/ configuration

Using Ansible to update Synology with Acme certificates from pfSense Certificate Manager

I love that my pfSense router can manage Acme certificates for my local domain. I use DigitalOcean for hosting this blog, so I was able to configure pfSense manage my Acme certificate updates using a DNS Challenge controlled through DigitalOcean's API (with a key).

I got tired of having to manually download and upload the certificate files to my Synology NAS every few months. I'm already leveraging Ansible for other maintenance drudgery, so yesterday I decided to explore automating it.

Prerequisite: you need to enable the "Write Certificates" option in pfSense's Acme Certificates module. It is a checkbox that can be found if you follow Services -> Acme Certificates -> General Settings:


I'll just cut to the chase here, I have two Github Gists with the Ansible tasks. There are two:

  1. Copy certificates from pfSense to your Ansible workspace:


  1. Copy the certificates to Synology and restart the affected services:


Even if you are not using either pfSense or a Synology, I'm sure these Ansible Tasks could prove useful in your particular situation. Need help? Feel free to leave and comment!

Shoutout to [BIT]arantno and the discection of the certificate layout on the Synology filesystem. You saved me a lot of time!