telf3 · July 24, 2025 14:57 · Jul 24, 2025 · Oct 29, 2024 · Jul 8, 2024 · Jul 6, 2024
diff --git a/README.md b/README.md
@@ -1,35 +1,38 @@
-This will configure an Asustor NAS to use letsencrypt certificate without exposing it to the internet.  
-To achieve this we use certbot with DNS-01 challenge to Cloudflare.
+This will configure an Asustor NAS to use a Let's Encrypt certificate **without exposing it to the internet**.  
+To achieve this, we use Certbot with the DNS-01 challenge via Cloudflare.
 
-1. Setup cloudflare secret.
+> *I'm placing my configuration in `/volume1/system`. Feel free to change this to whatever location you prefer.*
+
+1. Set up Cloudflare credentials.
 ```shell
 mkdir /volume1/system/letsencrypt
 touch /volume1/system/letsencrypt/cloudflare.ini
 chown root:root /volume1/system/letsencrypt
 chmod 700 /volume1/system/letsencrypt
 chmod 600 /volume1/system/letsencrypt/cloudflare.ini
 ```
-Add the Cloudflare API key in this file:
+Add your Cloudflare API key to `cloudflare.ini` as described here:  
 https://certbot-dns-cloudflare.readthedocs.io/en/stable/#credentials
 
-2. Place install.sh and adm.deploy.sh in `/volume1/system/letsencrypt`
+2. Place `install.sh` and `adm-deploy.sh` in `/volume1/system/letsencrypt`
 
-3. Run install.sh to setup pip and certbot-dns-cloudflare. 
+3. Run `install.sh` to setup pip and certbot-dns-cloudflare. 
 
-3. Link script to letsencrypt deploy hook.
+3. Link `adm-deploy.sh` to letsencrypt deploy hook.
 ```shell
 ln -s /volume1/system/letsencrypt/adm-deploy.sh /volume0/usr/builtin/etc/letsencrypt/renewal-hooks/deploy/
 ```
 
-4. Generate certificate.
+4. Generate the certificate.  
+*Make sure to change `nas.mydomain.com` in `adm-deploy.sh` and in the below command to your FQDN*
 ```shell
 certbot certonly --config-dir=/volume0/usr/builtin/etc/letsencrypt \
   --dns-cloudflare --dns-cloudflare-credentials /volume1/system/letsencrypt/cloudflare.ini \
   --preferred-challenges dns-01 \
   -d nas.mydomain.com
 ```
 
