Merge pull request #5379 from fraenki/acme_416

security/acme-client: release 4.16
2026-04-15 14:10:52 -04:00 · 2026-04-13 17:28:09 +02:00 · 2026-04-13 17:28:09 +02:00 · 09bc774f34
commit 09bc774f34
parent 12f88282d9 a5e06c504a
8 changed files with 105 additions and 13 deletions
--- a/security/acme-client/Makefile
+++ b/security/acme-client/Makefile
@ -1,5 +1,5 @@
 PLUGIN_NAME=		acme-client
-PLUGIN_VERSION=		4.15
+PLUGIN_VERSION=		4.16
 PLUGIN_COMMENT=		ACME Client
 PLUGIN_MAINTAINER=	opnsense@moov.de
 PLUGIN_DEPENDS=		acme.sh py${PLUGIN_PYTHON}-dns-lexicon
--- a/security/acme-client/pkg-descr
+++ b/security/acme-client/pkg-descr
@ -8,6 +8,17 @@ WWW: https://github.com/acmesh-official/acme.sh
 Plugin Changelog
 ================

+4.16
+
+Added:
+* add support for Active24 API v2 (#5381)
+
+Changed:
+* credentials for Active24 DNSAPI must be entered again (#5381)
+
+Fixed:
+* fix incorrect naming scheme of TrueNAS WS automation
+
 4.15

 Added:
--- a/security/acme-client/src/opnsense/mvc/app/controllers/OPNsense/AcmeClient/forms/dialogAction.xml
+++ b/security/acme-client/src/opnsense/mvc/app/controllers/OPNsense/AcmeClient/forms/dialogAction.xml
@ -398,22 +398,22 @@
    <field>
        <label>Required Parameters</label>
        <type>header</type>
-        <style>method_table method_table_acme_truenasws</style>
+        <style>method_table method_table_acme_truenas_ws</style>
    </field>
    <field>
-        <id>action.acme_truenasws_apikey</id>
+        <id>action.acme_truenas_ws_apikey</id>
        <label>TrueNAS API key</label>
        <type>text</type>
        <help>API key generated in the TrueNAS web UI.</help>
    </field>
    <field>
-        <id>action.acme_truenasws_hostname</id>
+        <id>action.acme_truenas_ws_hostname</id>
        <label>TrueNAS hostname</label>
        <type>text</type>
        <help>Hostname or IP address of TrueNAS Server.</help>
    </field>
    <field>
-        <id>action.acme_truenasws_protocol</id>
+        <id>action.acme_truenas_ws_protocol</id>
        <label>TrueNAS protocol</label>
        <type>dropdown</type>
        <help>Connection scheme that will be used when uploading certificates to TrueNAS Server.</help>
--- a/security/acme-client/src/opnsense/mvc/app/controllers/OPNsense/AcmeClient/forms/dialogValidation.xml
+++ b/security/acme-client/src/opnsense/mvc/app/controllers/OPNsense/AcmeClient/forms/dialogValidation.xml
@ -137,10 +137,15 @@
        <style>table_dns table_dns_active24</style>
    </field>
    <field>
-        <id>validation.dns_active24_token</id>
-        <label>Token</label>
+        <id>validation.dns_active24_api_key</id>
+        <label>API Key</label>
        <type>text</type>
    </field>
+    <field>
+        <id>validation.dns_active24_api_secret</id>
+        <label>API Secret</label>
+        <type>password</type>
+    </field>
    <field>
        <label>Alwaysdata</label>
        <type>header</type>
@ -662,6 +667,7 @@
        <id>validation.dns_hostingde_server</id>
        <label>Server URL</label>
        <type>text</type>
+        <help>Enter the API endpoint, e.g. https://secure.hosting.de or https://partner.http.net.</help>
    </field>
    <field>
        <id>validation.dns_hostingde_apiKey</id>
--- a/security/acme-client/src/opnsense/mvc/app/library/OPNsense/AcmeClient/LeAutomation/AcmeTruenasWs.php
+++ b/security/acme-client/src/opnsense/mvc/app/library/OPNsense/AcmeClient/LeAutomation/AcmeTruenasWs.php
@ -35,7 +35,7 @@ use OPNsense\AcmeClient\LeAutomationInterface;
 * Run acme.sh deploy hook truenas_ws
 * @package OPNsense\AcmeClient
 */
-class AcmeTruenasWS extends Base implements LeAutomationInterface
+class AcmeTruenasWs extends Base implements LeAutomationInterface
 {
    public function prepare()
    {
--- a/security/acme-client/src/opnsense/mvc/app/library/OPNsense/AcmeClient/LeValidation/DnsActive24.php
+++ b/security/acme-client/src/opnsense/mvc/app/library/OPNsense/AcmeClient/LeValidation/DnsActive24.php
@ -1,6 +1,7 @@
 <?php

