uacme: Add support custom CAs and TLS-ALPN-01 challenge

Signed-off-by: Peter Putzer <openwrt@mundschenk.at>
2024-02-24 17:06:43 +01:00 · 2024-02-24 17:06:43 +01:00 · e12095b0b9
parent 9baed0dc60
commit e12095b0b9
1 changed files with 27 additions and 2 deletions
--- a/net/uacme/files/run.sh
+++ b/net/uacme/files/run.sh
@ -8,6 +8,7 @@
 #
 # Initial Author: Toke Høiland-Jørgensen <toke@toke.dk>
 # Adapted for uacme: Lucian Cristian <lucian.cristian@gmail.com>
+# Adapted for custom CA and TLS-ALPN-01: Peter Putzer <openwrt@mundschenk.at>

 CHECK_CRON=$1

@ -39,6 +40,8 @@ UPDATE_UHTTPD=0
 UPDATE_HAPROXY=0
 FW_RULE=
 USER_CLEANUP=
+ACME_URL=
+ACME_STAGING_URL=

 . /lib/functions.sh

@ -220,6 +223,7 @@ issue_cert()
    local failed_dir
    local webroot
    local dns
+    local tls
    local user_setup
    local user_cleanup
    local ret
@ -237,6 +241,7 @@ issue_cert()
    config_get keylength "$section" keylength
    config_get webroot "$section" webroot
    config_get dns "$section" dns
+    config_get tls "$section" tls
    config_get user_setup "$section" user_setup
    config_get user_cleanup "$section" user_cleanup

@ -249,15 +254,26 @@ issue_cert()

    if [ "$APP" = "uacme" ]; then
 	[ "$DEBUG" -eq "1" ] && debug="--verbose --verbose"
+	[ "$tls" -eq "1" ] && HPROGRAM=/usr/share/uacme/ualpn.sh
    elif [ "$APP" = "acme" ]; then
 	[ "$DEBUG" -eq "1" ] && acme_args="$acme_args --debug"
    fi
    if [ "$use_staging" -eq "1" ]; then
 	STATE_DIR="$STAGING_STATE_DIR";
-	staging="--staging";
+
+	# Check if we should use a custom stagin URL
+        if [ "$APP" = "uacme" -a -n "$ACME_STAGING_URL" ]; then
+        	ACME="$ACME --acme-url $ACME_STAGING_URL"
+	else
+		staging="--staging";
+	fi
    else
 	STATE_DIR="$PRODUCTION_STATE_DIR";
 	staging="";
+
+	if [ "$APP" = "uacme" -a -n "$ACME_URL" ]; then
+		ACME="$ACME --acme-url $ACME_URL"
+	fi
    fi

    set -- $domains
@ -267,7 +283,7 @@ issue_cert()
 	log "Running user-provided setup script from $user_setup."
 	"$user_setup" "$main_domain" || return 2
    else
-	[ -n "$webroot" ] || [ -n "$dns" ] || pre_checks "$main_domain" || return 2
+	[ -n "$webroot" ] || [ -n "$dns" ] || [ -n "$tls" ] || pre_checks "$main_domain" || return 2
    fi

    log "Running $APP for $main_domain"
@ -322,6 +338,13 @@ issue_cert()
 	    return 2
 #	    uacme_args="$uacme_args --dns $dns"
 	fi
+    elif [ -n "$tls" ]; then
+	if [ "$APP" = "uacme" ]; then
+            log "Using TLS mode"
+	else
+            log "TLS not supported by $APP"
+            return 2
+	fi
    elif [ -z "$webroot" ]; then
 	if [ "$APP" = "acme" ]; then
 	    log "Using standalone mode"
@ -486,6 +509,8 @@ load_vars()
    STAGING_STATE_DIR=$PRODUCTION_STATE_DIR/staging
    ACCOUNT_EMAIL=$(config_get "$section" account_email)
    DEBUG=$(config_get "$section" debug)
+    ACME_URL=$(config_get "$section" acme_url)
+    ACME_STAGING_URL=$(config_get "$section" acme_staging_url)
 }

 if [ -z "$INCLUDE_ONLY" ]; then