security/acme-client: import attempted from wrong path

[backerman]

Important notices
Before you add a new report, we ask you kindly to acknowledge the following:

• I have read the contributing guide lines at https://github.com/opnsense/plugins/blob/master/CONTRIBUTING.md
• I have searched the existing issues, open and closed, and I'm convinced that mine is new.
• The title contains the plugin to which this issue belongs

Describe the bug

When a certificate challenge is passed, the certificate/key/chain/etc. are stored in /var/etc/acme-client/cert-home/(certificate ID)/(SAN)/, and the host's certificate and key files begin with the SAN. The import command attempts to find them in /var/etc/acme-client/cert-home/(certificate ID)/ with filenames that don't contain the SAN, which fails.

This functionality worked without issue in the 24.7 series.

To Reproduce
Steps to reproduce the behavior:

1. Go to the "Certificates" pane in the ACME Client menu.
2. Click the issue/renew button.
3. Check the "ACME Log" tab of the "Log Files" pane for the output paths; observe that they are as described above.
4. Check the "System Log" tab; observe that there is a file not found message for cert.pem in the wrong directory as described.

Expected behavior
The import command imports the certificate from the correct directory, and import is therefore successful.

Screenshots
If applicable, add screenshots to help explain your problem.

Relevant log files
System Log:

2025-02-15T00:17:52	opnsense	AcmeClient: unable to import certificate [SAN], file not found: /var/etc/acme-client/certs/[cert ID]/cert.pem
2025-02-14T09:42:08	opnsense	AcmeClient: failed to import certificate: [SAN]
2025-02-14T09:42:08	opnsense	AcmeClient: unable to import certificate [SAN], file not found: /var/etc/acme-client/certs/[cert ID]/cert.pem
2025-02-14T09:42:08	opnsense	AcmeClient: successfully issued/renewed certificate: [SAN]
2025-02-14T09:42:08	opnsense	AcmeClient: AcmeClient: The shell command returned exit code '0': '/usr/local/sbin/acme.sh --renew --syslog 6 --log-level 1 --server 'letsencrypt' --dns 'dns_azure' --dnssleep '120' --home '/var/etc/acme-client/home' --cert-home '/var/etc/acme-client/cert-home/[cert ID]' --certpath '/var/etc/acme-client/certs/[cert ID]/cert.pem' --keypath '/var/etc/acme-client/keys/[cert ID]/private.key' --capath '/var/etc/acme-client/certs/[cert ID]/chain.pem' --fullchainpath '/var/etc/acme-client/certs/[cert ID]/fullchain.pem' --domain '[SAN]' --domain '[SAN]' --days '1' --keylength '4096' --accountconf '/var/etc/acme-client/accounts/[cert ID]_prod/account.conf''

ACME Log:

2025-02-14T09:42:08	acme.sh	[Fri Feb 14 09:42:08 UTC 2025] And the full-chain cert is in: /var/etc/acme-client/cert-home/[cert ID]/[SAN]/fullchain.cer
2025-02-14T09:42:08	acme.sh	[Fri Feb 14 09:42:08 UTC 2025] The intermediate CA cert is in: /var/etc/acme-client/cert-home/[cert ID]/[SAN]/ca.cer
2025-02-14T09:42:08	acme.sh	[Fri Feb 14 09:42:08 UTC 2025] Your cert key is in: /var/etc/acme-client/cert-home/[cert ID]/[SAN]/[SAN].key
2025-02-14T09:42:08	acme.sh	[Fri Feb 14 09:42:08 UTC 2025] Your cert is in: /var/etc/acme-client/cert-home/[cert ID]/[SAN]/[SAN].cer
2025-02-14T09:42:08	acme.sh	[Fri Feb 14 09:42:08 UTC 2025] Cert success.
2025-02-14T09:42:08	acme.sh	[Fri Feb 14 09:42:08 UTC 2025] Le_LinkCert='https://acme-v02.api.letsencrypt.org/acme/cert/[cert serial]/'

Additional context
Add any other context about the problem here.

Environment
Software version used and hardware type if relevant.
e.g.:

OPNsense 25.1.1 (amd64).
os-acme-client 4.8
acme.sh 3.1.0

[imightbelosthere]

I'm on the 24.7.12 version and I'm having the same issue on the automation.
Software versions I have:
OPNSense 24.7.12
os-acme-client 4.7
acme.sh 3.1.0