 /*
+ * Copyright (C) 2026 Frank Wall
 * Copyright (C) 2022 Jan Winkler
 * All rights reserved.
 *
@ -39,6 +40,7 @@ class DnsActive24 extends Base implements LeValidationInterface
 {
    public function prepare()
    {
-        $this->acme_env['ACTIVE24_Token'] = (string)$this->config->dns_active24_token;
+        $this->acme_env['Active24_ApiKey'] = (string)$this->config->dns_active24_api_key;
+        $this->acme_env['Active24_ApiSecret'] = (string)$this->config->dns_active24_api_secret;
    }
 }
--- a/security/acme-client/src/opnsense/mvc/app/models/OPNsense/AcmeClient/AcmeClient.xml
+++ b/security/acme-client/src/opnsense/mvc/app/models/OPNsense/AcmeClient/AcmeClient.xml
@ -1,6 +1,6 @@
 <model>
    <mount>//OPNsense/AcmeClient</mount>
-    <version>4.3.1</version>
+    <version>4.4.0</version>
    <description>A secure ACME Client plugin</description>
    <items>
        <settings>
@ -552,9 +552,12 @@
                    <ValidationMessage>Please specify a value between 0 and 84600 seconds.</ValidationMessage>
                    <Required>Y</Required>
                </dns_sleep>
-                <dns_active24_token type="TextField">
+                <dns_active24_api_key type="TextField">
                    <Required>N</Required>
-                </dns_active24_token>
+                </dns_active24_api_key>
+                <dns_active24_api_secret type="TextField">
+                    <Required>N</Required>
+                </dns_active24_api_secret>
                <dns_ad_key type="TextField">
                    <Required>N</Required>
                </dns_ad_key>
@ -1431,7 +1434,7 @@
                        <acme_vault>Upload certificate to HashiCorp Vault</acme_vault>
                        <acme_synology_dsm>Upload certificate to Synology DSM</acme_synology_dsm>
                        <acme_truenas>Upload certificate to TrueNAS Server (deprecated API)</acme_truenas>
-                        <acme_truenasws>Upload certificate to TrueNAS Server (Websocket API)</acme_truenasws>
+                        <acme_truenas_ws>Upload certificate to TrueNAS Server (Websocket API)</acme_truenas_ws>
                        <acme_zyxel_gs1900>Upload certificate to Zyxel GS1900 series switches</acme_zyxel_gs1900>
                        <acme_unifi>Update local Unifi keystore</acme_unifi>
                        <configd_generic>System or Plugin Command</configd_generic>
@ -1745,6 +1748,26 @@
                        <https>HTTPS</https>
                    </OptionValues>
                </acme_truenas_scheme>
+                <acme_truenas_ws_apikey type="TextField">
+                    <Required>N</Required>
+                    <Mask>/^.{1,1024}$/u</Mask>
+                    <ValidationMessage>Should be a string between 1 and 1024 characters.</ValidationMessage>
+                </acme_truenas_ws_apikey>
+                <acme_truenas_ws_hostname type="HostnameField">
+                    <Default>localhost</Default>
+                    <Required>N</Required>
+                    <Mask>/^.{1,1024}$/u</Mask>
+                    <ValidationMessage>Should be a string between 1 and 1024 characters.</ValidationMessage>
+                </acme_truenas_ws_hostname>
+                <acme_truenas_ws_protocol type="OptionField">
+                    <Default>ws</Default>
+                    <Required>N</Required>
+                    <OptionValues>
+                        <ws>ws [default]</ws>
+                        <wss>wss</wss>
+                    </OptionValues>
+                </acme_truenas_ws_protocol>
+                <!-- TODO: old "truenasws" values kept for model migration, should be removed in version 5.0.0 -->
                <acme_truenasws_apikey type="TextField">
                    <Required>N</Required>
                    <Mask>/^.{1,1024}$/u</Mask>
--- a/security/acme-client/src/opnsense/mvc/app/models/OPNsense/AcmeClient/Migrations/M4_4_0.php
+++ b/security/acme-client/src/opnsense/mvc/app/models/OPNsense/AcmeClient/Migrations/M4_4_0.php
@ -0,0 +1,50 @@
+<?php
+
+/**
+ *    Copyright (C) 2026 Frank Wall
+ *
+ *    All rights reserved.
+ *
+ *    Redistribution and use in source and binary forms, with or without
+ *    modification, are permitted provided that the following conditions are met:
+ *
+ *    1. Redistributions of source code must retain the above copyright notice,
+ *       this list of conditions and the following disclaimer.
+ *
+ *    2. Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in the
+ *       documentation and/or other materials provided with the distribution.
+ *
+ *    THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ *    INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ *    AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ *    AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ *    OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ *    SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ *    INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ *    CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ *    ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ *    POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+namespace OPNsense\AcmeClient\Migrations;
+
+use OPNsense\Base\BaseModelMigration;
+
+class M4_4_0 extends BaseModelMigration
+{
+    public function run($model)
+    {
+        foreach ($model->getNodeByReference('actions.action')->iterateItems() as $action) {
+            $action_type = (string)$action->type;
+            if ($action_type === 'acme_truenasws') {
+                // Migrate data from misspelled item to new one
+                $action->type = 'acme_truenas_ws';
+                $action->acme_truenas_ws_apikey = (string)$action->acme_truenasws_apikey;
+                $action->acme_truenas_ws_hostname = (string)$action->acme_truenasws_hostname;
+                $action->acme_truenas_ws_protocol = (string)$action->acme_truenasws_protocol;
+            }
+        }
+    }
+}