Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

issue to auth with DSM 2FA open #5077

Open
jjlizz opened this issue Apr 2, 2024 · 4 comments
Open

issue to auth with DSM 2FA open #5077

jjlizz opened this issue Apr 2, 2024 · 4 comments

Comments

@jjlizz
Copy link

jjlizz commented Apr 2, 2024

I'm using latest docker version of acme.sh to upload cert to DSM yet facing login failure. I upload cert every month and it worked fine until this month.
DMS version: DSM 7.2.1-69057 Update 4
And here is the log.

[Tue Apr 2 13:00:05 UTC 2024] _is_idn_d='jjlizz.org'
[Tue Apr 2 13:00:05 UTC 2024] _idn_temp
[Tue Apr 2 13:00:05 UTC 2024] Lets find script dir.
[Tue Apr 2 13:00:05 UTC 2024] SCRIPT='/root/.acme.sh/acme.sh'
[Tue Apr 2 13:00:05 UTC 2024] _script='/root/.acme.sh/acme.sh'
[Tue Apr 2 13:00:05 UTC 2024] _script_home='/root/.acme.sh'
[Tue Apr 2 13:00:05 UTC 2024] Using default home:/root/.acme.sh
[Tue Apr 2 13:00:05 UTC 2024] Using config home:/acme.sh
[Tue Apr 2 13:00:05 UTC 2024] LE_WORKING_DIR='/root/.acme.sh'
https://github.com/acmesh-official/acme.sh
v3.0.8
[Tue Apr 2 13:00:05 UTC 2024] Running cmd: deploy
[Tue Apr 2 13:00:05 UTC 2024] Using config home:/acme.sh
[Tue Apr 2 13:00:05 UTC 2024] default_acme_server
[Tue Apr 2 13:00:05 UTC 2024] ACME_DIRECTORY='https://acme.zerossl.com/v2/DV90'
[Tue Apr 2 13:00:05 UTC 2024] _ACME_SERVER_HOST='acme.zerossl.com'
[Tue Apr 2 13:00:05 UTC 2024] _ACME_SERVER_PATH='v2/DV90'
[Tue Apr 2 13:00:05 UTC 2024] The domain 'jjlizz.org' seems to have a ECC cert already, lets use ecc cert.
[Tue Apr 2 13:00:05 UTC 2024] DOMAIN_PATH='/acme.sh/jjlizz.org_ecc'
[Tue Apr 2 13:00:05 UTC 2024] DOMAIN_CONF='/acme.sh/jjlizz.org_ecc/jjlizz.org.conf'
[Tue Apr 2 13:00:05 UTC 2024] _deployApi='/root/.acme.sh/deploy/synology_dsm.sh'
[Tue Apr 2 13:00:05 UTC 2024] _cdomain='jjlizz.org'
[Tue Apr 2 13:00:05 UTC 2024] SYNO_Username='cert'
[Tue Apr 2 13:00:05 UTC 2024] SYNO_Password='[hidden](please add '--output-insecure' to see this value)'
[Tue Apr 2 13:00:05 UTC 2024] SYNO_Create='1'
[Tue Apr 2 13:00:05 UTC 2024] SYNO_Device_Name='CertRenewal'
[Tue Apr 2 13:00:05 UTC 2024] SYNO_Device_ID='[hidden](please add '--output-insecure' to see this value)'
[Tue Apr 2 13:00:05 UTC 2024] SYNO_Scheme='http'
[Tue Apr 2 13:00:05 UTC 2024] SYNO_Hostname='lee.nas.com'
[Tue Apr 2 13:00:05 UTC 2024] SYNO_Port='5000'
[Tue Apr 2 13:00:05 UTC 2024] SYNO_Certificate='NAS org SSL'
[Tue Apr 2 13:00:05 UTC 2024] _base_url='http://lee.nas.com:5000'
[Tue Apr 2 13:00:05 UTC 2024] Getting API version
[Tue Apr 2 13:00:05 UTC 2024] GET
[Tue Apr 2 13:00:05 UTC 2024] url='http://lee.nas.com:5000/webapi/query.cgi?api=SYNO.API.Info&version=1&method=query&query=SYNO.API.Auth'
[Tue Apr 2 13:00:05 UTC 2024] timeout=
[Tue Apr 2 13:00:05 UTC 2024] _CURL='curl --silent --dump-header /acme.sh/http.header -L --trace-ascii /tmp/tmp.u6sIAtr0Yp -g '
[Tue Apr 2 13:00:05 UTC 2024] ret='0'
[Tue Apr 2 13:00:05 UTC 2024] Logging into lee.nas.com:5000
[Tue Apr 2 13:00:05 UTC 2024] GET
[Tue Apr 2 13:00:05 UTC 2024] url='http://lee.nas.com:5000/webapi/entry.cgi?api=SYNO.API.Auth&version=7&method=login&format=sid&account=XXXX&passwd=XXXXXX&enable_syno_token=yes&device_name=CertRenewal&device_id=XXXXXX'
[Tue Apr 2 13:00:05 UTC 2024] timeout=
[Tue Apr 2 13:00:05 UTC 2024] _CURL='curl --silent --dump-header /acme.sh/http.header -L --trace-ascii /tmp/tmp.1k9jSykjJU -g '
[Tue Apr 2 13:00:05 UTC 2024] ret='0'
[Tue Apr 2 13:00:05 UTC 2024] Session ID
[Tue Apr 2 13:00:05 UTC 2024] SynoToken
[Tue Apr 2 13:00:05 UTC 2024] Unable to authenticate to http://lee.nas.com:5000 - check your username & password.
[Tue Apr 2 13:00:05 UTC 2024] If two-factor authentication is enabled for the user:
[Tue Apr 2 13:00:05 UTC 2024] - set SYNO_Device_Name then input correct OTP-code manually
[Tue Apr 2 13:00:05 UTC 2024] - get & set SYNO_Device_ID via your browser cookies
[Tue Apr 2 13:00:05 UTC 2024] Error deploy for domain:jjlizz.org
[Tue Apr 2 13:00:05 UTC 2024] Deploy error.

And then I tried manually putting the api url in browser, it returned a success.

{
"data": {
"SYNO.API.Auth": {
"maxVersion": 7,
"minVersion": 1,
"path": "entry.cgi"
}
},
"success": true
}

{
"data": {
"account": "XXXX",
"device_id": "XXXX",
"ik_message": "",
"is_portal_port": false,
"sid": "XXXX",
"synotoken": "XXXX"
},
"success": true
}

Now I'm totally lost.
@github-actions GitHub Actions
Copy link

github-actions bot commented Apr 2, 2024

Please upgrade to the latest code and try again first. Maybe it's already fixed. acme.sh --upgrade If it's still not working, please provide the log with --debug 2, otherwise, nobody can help you.

@BBxx99
Copy link

BBxx99 commented Apr 21, 2024

same here

@Anonym-tsk
Copy link

Same issue

@nillebor
Copy link

The broken Synology Hook works again in the last version. The query of OTP in the console also works again.
Tested on DSM 7.1. Update 6.

#5111
#5113

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@Anonym-tsk @jjlizz @nillebor @BBxx99