-5. Add renew to crontab `/var/spool/cron/crontabs/root`
+5. Add renew to crontab, run `crontab -e` as root.
 ```shell
 @reboot /volume1/system/letsencrypt/install.sh && /usr/bin/certbot --config-dir=/volume0/usr/builtin/etc/letsencrypt renew
 0 6 * * * /usr/bin/certbot --config-dir=/volume0/usr/builtin/etc/letsencrypt renew

diff --git a/adm-deploy.sh b/adm-deploy.sh
@@ -11,4 +11,4 @@ TARGET=/volume0/usr/etc/lighttpd # ADM lighttpd web server ssl cert target direc
 cat $SOURCE/privkey.pem $SOURCE/cert.pem > $SOURCE/lighttpd.pem 
 cp -Lfv $SOURCE/lighttpd.pem $TARGET/lighttpd.pem 
 
-/etc/init.d/S41lighttpd restart 
+/etc/init.d/S41lighttpd restart
diff --git a/reverseproxy-deploy.sh b/reverseproxy-deploy.sh
@@ -0,0 +1,18 @@
+#!/usr/bin/env bash
+
+# Asustor NAS Let's Encrypt certificate renewal deploy shell script.
+# Place in this directory to run on successful renwal:
+# /volume0/usr/builtin/etc/letsencrypt/renewal-hooks/deploy
+# Certbot docs: https://certbot.eff.org/docs/using.html
+
+SOURCE=/volume0/usr/builtin/etc/letsencrypt/live/nas.domain.com # letsencrypt certificate
+TARGET=/volume0/usr/builtin/etc/certificate
+
+cat $SOURCE/privkey.pem $SOURCE/cert.pem > $SOURCE/ssl.pem
+cp -Lfv $SOURCE/cert.pem  $TARGET/ssl.crt
+cp -Lfv $SOURCE/privkey.pem $TARGET/ssl.key
+cp -Lfv $SOURCE/ssl.pem $TARGET/ssl.pem
+
+pkill nginx
+sleep 1
+/volume0/usr/builtin/sbin/nginx -c /volume0/usr/builtin/etc/nginx_reverse_proxy/nginx.conf
diff --git a/adm-deploy.sh b/adm-deploy.sh
@@ -5,7 +5,7 @@
 # /volume0/usr/builtin/etc/letsencrypt/renewal-hooks/deploy 
 # Certbot docs: https://certbot.eff.org/docs/using.html 
 
-SOURCE=/volume0/usr/builtin/etc/letsencrypt/live/tor.telf.se # letsencrypt certificate 
+SOURCE=/volume0/usr/builtin/etc/letsencrypt/live/nas.domain.com # letsencrypt certificate 
 TARGET=/volume0/usr/etc/lighttpd # ADM lighttpd web server ssl cert target directory 
 
 cat $SOURCE/privkey.pem $SOURCE/cert.pem > $SOURCE/lighttpd.pem 

diff --git a/README.md b/README.md
@@ -1,4 +1,4 @@
-The goal is to configure Asustor NAS to use letsencrypt certificate without exposing it to the internet.  
+This will configure an Asustor NAS to use letsencrypt certificate without exposing it to the internet.  
 To achieve this we use certbot with DNS-01 challenge to Cloudflare.
 
 1. Setup cloudflare secret.

diff --git a/README.md b/README.md
@@ -16,7 +16,7 @@ https://certbot-dns-cloudflare.readthedocs.io/en/stable/#credentials
 
 3. Run install.sh to setup pip and certbot-dns-cloudflare. 
 
-3. Link script to lets encrypts deploy hook.
+3. Link script to letsencrypt deploy hook.
 ```shell
 ln -s /volume1/system/letsencrypt/adm-deploy.sh /volume0/usr/builtin/etc/letsencrypt/renewal-hooks/deploy/
 ```

diff --git a/README.md b/README.md
@@ -1,9 +1,7 @@
 The goal is to configure Asustor NAS to use letsencrypt certificate without exposing it to the internet.  
 To achieve this we use certbot with DNS-01 challenge to Cloudflare.
 
-1. Run install.sh to install pip and certbot-dns-cloudflare. 
-
-2. Setup cloudflare secret.
+1. Setup cloudflare secret.
 ```shell
 mkdir /volume1/system/letsencrypt
 touch /volume1/system/letsencrypt/cloudflare.ini
@@ -14,7 +12,14 @@ chmod 600 /volume1/system/letsencrypt/cloudflare.ini
 Add the Cloudflare API key in this file:
 https://certbot-dns-cloudflare.readthedocs.io/en/stable/#credentials
 
-3. Place adm-deploy.sh in `/volume0/usr/builtin/etc/letsencrypt/renew-hooks`
+2. Place install.sh and adm.deploy.sh in `/volume1/system/letsencrypt`
+
+3. Run install.sh to setup pip and certbot-dns-cloudflare. 
+
+3. Link script to lets encrypts deploy hook.
+```shell
+ln -s /volume1/system/letsencrypt/adm-deploy.sh /volume0/usr/builtin/etc/letsencrypt/renewal-hooks/deploy/
+```
 
 4. Generate certificate.
 ```shell
@@ -24,7 +29,8 @@ certbot certonly --config-dir=/volume0/usr/builtin/etc/letsencrypt \
   -d nas.mydomain.com
 ```
 
