Hi @matias,
I had already linked to their example hook file which sets up the basic structure. You’d have to add your customisation to the deploy_cert
function.
For me it looks like the following:
deploy_cert() {
local DOMAIN="${1}" KEYFILE="${2}" CERTFILE="${3}" FULLCHAINFILE="${4}" CHAINFILE="${5}" TIMESTAMP="${6}"
case $1 in
domain.synology.com|domain.new-synology.com)
CERT_DIR=$(ssh -y -i /data/id_rsa $DOMAIN "cat /usr/syno/etc/certificate/_archive/DEFAULT")
scp -i /data/id_rsa /etc/dehydrated/certs/${DOMAIN}/{cert.pem,fullchain.pem,privkey.pem} $DOMAIN:/usr/syno/etc/certificate/_archive/${CERT_DIR}/
scp -i /data/id_rsa /etc/dehydrated/certs/${DOMAIN}/{cert.pem,fullchain.pem,privkey.pem} $DOMAIN:/usr/syno/etc/certificate/system/default/
ssh -y -i /data/id_rsa $DOMAIN /usr/syno/sbin/synoservicectl --restart nginx 2>&1
;;
[...]
esac
}
Although I must say that I am for a while already toying with the idea to replace the direct connection (through ssh/scp) with a middle step to upload the obtained certs into Hasicorp Vault and then let the other system fetch it from there.