security/acme-client: make the timeout for (custom) restart commands configurable

security/acme-client/src/opnsense/mvc/app/controllers/OPNsense/AcmeClient/forms/settings.xml

@@ -30,4 +30,11 @@
         <help><![CDATA[When using HTTP-01 as validation method, a local webserver is used to provide acme challenge data to the Let's Encrypt servers. This setting allows you to change the local port of this webserver in case it interferes with another local services. Defaults to port 43580.]]></help>
         <advanced>true</advanced>
     </field>
+    <field>
+        <id>acmeclient.settings.restartTimeout</id>
+        <label>Restart Timeout</label>
+        <type>text</type>
+        <help><![CDATA[The maximum time in seconds to wait for a restart action to complete. When the timeout is reached the command is forcefully aborted. Defaults to 600 seconds.]]></help>
+        <advanced>true</advanced>
+    </field>
 </form>

security/acme-client/src/opnsense/mvc/app/models/OPNsense/AcmeClient/AcmeClient.xml

@@ -43,6 +43,12 @@
                 <MaximumValue>65535</MaximumValue>
                 <Required>Y</Required>
             </challengePort>
+            <restartTimeout type="IntegerField">
+                <default>600</default>
+                <MinimumValue>10</MinimumValue>
+                <MaximumValue>86400</MaximumValue>
+                <Required>Y</Required>
+            </restartTimeout>
             <haproxyIntegration type="BooleanField">
                 <default>0</default>
                 <Required>N</Required>

security/acme-client/src/opnsense/scripts/OPNsense/AcmeClient/certhelper.php

@@ -957,6 +957,7 @@ function run_restart_actions($certlist, $modelObj)
 {
     global $config;
     $return = 0;
+    $configObj = Config::getInstance()->object();
 
     // NOTE: Do NOT run any restart action twice, collect duplicates first.
     $restart_actions = array();
@@ -1041,8 +1042,12 @@ function run_restart_actions($certlist, $modelObj)
                     $proc_stderr = '';
                     $result = ''; // exit code (or '99' in case of timeout)
 
-                    // TODO: Make the timeout configurable.
-                    $timeout = '600';
+                    // Timeout for custom restart actions.
+                    if (!empty((string)$configObj->OPNsense->AcmeClient->settings->restartTimeout)) {
+                        $timeout = (string)$configObj->OPNsense->AcmeClient->settings->restartTimeout;
+                    } else {
+                        $timeout = '600';
+                    }
                     $starttime = time();
 
                     $proc_cmd = (string)$action->custom;