-5. Add renew to crontab:
+5. Add renew to crontab `/var/spool/cron/crontabs/root`
 ```shell
-echo "0 6 * * * /usr/bin/certbot --config-dir=/volume0/usr/builtin/etc/letsencrypt renew" | tee -a /var/spool/cron/crontabs/root
+@reboot /volume1/system/letsencrypt/install.sh && /usr/bin/certbot --config-dir=/volume0/usr/builtin/etc/letsencrypt renew
+0 6 * * * /usr/bin/certbot --config-dir=/volume0/usr/builtin/etc/letsencrypt renew
 ```
diff --git a/adm-deploy.sh b/adm-deploy.sh
@@ -1,6 +1,6 @@
 #!/usr/bin/env bash 
 
-# An asustor NAS Let's Encrypt certificate renewal deploy shell script. 
+# Asustor NAS Let's Encrypt certificate renewal deploy shell script. 
 # Place in this directory to run on successful renwal: 
 # /volume0/usr/builtin/etc/letsencrypt/renewal-hooks/deploy 
 # Certbot docs: https://certbot.eff.org/docs/using.html 

diff --git a/adm-deploy.sh b/adm-deploy.sh
@@ -1,27 +1,14 @@
-#!/bin/sh
-
-# An asustor NAS Let's Encrypt certificate renewal deploy shell script.
-# https://github.com/bebo-dot-dev/asustor-certbot/
-
-# Dependencies: 
-#   A certbot --config-dir/renewal-hooks/deploy directory to host this script
-#
-# When this shell script is present in the certbot --config-dir/renewal-hooks/deploy, it will be called 
-# by certbot upon successful renewal only
-# This script can be used to automate actions that need to be performed upon post renewal success 
-# i.e. certificate copy / service restart etc
-#
-# certbot docs are here: https://certbot.eff.org/docs/using.html
-
-CONFIG_DIR=/volume0/usr/builtin/etc/letsencrypt     # the certbot --config-dir
-SOURCE_CERT=/live/nas.mydomain.com                  # a source letsencrypt certificate to perform actions with
-ADM_TARGET=/volume0/usr/etc/lighttpd                # the ADM lighttpd web server ssl cert target directory
-ADM_WEB_SERVICE=/etc/init.d/S41lighttpd             # the ADM lighttpd service control script
-
-#create a lighttpd "compatible" cert by combining the private key and the cert together and 
-#then update the lighttpd ssl cert with that
-cat $CONFIG_DIR$SOURCE_CERT/privkey.pem $CONFIG_DIR$SOURCE_CERT/cert.pem > $CONFIG_DIR$SOURCE_CERT/lighttpd.pem
-cp -L -f $CONFIG_DIR$SOURCE_CERT/lighttpd.pem $ADM_TARGET/lighttpd.pem
-
-#restart lighttpd
-$ADM_WEB_SERVICE restart
+#!/usr/bin/env bash 
+
+# An asustor NAS Let's Encrypt certificate renewal deploy shell script. 
+# Place in this directory to run on successful renwal: 
+# /volume0/usr/builtin/etc/letsencrypt/renewal-hooks/deploy 
+# Certbot docs: https://certbot.eff.org/docs/using.html 
+
+SOURCE=/volume0/usr/builtin/etc/letsencrypt/live/tor.telf.se # letsencrypt certificate 
+TARGET=/volume0/usr/etc/lighttpd # ADM lighttpd web server ssl cert target directory 
+
+cat $SOURCE/privkey.pem $SOURCE/cert.pem > $SOURCE/lighttpd.pem 
+cp -Lfv $SOURCE/lighttpd.pem $TARGET/lighttpd.pem 
+
+/etc/init.d/S41lighttpd restart 
diff --git a/README.md b/README.md
@@ -14,7 +14,7 @@ chmod 600 /volume1/system/letsencrypt/cloudflare.ini
 Add the Cloudflare API key in this file:
 https://certbot-dns-cloudflare.readthedocs.io/en/stable/#credentials
 
