飞牛NAS使用1Panel自动续签SSL证书

1、安装1Panel

2、在1Panel证书选项设置DNS账户。

3、设置Acme 账户信息（邮箱填写你自己的邮箱即可）

4、查看飞牛NAS的ssl证书的存放位

SSH连接至飞牛NAS执行以下命令

cat /usr/trim/etc/network_cert_all.conf

执行后会输出以下内容

cat /usr/trim/etc/network_cert_all.conf
[{"domain":"fnOS","san":["fnOS"],"certificate":"/usr/trim/var/trim_connect/ssls/fnOS/1759996650/fnOS.crt","fullchain":"","privateKey":"/usr/trim/var/trim_connect/ssls/fnOS/1759996650/fnOS.key","validFrom":1759996650000,"validTo":1823068650000,"sum":"068b5202a81dd1845c23882e24c6c768","used":true,"appFlag":14},{"domain":"*.test.fnos.net","san":

["*.test.fnos.net","test.fnos.net"],"certificate":"/usr/trim/var/trim_connect/ssls/test.fnos.net/1760520284/cert.crt","fullchain":"/usr/trim/var/trim_connect/ssls/test.fnos.net/1760520284/fullchain.crt","privateKey":"/usr/trim/var/trim_connect/ssls/test.fnos.net/1760520284/private.key","validFrom":1760516768000,"validTo":1768292767000,"sum":"1197dbdf5372727feaea1a7fbbbece5c","used":false,"appFlag":0},{"domain":"nas.fnos.cn","san":

["nas.fnos.cn"],
"certificate":"/usr/trim/var/trim_connect/ssls/nas.fnos.cn/1760539642/nas.fnos.cn.crt",
"fullchain":"","privateKey":"/usr/trim/var/trim_connect/ssls/nas.fnos.cn/1760539642/nas.fnos.cn.key",
"validFrom":1760538390000,"validTo":1768314389000,"sum":"41568c4b573a3c0e2f7a40e77d96c20c","used":false,"appFlag":0}]admin@NAS:~$

比如我的NAS的域名是nas.fnos.cn，那么证书存放的路径就是

/usr/trim/var/trim_connect/ssls/nas.fnos.cn/1760539642/

每个人的数字文件夹都不一样，需要以你自己设备的路径为主。

5、1Panel设置自动申请证书并部署自动更新

申请证书之后执行脚本如下：

切记修改脚本里面的以下内容为你自己的

# 配置
CERT_NAME="你的域名"
CERT_PATH="/usr/trim/var/trim_connect/ssls/你的域名/1760539642"

#!/bin/bash
set -e # 出错时退出

# 配置
CERT_NAME="你的域名"
CERT_PATH="/usr/trim/var/trim_connect/ssls/你的域名/1760539642"
LOG_FILE="/var/log/ssl_rename_update.log"
TIMESTAMP=$(date '+%Y-%m-%d %H:%M:%S')

# 记录开始时间
echo "[$TIMESTAMP] 开始重命名证书文件并更新数据库" >> "$LOG_FILE"

# 1. 检查源文件是否存在
echo "[$TIMESTAMP] 步骤1: 检查证书文件" >> "$LOG_FILE"
if [ ! -f "$CERT_PATH/fullchain.pem" ]; then
echo "[$TIMESTAMP] 错误: fullchain.pem 不存在" >> "$LOG_FILE"
exit 1
fi

if [ ! -f "$CERT_PATH/privkey.pem" ]; then
echo "[$TIMESTAMP] 错误: privkey.pem 不存在" >> "$LOG_FILE"
exit 1
fi

echo "[$TIMESTAMP] 证书文件确认存在" >> "$LOG_FILE"

# 2. 重命名文件
echo "[$TIMESTAMP] 步骤2: 重命名证书文件" >> "$LOG_FILE"
mv -v "$CERT_PATH/fullchain.pem" "$CERT_PATH/$CERT_NAME.crt" >> "$LOG_FILE" 2>&1
mv -v "$CERT_PATH/privkey.pem" "$CERT_PATH/$CERT_NAME.key" >> "$LOG_FILE" 2>&1

