pfSense

cert_get_all_services in utils.inc doesn't look to see if unbound is using the referenced cert.
https://github.com/pfsense/pfsense/blob/RELENG_2_7_1/src/etc/inc/certs.inc#L1822

This causes a problem because then using cert_restart_services() with the results won't restart unbound.

I see a forum thread from 2020 that might be someone running into this problem.
https://forum.netgate.com/topic/151740/how-to-restart-unbound-on-renew-of-certificate

I'm working on automating cert deployment from an external cert repo, and having one call to restart all related services built in would be nice. It is just missing unbound.

Here is a pfsense shell snipit that shows that the cert refs match, but unbound doesn't show up.

Netgate pfSense Plus shell: print("\ncert ref: ");
print_r($config['cert'][0]['refid']);
print("\nunbound cert ref: ");
print_r($config['unbound']['sslcertref']);
$sslref=$config['cert'][0]['refid'];
cert_get_all_services($sslref);
$services = cert_get_all_services($sslref);
print("\n\nServices with ref\n");
print_r($services);
print("\nRef is in use?: ");
print_r(cert_in_use($sslref));
print("\nUnbound ref is in use check: ");
print_r(is_unbound_cert($sslref));
print("\n\n");
Netgate pfSense Plus shell: exec

cert ref: 656e15639b149
unbound cert ref: 656e15639b149

Services with ref
Array
(
[services] => Array
(
[0] => Array
(
[name] => captiveportal
[extras] => Array
(
[zone] => cpzone
)

)

)

[packages] => Array
        (
        )

[webgui] => 1
)

Ref is in use?: 1
Unbound ref is in use check: 1