OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of cat /dev/random »
  • Show Posts »
  • Messages
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Messages - cat /dev/random

Pages: [1]
1
22.1 Legacy Series / Re: Questions about custom scripts with confd and ACME client
« on: March 27, 2022, 08:55:53 pm »
It looks like this is not possible at the moment. In the past, this was an "ask" but was never properly or fully implemented.

https://github.com/opnsense/plugins/issues/2627

It is not enough to upload the key material to the remote host... you must further process the key material into a format that the java based application on the remote host can work with. The discussion in #2627 mentions this but there is no workaround or solution.


An updated issue was created to address this... but no progress:

https://github.com/opnsense/plugins/issues/2757


Does anybody have any context / background as to the decision to re-implement acme client hooks?

2
22.1 Legacy Series / Questions about custom scripts with confd and ACME client
« on: March 27, 2022, 08:43:55 pm »
Hi all.

I have a remote server running the Unifi management application. I wish to upload a certificate from Lets Encrypt onto the server every time the ACME client successfully re-issues it.

I have managed to create a basic actions_unifi.confand can then invoke it with configctl after I service configd restart.

The command is even listed in the web UI for possible actions to take... so I think I have all the plumbing in place.

My question

- Where/How can I get the certificate material locations on disk passed into the automation?

In the logs, I see things like


Code: [Select]
acme.sh [Sun Mar 27 11:37:35 PDT 2022] Installing full chain to: /var/etc/acme-client/certs/$SomeUUIDLookingStringHere/fullchain.pem

But when I dump the env/args passed to the command, I see nothing:

Code: [Select]
===== Sun Mar 27 11:37:35 PDT 2022 =====
test script called when configctl unifi upload is called
===== ARGS =====

===== END ARGS =====
===== ENV =====
PWD=/usr/local/opnsense/service
HOME=/
SHLVL=1
REQUESTS_CA_BUNDLE=/etc/ssl/cert.pem
PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin
_=/usr/bin/env
===== END ENV=====
===== END =====


I need to know where on disk the certificate files are located if I am going to later move them to their desired server.  How can I get the information from the acme client passed along to the command that I have created?


Here's what I'm using for tests:


Code: [Select]
root@OPNsense:/usr/local/opnsense/service/conf/actions.d # cat actions_unifi.conf
[upload]
command:/usr/local/opnsense/scripts/unifi/upload_and_restart.sh >> /usr/local/opnsense/scripts/unifi/test.log
parameters:
type:script_output
message:Installing certificate to
description:Script to upload certificate material to Unifi CloudKey

Code: [Select]
root@OPNsense:/usr/local/opnsense/scripts/unifi # cat upload_and_restart.sh
#!/usr/bin/env bash
#####
echo "===== $(date) ====="
# Test
echo "hi, from the test script"
# dump all cli args
echo "===== ARGS ====="
echo "$@"
echo "===== END ARGS ====="
# dump env
echo "===== ENV ====="
env
echo "===== END ENV====

Pages: [1]
OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2