多个域名，",[39,76,77],{},"config"," 如下：",[80,81,86],"pre",{"className":82,"code":83,"language":84,"meta":85,"style":85},"language-shell shiki shiki-themes material-theme-lighter github-light github-dark","# 你域名，如 baidu.com sina.com.cn 等，多个域名之间逗号分隔，支持泛域名\nexport DOMAIN=your_domain1,*.your_domain1,your_domain2,*.your_domain2\n","shell","",[39,87,88,97],{"__ignoreMap":85},[89,90,93],"span",{"class":91,"line":92},"line",1,[89,94,96],{"class":95},"sutJx","# 你域名，如 baidu.com sina.com.cn 等，多个域名之间逗号分隔，支持泛域名\n",[89,98,100,104,108,112,115,118,121,123],{"class":91,"line":99},2,[89,101,103],{"class":102},"sbsja","export",[89,105,107],{"class":106},"su5hD"," DOMAIN",[89,109,111],{"class":110},"smGrS","=",[89,113,114],{"class":106},"your_domain1,",[89,116,117],{"class":110},"*",[89,119,120],{"class":106},".your_domain1,your_domain2,",[89,122,117],{"class":110},[89,124,125],{"class":106},".your_domain2\n",[27,127,128,131],{},[39,129,130],{},"cert-up.sh"," 主要修改了如下的地方：",[80,133,135],{"className":82,"code":134,"language":84,"meta":85,"style":85},"for d in ${DOMAIN\u002F\u002F,\u002F }\ndo\n  domain_params=\"${domain_params} -d ${d}\"\ndone\n${ACME_BIN_PATH}\u002Facme.sh --force --log --issue --dns ${DNS} --dnssleep ${DNS_SLEEP} ${domain_params}\n${ACME_BIN_PATH}\u002Facme.sh --force --installcert ${domain_params} \\\n  --certpath ${CRT_PATH}\u002Fcert.pem \\\n  --key-file ${CRT_PATH}\u002Fprivkey.pem \\\n  --fullchain-file ${CRT_PATH}\u002Ffullchain.pem\n",[39,136,137,167,172,203,209,246,268,287,305],{"__ignoreMap":85},[89,138,139,143,146,149,153,156,159,162,164],{"class":91,"line":92},[89,140,142],{"class":141},"sVHd0","for",[89,144,145],{"class":106}," d ",[89,147,148],{"class":141},"in",[89,150,152],{"class":151},"sP7_E"," ${",[89,154,155],{"class":106},"DOMAIN",[89,157,158],{"class":110},"\u002F\u002F",[89,160,161],{"class":106},",",[89,163,6],{"class":110},[89,165,166],{"class":151}," }\n",[89,168,169],{"class":91,"line":99},[89,170,171],{"class":141},"do\n",[89,173,175,178,180,184,187,190,194,197,200],{"class":91,"line":174},3,[89,176,177],{"class":106},"  domain_params",[89,179,111],{"class":110},[89,181,183],{"class":182},"sjJ54","\"${",[89,185,186],{"class":106},"domain_params",[89,188,189],{"class":182},"}",[89,191,193],{"class":192},"s_sjI"," -d ",[89,195,196],{"class":182},"${",[89,198,199],{"class":106},"d",[89,201,202],{"class":182},"}\"\n",[89,204,206],{"class":91,"line":205},4,[89,207,208],{"class":141},"done\n",[89,210,212,214,217,219,222,224,227,229,232,234,237,239,241,243],{"class":91,"line":211},5,[89,213,196],{"class":151},[89,215,216],{"class":106},"ACME_BIN_PATH",[89,218,189],{"class":151},[89,220,221],{"class":106},"\u002Facme.sh --force --log --issue --dns ",[89,223,196],{"class":151},[89,225,226],{"class":106},"DNS",[89,228,189],{"class":151},[89,230,231],{"class":106}," --dnssleep ",[89,233,196],{"class":151},[89,235,236],{"class":106},"DNS_SLEEP",[89,238,189],{"class":151},[89,240,152],{"class":151},[89,242,186],{"class":106},[89,244,245],{"class":151},"}\n",[89,247,249,251,253,255,258,260,262,264],{"class":91,"line":248},6,[89,250,196],{"class":151},[89,252,216],{"class":106},[89,254,189],{"class":151},[89,256,257],{"class":106},"\u002Facme.sh --force --installcert ",[89,259,196],{"class":151},[89,261,186],{"class":106},[89,263,189],{"class":151},[89,265,267],{"class":266},"s_hVV"," \\\n",[89,269,271,275,277,280,282,285],{"class":91,"line":270},7,[89,272,274],{"class":273},"sbgvK","  --certpath",[89,276,152],{"class":151},[89,278,279],{"class":106},"CRT_PATH",[89,281,189],{"class":151},[89,283,284],{"class":192},"\u002Fcert.pem",[89,286,267],{"class":266},[89,288,290,294,296,298,300,303],{"class":91,"line":289},8,[89,291,293],{"class":292},"stzsN","  --key-file",[89,295,152],{"class":151},[89,297,279],{"class":106},[89,299,189],{"class":151},[89,301,302],{"class":192},"\u002Fprivkey.pem",[89,304,267],{"class":266},[89,306,308,311,313,315,317],{"class":91,"line":307},9,[89,309,310],{"class":292},"  --fullchain-file",[89,312,152],{"class":151},[89,314,279],{"class":106},[89,316,189],{"class":151},[89,318,319],{"class":192},"\u002Ffullchain.pem\n",[27,321,322,323,325,326,329],{},"通过逗号分隔 ",[39,324,155],{}," 中的多个域名，并循环拼接多个 ",[39,327,328],{},"-d"," 参数即可。",[27,331,332],{},"这么修改后，群晖就可以愉快的支持多个主域名的 SSL 证书啦，爽！",[334,335,336],"style",{},"html pre.shiki code .sutJx, html code.shiki .sutJx{--shiki-light:#90A4AE;--shiki-light-font-style:italic;--shiki-default:#6A737D;--shiki-default-font-style:inherit;--shiki-dark:#6A737D;--shiki-dark-font-style:inherit}html pre.shiki code .sbsja, html code.shiki .sbsja{--shiki-light:#9C3EDA;--shiki-default:#D73A49;--shiki-dark:#F97583}html pre.shiki code .su5hD, html code.shiki .su5hD{--shiki-light:#90A4AE;--shiki-default:#24292E;--shiki-dark:#E1E4E8}html pre.shiki code .smGrS, html code.shiki .smGrS{--shiki-light:#39ADB5;--shiki-default:#D73A49;--shiki-dark:#F97583}html .light .shiki span {color: var(--shiki-light);background: var(--shiki-light-bg);font-style: var(--shiki-light-font-style);font-weight: var(--shiki-light-font-weight);text-decoration: var(--shiki-light-text-decoration);}html.light .shiki span {color: var(--shiki-light);background: var(--shiki-light-bg);font-style: var(--shiki-light-font-style);font-weight: var(--shiki-light-font-weight);text-decoration: var(--shiki-light-text-decoration);}html .default .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}html.dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}html pre.shiki code .sVHd0, html code.shiki .sVHd0{--shiki-light:#39ADB5;--shiki-light-font-style:italic;--shiki-default:#D73A49;--shiki-default-font-style:inherit;--shiki-dark:#F97583;--shiki-dark-font-style:inherit}html pre.shiki code .sP7_E, html code.shiki .sP7_E{--shiki-light:#39ADB5;--shiki-default:#24292E;--shiki-dark:#E1E4E8}html pre.shiki code .sjJ54, html code.shiki .sjJ54{--shiki-light:#39ADB5;--shiki-default:#032F62;--shiki-dark:#9ECBFF}html pre.shiki code .s_sjI, html code.shiki .s_sjI{--shiki-light:#91B859;--shiki-default:#032F62;--shiki-dark:#9ECBFF}html pre.shiki code .s_hVV, html code.shiki .s_hVV{--shiki-light:#90A4AE;--shiki-default:#005CC5;--shiki-dark:#79B8FF}html pre.shiki code .sbgvK, html code.shiki .sbgvK{--shiki-light:#E2931D;--shiki-default:#6F42C1;--shiki-dark:#B392F0}html pre.shiki code .stzsN, html code.shiki .stzsN{--shiki-light:#91B859;--shiki-default:#005CC5;--shiki-dark:#79B8FF}",{"title":85,"searchDepth":99,"depth":99,"links":338},[],null,"jpg","2021-01-08","之前一直用的 syno-acme 配合群晖的计划任务实现泛域名 SSL 证书的更新，但是最近想切换域名，但是又要保持原有域名一段时间可用。syno-acme 的方案只支持默认证书的配置，群晖上多个证书的配置确实比较麻烦，几年前也折腾过。",false,"md",{},true,"\u002Fposts\u002F2021\u002Fsynology-letsencrypt-multiple-domain-cert-configuration",{"text":349,"minutes":350,"time":351,"words":352},"2 min read",1.595,95700,319,{"title":22,"description":342},{"loc":347},"posts\u002F2021\u002F20210108.synology-letsencrypt-multiple-domain-cert-configuration",[357,358,359,360],"技术","群晖","NAS","HomeLab","9T15Ab9v8M2cX6qAsb3w1Oqj78Mu9pxorqz3fCUWoKo",[363,368],{"title":364,"path":365,"stem":366,"date":367,"description":85,"children":-1},"回顾 2021，展望 2022","\u002Fposts\u002F2022\u002Freview-2021-and-look-forward-to-2022","posts\u002F2022\u002F20220119.review-2021-and-look-forward-to-2022","2022-01-19",{"title":369,"path":370,"stem":371,"date":372,"description":373,"children":-1},"fastboot FAILED (remote: Operation not permitted) 的问题","\u002Fposts\u002F2021\u002Ffastboot-failed-remote-operation-not-permitted","posts\u002F2021\u002F20210105.fastboot-failed-remote-operation-not-permitted","2021-01-05","这两天买了台安卓测试设备，由于我们的项目需要系统签名，所以不得不重新刷系统。",1777580274222]