Acme client - export certificates

[tverweij]

Is there a way to export the certificates from the Acme client?
And if so, can this be done by an API call?

[Maurice]

System: Trust: Certificates in the GUI, or just copy them from /var/etc/acme-client/home/. No API call that I'm aware of though.

Cheers
Maurice

[tverweij]

That was really stupid of me - did not think of that as the certs were generated by an add on.

[Maurice]

Well, there is an ACME client API, but I don't think there is a call to export certificates:
https://docs.opnsense.org/development/api/plugins/acmeclient.html

Did you consider an ACME automation to automatically upload the certificate after creation / renewal?

[julsssark]

Where do you want the certificate to go? There are automations (Services->ACME client->Automations) that upload to Synology, SFTP to a server, etc.

[tverweij]

Thanks, that is something I have to look at.
I need the same certificates for mail and FTP servers.

[CJ]

If you're using separate subdomains such as mail.example.com, ftp.example.com and www.example.com you can just run an ACME client on each of those servers for that subdomain specifically.

[tverweij]

If you're using separate subdomains such as mail.example.com, ftp.example.com and www.example.com you can just run an ACME client on each of those servers for that subdomain specifically.

That is what is failing with NGINX in between ...

[julsssark]

I use the OPNsense Acme client to get all of the certs for my servers (nas.domain.com, unifi.domain.com, etc.) and then an automation to move the cert to the server that uses it.