Want to use cert generated by Caddy for my postgres ssl connection

timelordx · March 26, 2025, 3:06am

One possible solution could be creating a cron job script to check the certificate in Caddy’s certificate folder and compare it with the one used by Postgres.

The script would compare their hashes, and if they differ, it would copy the new certificate from Caddy’s folder to Postgres’ folder, update the key/certificate file ownership, and reload the Postgres service.

There’s some relevant information here:

github.com/timelordx/synology-cert-deploy

synology-cert-deploy.sh

main


      
          ## Check if new and default Synology certificates differ and deploy if needed
          grep -q "$syno_cert_md5" <<< "$cert_pem_md5"
          deploy_default=$?
          [[ $force -eq 1 ]] && deploy_default=1
          if [[ $deploy_default -eq 1 ]]; then
            echo "[default] deploying certificate to ${syno_cert_default_name}"
            if [[ $dry_run -ne 1 ]]; then
              echo "$privkey_pem"   > "${syno_cert_default_dir}/privkey.pem"
              echo "$cert_pem"      > "${syno_cert_default_dir}/cert.pem"
              echo "$fullchain_pem" > "${syno_cert_default_dir}/fullchain.pem"
              echo "$chain_pem"     > "${syno_cert_default_dir}/chain.pem"
            fi
          fi

github.com/timelordx/synology-cert-deploy

synology-helper-example.sh

main


      
          ## Find the directory containing the most recent file matching your search filter and search location
          search_result="$( find "$search_location" -type f -name "$search_filter" -exec ls -t {} +  2>/dev/null | head -n 1 )"
          [[ -z "$search_result" ]] && fatal_error "empty search resut for the provided search filter and search location!"
          search_result_dir="$( dirname "$search_result" )"