群晖开启二次验证(2FA)后无法更新证书。

[crossgg]

之前没有开启二次认证用了好长时间没问题。上个月开启二次验证后无法安装证书。
2024.3.20已通过命令更新最新版本v3.0.6。按照wiki,输入以下代码后直接报错，没有让“手动输入 TOTP 代码”
通过如下代码后一样是报错

export SYNO_Username="xxxx"
export SYNO_OTP_CODE=XXXXXX
export SYNO_DEVICE_NAME=CertRenewal
 ./acme.sh --deploy --home . -d "*.xxxx.xyz" --deploy-hook synology_dsm --debug 2

报错日志如下

Debug log

 ./acme.sh --deploy --home . -d "*.xxxx.xyz" --deploy-hook synology_dsm --debug 2
[Wed Mar 20 11:43:05 AM CST 2024] Lets find script dir.
[Wed Mar 20 11:43:05 AM CST 2024] _SCRIPT_='./acme.sh'
[Wed Mar 20 11:43:05 AM CST 2024] _script='/volume2/docker/cert/acme.sh/acme.sh'
[Wed Mar 20 11:43:05 AM CST 2024] _script_home='/volume2/docker/cert/acme.sh'
[Wed Mar 20 11:43:05 AM CST 2024] Using config home:.
[Wed Mar 20 11:43:05 AM CST 2024] LE_WORKING_DIR='.'
https://github.com/acmesh-official/acme.sh
v3.0.6
[Wed Mar 20 11:43:05 AM CST 2024] Running cmd: deploy
[Wed Mar 20 11:43:05 AM CST 2024] Using config home:.
[Wed Mar 20 11:43:05 AM CST 2024] default_acme_server
[Wed Mar 20 11:43:05 AM CST 2024] ACME_DIRECTORY='https://acme.zerossl.com/v2/DV90'
[Wed Mar 20 11:43:05 AM CST 2024] _ACME_SERVER_HOST='acme.zerossl.com'
[Wed Mar 20 11:43:05 AM CST 2024] _ACME_SERVER_PATH='v2/DV90'
[Wed Mar 20 11:43:05 AM CST 2024] DOMAIN_PATH='./*.xxxx.xyz'
[Wed Mar 20 11:43:05 AM CST 2024] DOMAIN_CONF='./*.xxxx.xyz/*.xxxx.xyz.conf'
[Wed Mar 20 11:43:05 AM CST 2024] _deployApi='/volume2/docker/cert/acme.sh/deploy/synology_dsm.sh'
[Wed Mar 20 11:43:05 AM CST 2024] _cdomain='*.xxxx.xyz'
[Wed Mar 20 11:43:05 AM CST 2024] SYNO_Username='xxxx'
[Wed Mar 20 11:43:05 AM CST 2024] SYNO_Password='[hidden](please add '--output-insecure' to see this value)'
[Wed Mar 20 11:43:05 AM CST 2024] SYNO_Scheme='http'
[Wed Mar 20 11:43:06 AM CST 2024] SYNO_Hostname='localhost'
[Wed Mar 20 11:43:06 AM CST 2024] SYNO_Port='5000'
[Wed Mar 20 11:43:06 AM CST 2024] SYNO_Certificate
[Wed Mar 20 11:43:06 AM CST 2024] _base_url='http://localhost:5000'
[Wed Mar 20 11:43:06 AM CST 2024] Getting API version
[Wed Mar 20 11:43:06 AM CST 2024] GET
[Wed Mar 20 11:43:06 AM CST 2024] url='http://localhost:5000/webapi/query.cgi?api=SYNO.API.Info&version=1&method=query&query=SYNO.API.Auth'
[Wed Mar 20 11:43:06 AM CST 2024] timeout=
[Wed Mar 20 11:43:06 AM CST 2024] _CURL='curl --silent --dump-header ./http.header  -L  --trace-ascii /tmp/tmp.4MwpemI3Z5  -g '
[Wed Mar 20 11:43:06 AM CST 2024] ret='0'
[Wed Mar 20 11:43:06 AM CST 2024] Logging into localhost:5000
[Wed Mar 20 11:43:06 AM CST 2024] POST
[Wed Mar 20 11:43:06 AM CST 2024] _post_url='http://localhost:5000/webapi/auth.cgi?enable_syno_token=yes'
[Wed Mar 20 11:43:06 AM CST 2024] body='method=login&account=xxxx&passwd=xxxx.&api=SYNO.API.Auth&version=7&enable_syno_token=yes&otp_code=&device_name=certrenewal&device_id='
[Wed Mar 20 11:43:06 AM CST 2024] _postContentType
[Wed Mar 20 11:43:06 AM CST 2024] _CURL='curl --silent --dump-header ./http.header  -L  --trace-ascii /tmp/tmp.jkL4CqPhEE  -g '
[Wed Mar 20 11:43:07 AM CST 2024] _ret='0'
[Wed Mar 20 11:43:07 AM CST 2024] token
[Wed Mar 20 11:43:07 AM CST 2024] Unable to authenticate to localhost:5000 using http.
[Wed Mar 20 11:43:07 AM CST 2024] Check your username and password.
[Wed Mar 20 11:43:07 AM CST 2024] If two-factor authentication is enabled for the user, set SYNO_TOTP_SECRET.
[Wed Mar 20 11:43:07 AM CST 2024] Error deploy for domain:*.xxxx.xyz
[Wed Mar 20 11:43:07 AM CST 2024] Deploy error.

