Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Template variables for ACME actions?

    Scheduled Pinned Locked Moved ACME
    3 Posts 2 Posters 743 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jahlives
      last edited by

      First of all: this is by far the best package for pfsense. I like it very much. So big thanks to the devels ☺

      One thing I'm really missing is the ability to use template variables in acme actions section. It would be very helpful (time and error saving) If one could use variables in actions something like that would be possible

      sed -n w/tmp/acme/%NAME/%DOMAIN/%DOMAIN.pem /tmp/acme/%NAME/%DOMAIN/%DOMAIN.key /tmp/acme/%NAME/%DOMAIN/%DOMAIN.cer
      

      especially if there are many actions and you have a lot of certs to manage that would make it a lot easier. Just clone a cert, change some values like name and domain and save it. No need to touch the actions if the new cert uses the same actions as the "old" one.

      Is there already such possibility in current acme package? If not would this be considered a feature request for current releases of the package?

      Thanks && have a good one

      tobi

      GertjanG 1 Reply Last reply Reply Quote 0
      • GertjanG
        Gertjan @jahlives
        last edited by Gertjan

        @jahlives said in Template variables for ACME actions?:

        you have a lot of certs to manage

        On a firewall ??

        Although I do understand the question.
        I'm using the 'classic' acme.sh on my web servers, who live "some where on the Internet" (dedicated servers).

        I'm using a deploy script file, called when acme retrieved a cert :

        ......
         check_path="/root/.acme.sh/${Le_Domain}/${Le_Domain}.conf"
         destination="/etc/ssl/"
         destinationdir=${destination}${Le_Domain}
               if [ -f $check_path ]; then
                       if [ ! -d $destinationdir ]; then
                               mkdir $destinationdir
                       fi
                       cat $CERT_KEY_PATH $CERT_FULLCHAIN_PATH ${destination}dh/RSA4096.pem > ${destinationdir}/${Le_Domain}.pem
                       cp $CERT_KEY_PATH ${destinationdir}/${Le_Domain}.key
                       chmod 400 ${destinationdir}/${Le_Domain}.pem
                       chmod 400 ${destinationdir}/${Le_Domain}.key
                       service apache2 reload >/dev/null
                       service postfix reload >/dev/null
        .....
        

        Variables like ${Le_Domain} are stored in the 'env' when acme.sh calls this script, that is, when --deploy-hook is used.

        pfSense doesn't work / use this option.

        You could write up a feature request https://redmine.pfsense.org/projects/pfsense/issues?set_filter=1&tracker_id=2

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        J 1 Reply Last reply Reply Quote 0
        • J
          jahlives @Gertjan
          last edited by

          @Gertjan said in Template variables for ACME actions?:

          On a firewall ??

          at least not in my case ;-) This pfsense box works as server in my network and not as router/firewall. But fully agree that Cert/Key handling should not take place on a firewall.
          I use acme.sh on my servers for quite a while now. Works like charm, but I like the GUI to manage the LE stuff ;-)

          You could write up a feature request https://redmine.pfsense.org/projects/pfsense/issues?set_filter=1&tracker_id=2

          I opened a feature request: https://redmine.pfsense.org/issues/9725

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.