-3. Place adm-deploy.sh in /volume0/usr/builtin/etc/letsencrypt/renew-hooks
+3. Place adm-deploy.sh in `/volume0/usr/builtin/etc/letsencrypt/renew-hooks`
 
 4. Generate certificate.
 ```shell

diff --git a/gistfile1.txt → README.md b/gistfile1.txt → README.md
diff --git a/adm-deploy.sh b/adm-deploy.sh
@@ -0,0 +1,27 @@
+#!/bin/sh
+
+# An asustor NAS Let's Encrypt certificate renewal deploy shell script.
+# https://github.com/bebo-dot-dev/asustor-certbot/
+
+# Dependencies: 
+#   A certbot --config-dir/renewal-hooks/deploy directory to host this script
+#
+# When this shell script is present in the certbot --config-dir/renewal-hooks/deploy, it will be called 
+# by certbot upon successful renewal only
+# This script can be used to automate actions that need to be performed upon post renewal success 
+# i.e. certificate copy / service restart etc
+#
+# certbot docs are here: https://certbot.eff.org/docs/using.html
+
+CONFIG_DIR=/volume0/usr/builtin/etc/letsencrypt     # the certbot --config-dir
+SOURCE_CERT=/live/nas.mydomain.com                  # a source letsencrypt certificate to perform actions with
+ADM_TARGET=/volume0/usr/etc/lighttpd                # the ADM lighttpd web server ssl cert target directory
+ADM_WEB_SERVICE=/etc/init.d/S41lighttpd             # the ADM lighttpd service control script
+
+#create a lighttpd "compatible" cert by combining the private key and the cert together and 
+#then update the lighttpd ssl cert with that
+cat $CONFIG_DIR$SOURCE_CERT/privkey.pem $CONFIG_DIR$SOURCE_CERT/cert.pem > $CONFIG_DIR$SOURCE_CERT/lighttpd.pem
+cp -L -f $CONFIG_DIR$SOURCE_CERT/lighttpd.pem $ADM_TARGET/lighttpd.pem
+
+#restart lighttpd
+$ADM_WEB_SERVICE restart
diff --git a/gistfile1.txt b/gistfile1.txt
@@ -0,0 +1,30 @@
+The goal is to configure Asustor NAS to use letsencrypt certificate without exposing it to the internet.  
+To achieve this we use certbot with DNS-01 challenge to Cloudflare.
+
+1. Run install.sh to install pip and certbot-dns-cloudflare. 
+
+2. Setup cloudflare secret.
+```shell
+mkdir /volume1/system/letsencrypt
+touch /volume1/system/letsencrypt/cloudflare.ini
+chown root:root /volume1/system/letsencrypt
+chmod 700 /volume1/system/letsencrypt
+chmod 600 /volume1/system/letsencrypt/cloudflare.ini
+```
+Add the Cloudflare API key in this file:
+https://certbot-dns-cloudflare.readthedocs.io/en/stable/#credentials
+
+3. Place adm-deploy.sh in /volume0/usr/builtin/etc/letsencrypt/renew-hooks
+
+4. Generate certificate.
+```shell
+certbot certonly --config-dir=/volume0/usr/builtin/etc/letsencrypt \
+  --dns-cloudflare --dns-cloudflare-credentials /volume1/system/letsencrypt/cloudflare.ini \
+  --preferred-challenges dns-01 \
+  -d nas.mydomain.com
+```
+
+5. Add renew to crontab:
+```shell
+echo "0 6 * * * /usr/bin/certbot --config-dir=/volume0/usr/builtin/etc/letsencrypt renew" | tee -a /var/spool/cron/crontabs/root
+```
diff --git a/install.sh b/install.sh
@@ -0,0 +1,6 @@
+#!/bin/sh
+python3 -m ensurepip
+python3 -m pip install --upgrade pip
+python3 -m pip -V
+pip3 install certbot-dns-cloudflare
+ln -s /volume1/.@plugins/AppCentral/python3/bin/certbot /usr/bin/certbot