Certificates are spread all over the /usr/syno/etc/certificate directory structure, depending on the services used. Let the system do the hard work finding out.

Synology-NAS-Guide.md

@@ -77,19 +77,27 @@ In DSM control panel, open the 'Task Scheduler' and create a new scheduled task
 
 ```
 # Note: The $CERT_FOLDER must be hardcoded here since the running environment is unknown. Don't blindly copy&paste
-# system default
+# change this sample directory name "AsDFgH" to the name of your Let's Encrypt cert directory
-rsync -avzh "$CERT_FOLDER" "/usr/syno/etc/certificate/system/default/"
+
-# smbftp
+CERTDIR="AsDFgH"
-rsync -avzh "$CERT_FOLDER" "/usr/syno/etc/certificate/smbftpd/ftpd"
+
-# app portal
+# do not change anything beyond this line!
-while read -r dir ; do
+
-	rsync -avzh "$CERT_FOLDER" "$dir"
+CERTROOTDIR="/usr/syno/etc/certificate"
-done < <(find /usr/syno/etc/certificate/ReverseProxy -maxdepth 1 -mindepth 1 -type d)
+FULLCERTDIR="$CERTROOTDIR/_archive/$CERTDIR"
-# reverse proxy
+
-while read -r dir ; do
+# find all subdirectories containing cert.pem files
-	rsync -avzh "$CERT_FOLDER" "$dir"
+PEMFILES=$(find $CERTROOTDIR -name cert.pem)
-done < <(find /usr/syno/etc/certificate/AppPortal -maxdepth 1 -mindepth 1 -type d)
+if [ ! -z "$PEMFILES" ]; then
-# reload certificate
+        for DIR in $PEMFILES; do
+                # replace all certificates, but not the ones in the _archive folder
+                if [[ $DIR != *"/_archive/"* ]]; then
+                        rsync -avh "$FULLCERTDIR/" "$(dirname $DIR)/"
+                fi
+        done
+fi
+
+# reload
 /usr/syno/sbin/synoservicectl --reload nginx
 ```
 Now you should be all good.