Merge pull request #296 from PiBa-NL/acme_0.1.6

pfsense · Feb 7, 2017 · f50c4f4 · f50c4f4
2 parents b9ec42b + 0cf2d9c
commit f50c4f4
Show file tree

Hide file tree

Showing 4 changed files with 22 additions and 6 deletions.
diff --git a/security/pfSense-pkg-acme/Makefile b/security/pfSense-pkg-acme/Makefile
@@ -1,7 +1,7 @@
 # $FreeBSD$
 
 PORTNAME=	pfSense-pkg-acme
-PORTVERSION=	0.1.8
+PORTVERSION=	0.1.9
 CATEGORIES=	security
 MASTER_SITES=	# empty
 DISTFILES=	# empty

diff --git a/security/pfSense-pkg-acme/files/usr/local/pkg/acme/acme.inc b/security/pfSense-pkg-acme/files/usr/local/pkg/acme/acme.inc
@@ -502,6 +502,7 @@ function & get_certificate($name) {
 			$certificatepsk = getCertificatePSK($url, $certificate, $domainstosign[0]);
 			$acmesh = new acme_sh($certificate['name'], $url);
 			$action = $renew == true ? "renew" : "issue";
+			$acmesh->dnssleep = $certificate['dnssleep'];
 			$acmesh->signCertificate($action, $accountkey, $certificatepsk, $domainstosign, $method, $envvariables, $extras);
 		}
 	}

diff --git a/security/pfSense-pkg-acme/files/usr/local/pkg/acme/acme_sh.inc b/security/pfSense-pkg-acme/files/usr/local/pkg/acme/acme_sh.inc
@@ -27,6 +27,7 @@ class acme_sh {
 	private $path_account;
 	private $name;
 	private $debug = true;
+	public $dnssleep;
 
 	private function execacmesh($command, $envvariables = null) {
 		$command = "/usr/local/pkg/acme/acme.sh " . $command;
@@ -138,6 +139,9 @@ class acme_sh {
 		} else {
 			$cmdparameters = " --webroot pfSenseacme";
 		}
+		if (is_numericint($this->dnssleep)) {
+			$cmdparameters .= " --dnssleep " . escapeshellarg($this->dnssleep);
+		}
 
 		$Le_Domain = $domainstosign[0];
 		$certpath = "{$this->acmeconf}{$Le_Domain}/";

diff --git a/security/pfSense-pkg-acme/files/usr/local/www/acme/acme_certificates_edit.php b/security/pfSense-pkg-acme/files/usr/local/www/acme/acme_certificates_edit.php
@@ -56,7 +56,8 @@
 global $simplefields;
 $simplefields = array(
 	"name","desc","status",
-	"acmeaccount","keylength","renewafter"
+	"acmeaccount","keylength",
+	"dnssleep","renewafter"
 );
 
 
@@ -147,7 +148,7 @@ function customdrawcell_actions($object, $item, $itemvalue, $editable, $itemname
 }
 if (isset($id) && $a_certificates[$id]) {
 	$a_domains = $a_certificates[$id]['a_domainlist']['item'];
-	$a_actions = $a_certificates[$id]['a_actions']['item'];
+	$a_actions = $a_certificates[$id]['a_actionlist']['item'];
 
 	$pconfig["lastrenewal"] = $a_certificates[$id]["lastrenewal"];
 	foreach($simplefields as $stat) {
@@ -344,14 +345,24 @@ function updatevisibility()
 	'Domain SAN list', 
 	"List all domain names that should be included in the certificate here, and how to validate ownership by use of a webroot or dns challenge<br/>"
 	. "Examples:<br/>"
-	. "/usr/local/www/.well-known/acme-challenge/<br/>"
-	. "/tmp/haproxy_chroot/.well-known/acme-challenge/"
+	. "Domainname: www.example.com<br/>"
+	. "Method: Webroot ,Rootfolder: /usr/local/www/.well-known/acme-challenge/<br/>"
+	. "Method: Webroot ,Rootfolder: /tmp/haproxy_chroot/haproxywebroot/.well-known/acme-challenge/"
 	. $domainslist->Draw($a_domains)
 ));
 
+$section->addInput(new \Form_Input(
+	'dnssleep',
+	'DNS-Sleep',
+	'number',
+	$pconfig['dnssleep'],
+	['min' => '1', 'max' => '3600']
+))->setHelp('When using a DNS validation method configure how much time to wait before atempting verification after the txt records are added. Defaults to 120 seconds.');
+
+
 $section->addInput(new \Form_StaticText(
 	'Actions list', 
-	"Used to restart webserver processes this certificate has been renewed<br/>Examples:<br/>/etc/rc.restart_webgui<br/>/usr/local/etc/rc.d/haproxy.sh restart".
+	"Used to restart webserver processes after this certificate has been renewed<br/>Examples:<br/>/etc/rc.restart_webgui<br/>/usr/local/etc/rc.d/haproxy.sh restart".
 	$actionslist->Draw($a_actions)
 ));