Add ACME profile support to acme-client

2026-02-03 20:40:37 -05:00 · 2026-01-20 10:22:47 -06:00 · 2026-01-20 10:22:47 -06:00 · 20ff8e5af4
commit 20ff8e5af4
parent 735eaa545e
4 changed files with 23 additions and 0 deletions
--- a/security/acme-client/src/opnsense/mvc/app/controllers/OPNsense/AcmeClient/forms/dialogCertificate.xml
+++ b/security/acme-client/src/opnsense/mvc/app/controllers/OPNsense/AcmeClient/forms/dialogCertificate.xml
@ -78,6 +78,12 @@
        <type>checkbox</type>
        <help>Generate and add OCSP Must Staple extension to the certificate. When this option is enabled and issueance/renewal requests fail, then this extension is probably not supported by the CA.</help>
    </field>
+    <field>
+        <id>certificate.profile</id>
+        <label>Certificate Profile</label>
+        <type>text</type>
+        <help><![CDATA[Optional. Specify the ACME Certificate Profile to use (e.g. "shortlived"). See CA documentation for available profiles.]]></help>
+    </field>
    <field>
        <label>Advanced Settings</label>
        <type>header</type>
--- a/security/acme-client/src/opnsense/mvc/app/library/OPNsense/AcmeClient/LeCertificate.php
+++ b/security/acme-client/src/opnsense/mvc/app/library/OPNsense/AcmeClient/LeCertificate.php
@ -648,6 +648,9 @@ class LeCertificate extends LeCommon
            $val->setRenewal((int)$renewInterval);
            $val->setForce($this->force);
            $val->setOcsp((string)$this->config->ocsp == 1 ? true : false);
+            if (!empty((string)$this->config->profile)) {
+                $val->setProfile((string)$this->config->profile);
+            }
            // strip prefix from key value
            $val->setKey(substr($this->config->keyLength, 4));
            $val->prepare();
--- a/security/acme-client/src/opnsense/mvc/app/library/OPNsense/AcmeClient/LeValidation/Base.php
+++ b/security/acme-client/src/opnsense/mvc/app/library/OPNsense/AcmeClient/LeValidation/Base.php
@ -280,6 +280,15 @@ abstract class Base extends \OPNsense\AcmeClient\LeCommon
        $this->acme_args[] = $ocsp == true ? '--ocsp' : null;
    }

+    /**
+     * set certificate profile
+     * @param $profile string profile name
+     */
+    public function setProfile(string $profile)
+    {
+        $this->acme_args[] = LeUtils::execSafe('--cert-profile %s', $profile);
+    }
+
    /**
     * set renewal interval
     * @param $interval int specifies the renewal interval in days
--- a/security/acme-client/src/opnsense/mvc/app/models/OPNsense/AcmeClient/AcmeClient.xml
+++ b/security/acme-client/src/opnsense/mvc/app/models/OPNsense/AcmeClient/AcmeClient.xml
@ -260,6 +260,11 @@
                    <Default>0</Default>
                    <Required>N</Required>
                </ocsp>
+                <profile type="TextField">
+                    <Required>N</Required>
+                    <Mask>/^.{1,255}$/u</Mask>
+                    <ValidationMessage>Should be a string between 1 and 255 characters.</ValidationMessage>
+                </profile>
                <restartActions type="ModelRelationField">
                    <Model>
                        <actions>