Template variables for ACME actions?



  • First of all: this is by far the best package for pfsense. I like it very much. So big thanks to the devels ☺

    One thing I'm really missing is the ability to use template variables in acme actions section. It would be very helpful (time and error saving) If one could use variables in actions something like that would be possible

    sed -n w/tmp/acme/%NAME/%DOMAIN/%DOMAIN.pem /tmp/acme/%NAME/%DOMAIN/%DOMAIN.key /tmp/acme/%NAME/%DOMAIN/%DOMAIN.cer
    

    especially if there are many actions and you have a lot of certs to manage that would make it a lot easier. Just clone a cert, change some values like name and domain and save it. No need to touch the actions if the new cert uses the same actions as the "old" one.

    Is there already such possibility in current acme package? If not would this be considered a feature request for current releases of the package?

    Thanks && have a good one

    tobi



  • @jahlives said in Template variables for ACME actions?:

    you have a lot of certs to manage

    On a firewall ??

    Although I do understand the question.
    I'm using the 'classic' acme.sh on my web servers, who live "some where on the Internet" (dedicated servers).

    I'm using a deploy script file, called when acme retrieved a cert :

    ......
     check_path="/root/.acme.sh/${Le_Domain}/${Le_Domain}.conf"
     destination="/etc/ssl/"
     destinationdir=${destination}${Le_Domain}
           if [ -f $check_path ]; then
                   if [ ! -d $destinationdir ]; then
                           mkdir $destinationdir
                   fi
                   cat $CERT_KEY_PATH $CERT_FULLCHAIN_PATH ${destination}dh/RSA4096.pem > ${destinationdir}/${Le_Domain}.pem
                   cp $CERT_KEY_PATH ${destinationdir}/${Le_Domain}.key
                   chmod 400 ${destinationdir}/${Le_Domain}.pem
                   chmod 400 ${destinationdir}/${Le_Domain}.key
                   service apache2 reload >/dev/null
                   service postfix reload >/dev/null
    .....
    

    Variables like ${Le_Domain} are stored in the 'env' when acme.sh calls this script, that is, when --deploy-hook is used.

    pfSense doesn't work / use this option.

    You could write up a feature request https://redmine.pfsense.org/projects/pfsense/issues?set_filter=1&tracker_id=2



  • @Gertjan said in Template variables for ACME actions?:

    On a firewall ??

    at least not in my case ;-) This pfsense box works as server in my network and not as router/firewall. But fully agree that Cert/Key handling should not take place on a firewall.
    I use acme.sh on my servers for quite a while now. Works like charm, but I like the GUI to manage the LE stuff ;-)

    You could write up a feature request https://redmine.pfsense.org/projects/pfsense/issues?set_filter=1&tracker_id=2

    I opened a feature request: https://redmine.pfsense.org/issues/9725


Log in to reply