Script to import an SSL certificate into a running opnsense system. The webgui will be restarted. The last certifcate in the webgui will be overwritten.
Since the last certifcate will be overwritten:
- the last certificate should be the one to be overwritten
- the certificate must be imported manually for the first time
Ideally, it looks like this before the script run the first time (system/security/certificates in webgui):
- first the self-signed certificate (will not be deleted)
- last the certificate that should get overwritten
- the name of the certificate doesn't matter
php opnsense-import-certificate.php /path/to/certificate.crt /path/to/private/key.pem
Create a renew hook:
acme.sh --renew --dns dns_provider -d first.dom.ain -d '*.first.dom.ain' --renew-hook "php opnsense-import-certificate.php /path/to/certificate.crt /path/to/private/key.pem"
Whenever acme.sh has successfully renewed the certificate, the hook is executed. See the documentation.
Alternatively, you can use deployhooks.