Acme.sh is updating their defaults to use zerossl instead of letsencrypt [0]. This has resulted in errors like: Can not resolve _eab_id When our runs of acme.sh attempt to communicate with zerossl. While the default change isn't supposed to happen until August 1 we hit it early because we consume the dev branch of acme.sh. We avoid this entirely by being explicit about the server to communicate to in our acme.sh driver script. We explicitly set --server to letsencrypt. https://opendev.org/opendev/system-config/commit/3d5d2779d284af52c23af69ae4fc1a99e7ecdcbc?style=unified&whitespace=
Specify `--home` for issue and deploy steps in order to prevent certs being placed in the default `/root/.acme.sh` location (and thus wiped after a DSM update).
Avoid creating a temp directory that starts with a digit, as it breaks several of the `jq -r` commands in `reload-certs.sh`. I discovered that by accident, and it took me quite some time ;)
I have figured out how Synology redistributes certificates to all packages and services and wrote a script to reload only those services, where certificates were changed. It does this in very same way as Synology when refreshing/importing new certificate, so no more need to figure out how to reload affected services. It also perfectly integrates with synology certificate management. As it is to be used directly from --reloadcmd there is no need for such extensive scheduler renewal script.
Adjusted the script to account for the two methods a certificate can be created. Also removed a bug that would erase certificates on the system. Also made sure that the active directory package is not affected as this has it's own certificate.
