plugins
plugins copied to clipboard
opnsense
security/acme-client: Update synology deploy hook to support SYNO_OTP_CODE for easier 2FA implementation
Newest "Upload certificate to Synology DSM" Script supports using the OTP Code directly instead of laboriously extracting Device ID and Name from cookies. Would be a nice addition. https://github.com/acmesh-official/acme.sh/wiki/deployhooks
Thank you for creating an issue. Since the ticket doesn't seem to be using one of our templates, we're marking this issue as low priority until further notice.
For more information about the policies for this repository, please read https://github.com/opnsense/plugins/blob/master/CONTRIBUTING.md for further details.
The easiest option to gain traction is to close this ticket and open a new one using one of our templates.
Currently these changes are only available in acme.sh git repository. We'll need a new release of acme.sh that includes these changes. Afterwards we'll continue here and may make the required changes to Acme Client.
Has any progress been made on this? The Synology Deploy Hook is still broken and every time my certificate renews, I have to manually export from opnsense and import into Synology. I would love for the automation to work again! 😁
Newest "Upload certificate to Synology DSM" Script supports using the OTP Code directly instead of laboriously extracting Device ID and Name from cookies. Would be a nice addition.
@Podden I've read the documentation for the Synology deploy hook... could you please elaborate what should be changed in the Acme Client?
The Synology Deploy Hook is still broken
@jacobgraf You may want to retry after updating OPNsense to 24.7.5. However, this issue is not about a broken synology implementation, so you're probably facing a different problem (which should be discussed in its own issue).
@fraenki I did try as soon as 27.4.5 was released and still no luck. I only say it's broken because it worked fine using the old method of providing a device ID for a saved 2-factor device. Now it just won't work at all. I've tried everything I can think of. So for the last 4-6 months, I've been manually exporting my cert from OPNsense and importing it into Synology. I REALLY want to get the deploy hook fixed tho. Any ideas what I need to do in order to get it working again? I've tried setting the log level up to Debug 3, and don't see anything that stands out as the issue.
Any ideas what I need to do in order to get it working again?
I don't know. You may want to post your question on the forum or report a bug to acme.sh. There are many reports of issues with this deploy hook: https://github.com/acmesh-official/acme.sh/issues?q=is%3Aissue+is%3Aopen+synology
@Podden I've read the documentation for the Synology deploy hook... could you please elaborate what should be changed in the Acme Client?
FWIW, a new "OTP Code" input field will be available for the Synology automation in version 4.7 of Acme Client.
@Podden I've read the documentation for the Synology deploy hook... could you please elaborate what should be changed in the Acme Client?
FWIW, a new "OTP Code" input field will be available for the Synology automation in version 4.7 of Acme Client.
Looks like it just came out so thanks! One point of clarification, how does this work? It says enter "OTP Code", but I'm assuming this doesn't mean a current OTP Code, but instead the OTP passphrase used to generate the code? If the former, assuming as soon as I "save", it goes out and authenticates and automatically updates the Device ID?
In any case, it would be awesome to add a little more information in the help text as to what it's asking for and how it works.
@jacobgraf I don't know, because I don't use Synology. You may want to check the documentation for the synology hook: https://github.com/acmesh-official/acme.sh/wiki/deployhooks#20-deploy-the-certificate-to-synology-dsm