From 20ff8e5af49303701538d45cd12610ec11e5ebaf Mon Sep 17 00:00:00 2001 From: Alexander Pritchard Date: Tue, 20 Jan 2026 10:22:47 -0600 Subject: [PATCH] Add ACME profile support to acme-client --- .../OPNsense/AcmeClient/forms/dialogCertificate.xml | 6 ++++++ .../app/library/OPNsense/AcmeClient/LeCertificate.php | 3 +++ .../library/OPNsense/AcmeClient/LeValidation/Base.php | 9 +++++++++ .../mvc/app/models/OPNsense/AcmeClient/AcmeClient.xml | 5 +++++ 4 files changed, 23 insertions(+) diff --git a/security/acme-client/src/opnsense/mvc/app/controllers/OPNsense/AcmeClient/forms/dialogCertificate.xml b/security/acme-client/src/opnsense/mvc/app/controllers/OPNsense/AcmeClient/forms/dialogCertificate.xml index 703b67d98..4c05f7706 100644 --- a/security/acme-client/src/opnsense/mvc/app/controllers/OPNsense/AcmeClient/forms/dialogCertificate.xml +++ b/security/acme-client/src/opnsense/mvc/app/controllers/OPNsense/AcmeClient/forms/dialogCertificate.xml @@ -78,6 +78,12 @@ checkbox Generate and add OCSP Must Staple extension to the certificate. When this option is enabled and issueance/renewal requests fail, then this extension is probably not supported by the CA. + + certificate.profile + + text + + header diff --git a/security/acme-client/src/opnsense/mvc/app/library/OPNsense/AcmeClient/LeCertificate.php b/security/acme-client/src/opnsense/mvc/app/library/OPNsense/AcmeClient/LeCertificate.php index e45f92ded..0faf0cdf0 100644 --- a/security/acme-client/src/opnsense/mvc/app/library/OPNsense/AcmeClient/LeCertificate.php +++ b/security/acme-client/src/opnsense/mvc/app/library/OPNsense/AcmeClient/LeCertificate.php @@ -648,6 +648,9 @@ class LeCertificate extends LeCommon $val->setRenewal((int)$renewInterval); $val->setForce($this->force); $val->setOcsp((string)$this->config->ocsp == 1 ? true : false); + if (!empty((string)$this->config->profile)) { + $val->setProfile((string)$this->config->profile); + } // strip prefix from key value $val->setKey(substr($this->config->keyLength, 4)); $val->prepare(); diff --git a/security/acme-client/src/opnsense/mvc/app/library/OPNsense/AcmeClient/LeValidation/Base.php b/security/acme-client/src/opnsense/mvc/app/library/OPNsense/AcmeClient/LeValidation/Base.php index 6163abadd..db814ef19 100644 --- a/security/acme-client/src/opnsense/mvc/app/library/OPNsense/AcmeClient/LeValidation/Base.php +++ b/security/acme-client/src/opnsense/mvc/app/library/OPNsense/AcmeClient/LeValidation/Base.php @@ -280,6 +280,15 @@ abstract class Base extends \OPNsense\AcmeClient\LeCommon $this->acme_args[] = $ocsp == true ? '--ocsp' : null; } + /** + * set certificate profile + * @param $profile string profile name + */ + public function setProfile(string $profile) + { + $this->acme_args[] = LeUtils::execSafe('--cert-profile %s', $profile); + } + /** * set renewal interval * @param $interval int specifies the renewal interval in days diff --git a/security/acme-client/src/opnsense/mvc/app/models/OPNsense/AcmeClient/AcmeClient.xml b/security/acme-client/src/opnsense/mvc/app/models/OPNsense/AcmeClient/AcmeClient.xml index f8ad82cec..97d4be717 100644 --- a/security/acme-client/src/opnsense/mvc/app/models/OPNsense/AcmeClient/AcmeClient.xml +++ b/security/acme-client/src/opnsense/mvc/app/models/OPNsense/AcmeClient/AcmeClient.xml @@ -260,6 +260,11 @@ 0 N + + N + /^.{1,255}$/u + Should be a string between 1 and 255 characters. +