[github-actions]

Please upgrade to the latest code and try again first. Maybe it's already fixed. acme.sh --upgrade If it's still not working, please provide the log with --debug 2, otherwise, nobody can help you.

[scruel]

Please read wiki's leading notice carefully, PR #5023 haven't yet got merged.

@Neilpang I don't mean to disturb, could you start to review this PR? Thanks!

[CoOlaRlL]

之前没有开启二次认证用了好长时间没问题。上个月开启二次验证后无法安装证书。 2024.3.20已通过命令更新最新版本v3.0.6。按照wiki,输入以下代码后直接报错，没有让“手动输入 TOTP 代码” 通过如下代码后一样是报错

export SYNO_Username="xxxx"
export SYNO_OTP_CODE=XXXXXX
export SYNO_DEVICE_NAME=CertRenewal
 ./acme.sh --deploy --home . -d "*.xxxx.xyz" --deploy-hook synology_dsm --debug 2

报错日志如下

Debug log

 ./acme.sh --deploy --home . -d "*.xxxx.xyz" --deploy-hook synology_dsm --debug 2
[Wed Mar 20 11:43:05 AM CST 2024] Lets find script dir.
[Wed Mar 20 11:43:05 AM CST 2024] _SCRIPT_='./acme.sh'
[Wed Mar 20 11:43:05 AM CST 2024] _script='/volume2/docker/cert/acme.sh/acme.sh'
[Wed Mar 20 11:43:05 AM CST 2024] _script_home='/volume2/docker/cert/acme.sh'
[Wed Mar 20 11:43:05 AM CST 2024] Using config home:.
[Wed Mar 20 11:43:05 AM CST 2024] LE_WORKING_DIR='.'
https://github.com/acmesh-official/acme.sh
v3.0.6
[Wed Mar 20 11:43:05 AM CST 2024] Running cmd: deploy
[Wed Mar 20 11:43:05 AM CST 2024] Using config home:.
[Wed Mar 20 11:43:05 AM CST 2024] default_acme_server
[Wed Mar 20 11:43:05 AM CST 2024] ACME_DIRECTORY='https://acme.zerossl.com/v2/DV90'
[Wed Mar 20 11:43:05 AM CST 2024] _ACME_SERVER_HOST='acme.zerossl.com'
[Wed Mar 20 11:43:05 AM CST 2024] _ACME_SERVER_PATH='v2/DV90'
[Wed Mar 20 11:43:05 AM CST 2024] DOMAIN_PATH='./*.xxxx.xyz'
[Wed Mar 20 11:43:05 AM CST 2024] DOMAIN_CONF='./*.xxxx.xyz/*.xxxx.xyz.conf'
[Wed Mar 20 11:43:05 AM CST 2024] _deployApi='/volume2/docker/cert/acme.sh/deploy/synology_dsm.sh'
[Wed Mar 20 11:43:05 AM CST 2024] _cdomain='*.xxxx.xyz'
[Wed Mar 20 11:43:05 AM CST 2024] SYNO_Username='xxxx'
[Wed Mar 20 11:43:05 AM CST 2024] SYNO_Password='[hidden](please add '--output-insecure' to see this value)'
[Wed Mar 20 11:43:05 AM CST 2024] SYNO_Scheme='http'
[Wed Mar 20 11:43:06 AM CST 2024] SYNO_Hostname='localhost'
[Wed Mar 20 11:43:06 AM CST 2024] SYNO_Port='5000'
[Wed Mar 20 11:43:06 AM CST 2024] SYNO_Certificate
[Wed Mar 20 11:43:06 AM CST 2024] _base_url='http://localhost:5000'
[Wed Mar 20 11:43:06 AM CST 2024] Getting API version
[Wed Mar 20 11:43:06 AM CST 2024] GET
[Wed Mar 20 11:43:06 AM CST 2024] url='http://localhost:5000/webapi/query.cgi?api=SYNO.API.Info&version=1&method=query&query=SYNO.API.Auth'
[Wed Mar 20 11:43:06 AM CST 2024] timeout=
[Wed Mar 20 11:43:06 AM CST 2024] _CURL='curl --silent --dump-header ./http.header  -L  --trace-ascii /tmp/tmp.4MwpemI3Z5  -g '
[Wed Mar 20 11:43:06 AM CST 2024] ret='0'
[Wed Mar 20 11:43:06 AM CST 2024] Logging into localhost:5000
[Wed Mar 20 11:43:06 AM CST 2024] POST
[Wed Mar 20 11:43:06 AM CST 2024] _post_url='http://localhost:5000/webapi/auth.cgi?enable_syno_token=yes'
[Wed Mar 20 11:43:06 AM CST 2024] body='method=login&account=xxxx&passwd=xxxx.&api=SYNO.API.Auth&version=7&enable_syno_token=yes&otp_code=&device_name=certrenewal&device_id='
[Wed Mar 20 11:43:06 AM CST 2024] _postContentType
[Wed Mar 20 11:43:06 AM CST 2024] _CURL='curl --silent --dump-header ./http.header  -L  --trace-ascii /tmp/tmp.jkL4CqPhEE  -g '
[Wed Mar 20 11:43:07 AM CST 2024] _ret='0'
[Wed Mar 20 11:43:07 AM CST 2024] token
[Wed Mar 20 11:43:07 AM CST 2024] Unable to authenticate to localhost:5000 using http.
[Wed Mar 20 11:43:07 AM CST 2024] Check your username and password.
[Wed Mar 20 11:43:07 AM CST 2024] If two-factor authentication is enabled for the user, set SYNO_TOTP_SECRET.
[Wed Mar 20 11:43:07 AM CST 2024] Error deploy for domain:*.xxxx.xyz
[Wed Mar 20 11:43:07 AM CST 2024] Deploy error.

