Using Ansible to update Synology with Acme certificates from pfSense Certificate Manager
I love that my pfSense router can manage Acme certificates for my local domain. I use DigitalOcean for hosting this blog, so I was able to configure pfSense manage my Acme certificate updates using a DNS Challenge controlled through DigitalOcean's API (with a key).
I got tired of having to manually download and upload the certificate files to my Synology NAS every few months. I'm already leveraging Ansible for other maintenance drudgery, so yesterday I decided to explore automating it.
Prerequisite: you need to enable the "Write Certificates" option in pfSense's Acme Certificates module. It is a checkbox that can be found if you follow Services -> Acme Certificates -> General Settings:
I'll just cut to the chase here, I have two Github Gists with the Ansible tasks. There are two:
- Copy certificates from pfSense to your Ansible workspace:
https://gist.github.com/TheCase/d3ac39e7217f83f120e7c334c2f12e5c
- Copy the certificates to Synology and restart the affected services:
https://gist.github.com/TheCase/8d53c1f44fba4eb49755731542bbece8
Even if you are not using either pfSense or a Synology, I'm sure these Ansible Tasks could prove useful in your particular situation. Need help? Feel free to leave and comment!
Shoutout to [BIT]arantno and the discection of the certificate layout on the Synology filesystem. You saved me a lot of time!
Subscribe to repulsor.blog
Get the latest posts delivered right to your inbox