Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
24.7 Production Series
»
ACME Plugin will upload certificate to only one NAS
« previous
next »
Print
Pages: [
1
]
Author
Topic: ACME Plugin will upload certificate to only one NAS (Read 44 times)
wiggleroom
Newbie
Posts: 7
Karma: 0
ACME Plugin will upload certificate to only one NAS
«
on:
November 28, 2024, 03:48:39 pm »
One of my certificates is a wildcard for multiple subdomains. When the certificate gets renewed, I have multiple automations setup to distribute the cert to three different servers using the run-command
Upload certificate to Synology DSM
. What happens in practice is that
only one of those servers gets updated
. The same server gets updated multiple times if I have multiple target devices.
Digging in some I see that when a cert is issued, files that control the process & automations get generated at /var/etc/acme-client/cert-home. For each cert you'll find a .conf file with key parameters in it like SAVED_SYNO_USERNAME, SAVED_SYNO_PASSWORD, SAVED_SYNO_HOSTNAME. It appears that multiple occurrenses of those has not been considered?
If I watch the log the plugin will say it is updating each server, calling out the automation by name. But the command that it executes is identical for each of those servers. It just keeps hitting the same one each time.
Less critical but worth a note, if I change the creds in the automation the cert-home files do NOT get updated if I launch just the automation from the webui. The automation then supplies the wrong/old credentials (confirmed by putting
--debug --output-insecure
on the acme.sh command). To use up to date creds I have to actually force a issue/renew on the cert.
Running OPNsense 24.7.9_1-amd64
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
24.7 Production Series
»
ACME Plugin will upload certificate to only one NAS