Inspired by Yannik's project and http://banduccm.blogspot.co.uk/.
- Login to your NAS and make sure the following Apps are installed:
- Git
- Python 2.7
- Make sure your NAS is reachable from the public internet under the domain you want to get a certificate for on port 80.
- Create a folder to store qnap-letsencrypt in under
/share/YOUR_DRIVE/
. Do not create it directly in/share/
, as it will be lost after a reboot! - Download and unzip QPython2. Install this by going to the App Center in the QNAP web interface, click on the cog icon and then follow the instructions in the popup.
By default, there is no ca-bundle (bundle of root certificates which we should trust) installed. Therefore we will have to download one manually.
-
On your local pc with an intact certificate store, run
curl -s https://curl.haxx.se/ca/cacert.pem | sha1sum
-
On your nas, in the directory you want to install qnap-letsencrypt in, run
wget --no-check-certificate https://curl.haxx.se/ca/cacert.pem sha1sum cacert.pem
-
Compare the hashes obtained in step 1 and 2, they must match.
-
On your nas, in the directory you were in before
git config --system http.sslVerify true git config --system http.sslCAinfo cacert.pem git clone https://github.com/szech/qnap-letsencrypt.git mv cacert.pem qnap-letsencrypt cd qnap-letsencrypt git config --system http.sslCAinfo cacert.pem
-
Edit
renew_certificate
and put your own values in theVARIABLES
section -
mv /etc/stunnel/stunnel.pem /etc/stunnel/stunnel.pem.orig
(backup, though we can always recover through the web gui) -
Run
renew_certificate.sh
-
Create a cronjob to run
renew_certificate.sh
every night, which will renew your certificate if it has less than 30 days leftAdd this to
/etc/config/crontab
:30 3 * * * cd /share/YOUR_INSTALL_LOCATION/qnap-letsencrypt/ && ./renew_certificate.sh >> ./renew_certificate.log 2>&1
Then run:
crontab /etc/config/crontab /etc/init.d/crond.sh restart
I am just running the default Qnap web server on a custom domain. I had some problems getting the python web server working in Yannik's project, so i decided to fork and pursue a different approach.
- we install custom package QPython2 so we can run the letsencrypt client natively. This means we don't run the Python web server, or the acme-tiny client. QPython2 is a 1GB monster that has a lot more than what we need, but i did not find any other convenient source for the letsencrypt client which does not run natively on qnap OS. QPython is sourced from here.
- only support for one domain; you are welcome to fork and figure out your own approach ;-)
letsencrypt seems to have some broken dependencies in 2_2.7.11.0.1 and isn't working.
I'm no expert, please respond if you have some feedback for me.
Please open a pull request!
GPLv2