你对照我这个脚本调试下吧，我现在是dsm7.2单一认证，这个脚本一直没改，之前用的7.0双重认证也没问题，--toPkcs那一行是转换的pfx格式证书可以忽略，另外我是用docker neilpang/acme.sh:3.0.7
case $DNS in

"dns_dp")

a="DP_Id=${DP_Id}"&&b="DP_Key=${DP_Key}"

;;

"dns_ali")

a="Ali_Key=${Ali_Key}"&&b="Ali_Secret=${Ali_Secret}"

;;

"dns_cf")

a="CF_Key=${CF_Key}"&&b="CF_Email=${CF_Email}"

;;

esac

c="SYNO_Username=${SYNO_Username}"

d="SYNO_Password=${SYNO_Password}"

e="SYNO_Device_ID=${SYNO_Device_ID}"

f="SYNO_Hostname=${SYNO_Hostname}"

g="SYNO_Scheme=${SYNO_Scheme}"

h="SYNO_Port=${SYNO_Port}"

i="SYNO_Certificate=${SYNO_Certificate}"

j="SYNO_DID=${SYNO_Device_ID}"

k="SYNO_Create=${SYNO_Create}"

docker exec -e ${a} -e ${b} acme acme.sh --log --server "${CERT_SERVER}" --issue -d "${DOMAIN}" -d ".${DOMAIN}" --dns "${DNS}" --force
docker exec -e ${a} -e ${b} acme acme.sh --toPkcs -d "${DOMAIN}" --password emby --force
docker exec -e ${c} -e ${d} -e ${e} -e ${f} -e ${g} -e ${h} -e ${i} -e ${j} -e ${k} acme acme.sh --issue -d "${DOMAIN}" -d ".${DOMAIN}" --dns "${DNS}" --insecure --deploy --deploy-hook synology_dsm

[scruel]

@CoOlaRlL 你这个用法不是同一个问题，他的问题应该已经被解决了。
@crossgg PR 也已经被合并了，请再次更新到最新，测试是否解决问题，解决了可以帮忙关闭 issue

[crossgg]

先用临时管理员的命令解决了 谢谢！