OPNsense Forum

Hi guys.

Plugin works fine, issued and applied cert using dns-01 validation via AWS.

When I navigate to Services / Let's Encrypt / Settings I see two tabs: Settings and Update Schedule.
If I press Update Schedule it bypasses the list view and opens Edit Job window straight away.
Whatever I press in Edit Job window, Cancel, the x top right button, GUI jumps back to Settings tab.

There is no way to see list of scheduled jobs.

Thanks for great plugin, btw :)  OPNsense 20.7.5-amd64
----------------------
Mini guide to use the os-acme-client plugin:

1. Install acme plugin.
1.1 Enter hostname and domain name in System: Settings: General
2. AWS setup
2.1 Create IAM Policy, appendix a.1
2.2 Create AWS IAM User
3. In OPNsense GUI / Services / Lets Encrypt :
3.1 / Accounts - add new, type name, email.
3.2 Press icon that looks like user - registers Letsencrypt account
3.3 / ChallengeTypes add new
    Challenge Type: dns-01 challenge
    DNS Service:m Route53
    Sleep Time: 30
    AWS ID / Secret: keys from step 2
4. Create certificate
4.1 Services: Let's Encrypt: Certificates make new certificate
    Common Name: hostname.domainname from step 1.1
4.2 Press Issue button (and tail -f /var/log/acme.sh.log)
5. Enable all
    Services: Let's Encrypt: Settings - Enable Plugin
    System: Settings: Administration:  SSL Certificate - select Letsencrypt one.

a.1 Policy
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
                "route53:GetHostedZone",
                "route53:ChangeResourceRecordSets",
                "route53:ListResourceRecordSets"
            ],
            "Resource": "arn:aws:route53:::hostedzone/ZZZZHHHFFFRRR"
        },
        {
            "Sid": "VisualEditor1",
            "Effect": "Allow",
            "Action": [
                "route53:ListHostedZones",
                "route53:GetHostedZoneCount",
                "route53:ListHostedZonesByName"
            ],
            "Resource": "*"
        }
    ]
}

QuoteThere is no way to see list of scheduled jobs.

in fact, these are cron jobs (when you click "Update schedule" it opens cron job properties)
System-settings-Cron

Indeed I see the job in System-settings-Cron, thanks.

How do I create another Lets Encrypt cron job? If I go Services / Let's Encrypt / Settings / Update schedule, the Edit Job popup appears, with the existing (first?) job already selected?

And how can I check the job, please? I can't find it in "crontab -l -u acme" and root's "crontab -l"...

20.7.5 uses new acme-client
i still use 20.7.4 with acme-client 1.0
but i think you still can add another cron job from cron gui (System-settings-Cron) : add new job and select "Renew Let's Encrypt certificates" in "command" drop-down
It checks all Let's Encrypt certificates, check dates, calculates update date and (if its time to update) updates cert.

QuoteAnd how can I check the job

if I understand correctly:
https://github.com/opnsense/plugins/blob/828ced9afaafd0991204020495502b0b84315d08/security/acme-client/src/opnsense/mvc/app/library/OPNsense/AcmeClient/LeCertificate.php
you can see ""issue/renewal not required for certificate: " message in log even if cert renew not required (previous version did not. I made changes to the certhelper.php myself)

Quote from: Fright on November 22, 2020, 11:02:12 AM
20.7.5 uses new acme-client

I may be wrong, but I think fixing this auto opening of Edit Job popup is the way to go.

Quote from: thereaper on November 21, 2020, 01:41:39 PM
If I press Update Schedule it bypasses the list view and opens Edit Job window straight away.

I still think it's done well: since one job serves all the Let's Encrypt certificates and in most cases this is enough. anyone who wants to manage multiple cert jobs can do so through system-settings-cron