Template variables for ACME actions?
-
First of all: this is by far the best package for pfsense. I like it very much. So big thanks to the devels
One thing I'm really missing is the ability to use template variables in acme actions section. It would be very helpful (time and error saving) If one could use variables in actions something like that would be possible
sed -n w/tmp/acme/%NAME/%DOMAIN/%DOMAIN.pem /tmp/acme/%NAME/%DOMAIN/%DOMAIN.key /tmp/acme/%NAME/%DOMAIN/%DOMAIN.cer
especially if there are many actions and you have a lot of certs to manage that would make it a lot easier. Just clone a cert, change some values like name and domain and save it. No need to touch the actions if the new cert uses the same actions as the "old" one.
Is there already such possibility in current acme package? If not would this be considered a feature request for current releases of the package?
Thanks && have a good one
tobi
-
@jahlives said in Template variables for ACME actions?:
you have a lot of certs to manage
On a firewall ??
Although I do understand the question.
I'm using the 'classic' acme.sh on my web servers, who live "some where on the Internet" (dedicated servers).I'm using a deploy script file, called when acme retrieved a cert :
...... check_path="/root/.acme.sh/${Le_Domain}/${Le_Domain}.conf" destination="/etc/ssl/" destinationdir=${destination}${Le_Domain} if [ -f $check_path ]; then if [ ! -d $destinationdir ]; then mkdir $destinationdir fi cat $CERT_KEY_PATH $CERT_FULLCHAIN_PATH ${destination}dh/RSA4096.pem > ${destinationdir}/${Le_Domain}.pem cp $CERT_KEY_PATH ${destinationdir}/${Le_Domain}.key chmod 400 ${destinationdir}/${Le_Domain}.pem chmod 400 ${destinationdir}/${Le_Domain}.key service apache2 reload >/dev/null service postfix reload >/dev/null .....
Variables like ${Le_Domain} are stored in the 'env' when acme.sh calls this script, that is, when --deploy-hook is used.
pfSense doesn't work / use this option.
You could write up a feature request https://redmine.pfsense.org/projects/pfsense/issues?set_filter=1&tracker_id=2
-
@Gertjan said in Template variables for ACME actions?:
On a firewall ??
at least not in my case ;-) This pfsense box works as server in my network and not as router/firewall. But fully agree that Cert/Key handling should not take place on a firewall.
I use acme.sh on my servers for quite a while now. Works like charm, but I like the GUI to manage the LE stuff ;-)You could write up a feature request https://redmine.pfsense.org/projects/pfsense/issues?set_filter=1&tracker_id=2
I opened a feature request: https://redmine.pfsense.org/issues/9725