# 3. 设置正确的文件权限
echo "[$TIMESTAMP] 步骤3: 设置文件权限" >> "$LOG_FILE"
chmod 644 "$CERT_PATH/$CERT_NAME.crt"
chmod 600 "$CERT_PATH/$CERT_NAME.key"
echo "[$TIMESTAMP] 文件权限设置完成" >> "$LOG_FILE"

# 4. 获取证书信息并更新数据库
echo "[$TIMESTAMP] 步骤4: 更新数据库" >> "$LOG_FILE"

# 验证证书格式
if ! openssl x509 -in "$CERT_PATH/$CERT_NAME.crt" -noout >/dev/null 2>&1; then
echo "[$TIMESTAMP] 错误: 证书文件格式无效" >> "$LOG_FILE"
exit 1
fi

# 提取证书信息
NEW_EXPIRY_DATE=$(openssl x509 -enddate -noout -in "$CERT_PATH/$CERT_NAME.crt" | sed "s/^.*=\(.*\)$/\1/")
NEW_NOT_BEFORE=$(openssl x509 -startdate -noout -in "$CERT_PATH/$CERT_NAME.crt" | sed "s/^.*=\(.*\)$/\1/")
NEW_ISSUER=$(openssl x509 -in "$CERT_PATH/$CERT_NAME.crt" -noout -issuer | grep -o "CN = [^,]*" | cut -d= -f2 | tr -d ' ')

NEW_EXPIRY_TIMESTAMP=$(date -d "$NEW_EXPIRY_DATE" +%s%3N)
NEW_VALID_FROM_TS=$(date -d "$NEW_NOT_BEFORE" +%s%3N)

echo "[$TIMESTAMP] 证书信息: 颁发者=$NEW_ISSUER, 有效期=$NEW_EXPIRY_DATE" >> "$LOG_FILE"

# 更新数据库（包含更多字段）
psql -U postgres -d trim_connect -c "UPDATE cert SET \
issued_by='$NEW_ISSUER', \
valid_from=$NEW_VALID_FROM_TS, \
valid_to=$NEW_EXPIRY_TIMESTAMP, \
status='suc', \
certificate='$CERT_PATH/$CERT_NAME.crt', \
private_key='$CERT_PATH/$CERT_NAME.key', \
updated_time=$(date +%s%3N) \
WHERE domain='$CERT_NAME';" >> "$LOG_FILE" 2>&1

if [ $? -eq 0 ]; then
echo "[$TIMESTAMP] 数据库更新成功" >> "$LOG_FILE"
else
echo "[$TIMESTAMP] 数据库更新失败" >> "$LOG_FILE"
exit 1
fi

# 5. 重启服务
echo "[$TIMESTAMP] 步骤5: 重启相关服务" >> "$LOG_FILE"
systemctl restart webdav.service >> "$LOG_FILE" 2>&1
systemctl restart smbftpd.service >> "$LOG_FILE" 2>&1
systemctl restart trim_nginx.service >> "$LOG_FILE" 2>&1

echo "[$TIMESTAMP] 所有服务重启完成" >> "$LOG_FILE"

# 6. 验证结果
echo "[$TIMESTAMP] 步骤6: 验证更新结果" >> "$LOG_FILE"
if [ -f "$CERT_PATH/$CERT_NAME.crt" ] && [ -f "$CERT_PATH/$CERT_NAME.key" ]; then
echo "[$TIMESTAMP] 证书文件重命名成功:" >> "$LOG_FILE"
ls -la "$CERT_PATH/$CERT_NAME.crt" "$CERT_PATH/$CERT_NAME.key" >> "$LOG_FILE" 2>&1
else
echo "[$TIMESTAMP] 警告: 证书文件不存在" >> "$LOG_FILE"
fi

echo "[$TIMESTAMP] 证书重命名和数据库更新完成" >> "$LOG_FILE"

6、最后查看日志是否部署成功