ACME-Client (Automation to Synology issue)

[GitTimeraider]

Important notices
Before you add a new report, we ask you kindly to acknowledge the following:

• [ X] I have read the contributing guide lines at https://github.com/opnsense/plugins/blob/master/CONTRIBUTING.md
• [ X] I have searched the existing issues, open and closed, and I'm convinced that mine is new.
• [ X] The title contains the plugin to which this issue belongs

Describe the bug
A clear and concise description of what the bug is, including last known working version (if any).

When using the automation rule "Upload certificate to Synology DSM", it fails to authenticate on the Synology NAS.
The user login used is an admin account, IP and port as correctly set from DSM settings.
Synology 720+ with DSM 7.2.2-72806
So far tried:

• https and https
• the actual base admin account instead of a new one
• turning off any security I had on the NAS

Tip: to validate your setup was working with the previous version, use opnsense-revert (https://docs.opnsense.org/manual/opnsense_tools.html#opnsense-revert)

To Reproduce
Steps to reproduce the behavior:
Set up an ACME certificate renewal (which does work)
Create an user on the Synolgy NAS and add him to the Administrator group
Create an "Upload certificate to Synology DSM" automation rule in the ACME-client plugin UI.
Try running the automation, it fails.

Expected behavior
A clear and concise description of what you expected to happen.
An certificate being created and/or renewed on the Synology NAS

Screenshots
If applicable, add screenshots to help explain your problem.

Relevant log files
If applicable, information from log files supporting your claim.

new 1.txt

Additional context
Add any other context about the problem here.

Environment
Router
OPNsense 24.7.6-amd64
ACME plugin 4.6

NAS
Synology NAS 7.2.2-72806

[GitTimeraider]

Ok.. even when I change the IP address in the automation, it still tries to authenticate against the old IP even though that automation doesnt exist anymore.
I think something is going wrong there... any locations I can check out where it saves automations or something?

Every single time it runs it logs:
Domain config new key exists, old key SYNO_Port='5010' has been removed.
The thing is though that I for example want it to use 5010 and the UI has 5010 filled it, but then it removes that and takes a different port.. because F me I guess?

[GitTimeraider]

Ok.. found the issue. The ACME-client plugin seems to save automation settings together with the certificate settings somewhere (dont ask me where.. if I knew I would have wiped that stuff out into space already)
So the only way was to make a new certificate in the ACME client and then it did pick up the changes in automation.
So... why or where?
Because I do NOT want to have to recreate certificates just to adjust automation rules simply because the plugin doesnt seem to be able to clean those settings up correctly.

[MarkusLandgren]

The ACME-client plugin seems to save automation settings together with the certificate settings somewhere (dont ask me where.. if I knew I would have wiped that stuff out into space already)

I have been struggling with the same thing, but was able to find the saved parameters in the file located with:

find /var/etc/acme-client/cert-home/ -name "*.conf" | xargs grep SYNO

Editing that file allowed me to run the automation with the desired port and other parameters. I have not found a proper way of doing this through the web UI.