Skip to content

luci-app-acme: support --cert-profile option #8187

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
ngehrsitz wants to merge 1 commit into
base: master
Choose a base branch
from
Draft

luci-app-acme: support --cert-profile option #8187

ngehrsitz wants to merge 1 commit into from

Conversation

@ngehrsitz
Copy link

@ngehrsitz ngehrsitz commented Jan 3, 2026

This makes the new --cert-profile option from openwrt/packages#28237 available using Luci.

  • This PR is not from my main or master branch 💩, but a separate branch ✅
  • Each commit has a valid ✒️ Signed-off-by: <my@email.address> row (via git commit --signoff)
  • Each commit and PR title has a valid 📝 <package name>: title first line subject for packages
  • Incremented 🆙 any PKG_VERSION in the Makefile
  • Tested on: (architecture, openwrt version, browser) ✅
  • ( Preferred ) Mention: @ the original code author for feedback
  • ( Preferred ) Screenshot or mp4 of changes:
  • ( Optional ) Closes: e.g. openwrt/luci#issue-number
  • ( Optional ) Depends on: e.g. openwrt/packages#pr-number in sister repo
  • Description: (describe the changes proposed in this PR)

ngehrsitz
ngehrsitz commented Jan 3, 2026
View reviewed changes
Copy link
Author

@ngehrsitz ngehrsitz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@tohojo There was no version to increment in the Makefile, is that not necessary here?

applications/luci-app-acme/htdocs/luci-static/resources/view/acme/acme.js
Comment on lines +302 to +304
o = s.taboption('advanced', form.Value, 'cert_profile', _('Certificate Profile'));
o.optional = true;
o.modalonly = true;
Copy link
Author

@ngehrsitz ngehrsitz Jan 3, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is there any way to control the order?
grafik
Ideally this would be below the URL, but it doesn´t appear to be the order these are defined in?

Copy link
Contributor

@systemcrash systemcrash Jan 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

order? It doesn't appear.

Copy link
Author

@ngehrsitz ngehrsitz Jan 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This screenshot was captured without the change. My question was in general if you can control the order since the order here does not match the one in the code.

Copy link
Contributor

@systemcrash systemcrash Jan 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Order of what? The order the elements appear in? Code order = appearance order

Copy link
Author

@ngehrsitz ngehrsitz Jan 5, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In the code it is:

  1. Keytype

    luci/applications/luci-app-acme/htdocs/luci-static/resources/view/acme/acme.js

    Lines 245 to 275 in 6efab68

    o = s.taboption('advanced', form.ListValue, 'key_type', _('Key type'),
    _('Key size (and type) for the generated certificate.')
    );
    o.value('rsa2048', _('RSA 2048 bits'));
    o.value('rsa3072', _('RSA 3072 bits'));
    o.value('rsa4096', _('RSA 4096 bits'));
    o.value('ec256', _('ECC 256 bits'));
    o.value('ec384', _('ECC 384 bits'));
    o.rmempty = false;
    o.optional = true;
    o.modalonly = true;
    o.cfgvalue = function(section_id) {
    let keylength = uci.get('acme', section_id, 'keylength');
    if (keylength) {
    // migrate the old keylength to a new keytype
    switch (keylength) {
    case '2048': return 'rsa2048';
    case '3072': return 'rsa3072';
    case '4096': return 'rsa4096';
    case 'ec-256': return 'ec256';
    case 'ec-384': return 'ec384';
    default: return ''; // bad value
    }
    }
    return this.super('cfgvalue', arguments);
    };
    o.write = function(section_id, value) {
    // remove old keylength
    uci.unset('acme', section_id, 'keylength');
    uci.set('acme', section_id, 'key_type', value);
    };
  2. URL

    luci/applications/luci-app-acme/htdocs/luci-static/resources/view/acme/acme.js

    Lines 277 to 284 in 6efab68

    o = s.taboption('advanced', form.Value, "acme_server", _("ACME server URL"),
    _('Use a custom CA instead of Let\'s Encrypt.') + ' ' + _('Custom ACME server directory URL.') + '<br />' +
    '<a href="https://github.com/acmesh-official/acme.sh/wiki/Server" target="_blank">' + _('See more') + '</a>' + '<br />'
    + _('Default') + ' <code>letsencrypt</code>'
    );
    o.placeholder = "https://api.buypass.com/acme/directory";
    o.optional = true;
    o.modalonly = true;
  3. Staging

    luci/applications/luci-app-acme/htdocs/luci-static/resources/view/acme/acme.js

    Lines 286 to 294 in 6efab68

    o = s.taboption('advanced', form.Flag, 'staging', _('Use staging server'),
    _(
    'Get certificate from the Letsencrypt staging server ' +
    '(use for testing; the certificate won\'t be valid).'
    )
    );
    o.depends('acme_server', '');
    o.optional = true;
    o.modalonly = true;
  4. Days

    luci/applications/luci-app-acme/htdocs/luci-static/resources/view/acme/acme.js

    Lines 296 to 300 in 6efab68

    o = s.taboption('advanced', form.Value, 'days', _('Days until renewal'));
    o.optional = true;
    o.placeholder = 'acme.sh default (60 days)';
    o.datatype = 'uinteger';
    o.modalonly = true;

But in the Screenshot it´s

  1. Staging
  2. Keytype
  3. URL
  4. Days

Thus not the order it is defined in...

@github-actions

This comment has been minimized.

Sign in to view
luci-app-acme: support --cert-profile option
c186253 
This makes the new --cert-profile option from openwrt/packages#28237 available in Luci.

Signed-off-by: Norman Gehrsitz <git@gehrsitz.eu>
@ngehrsitz ngehrsitz force-pushed the acmesh-cert-profiles branch from bd5be0f to c186253 Compare January 4, 2026 16:30
@github-actions
Copy link

github-actions bot commented Jan 4, 2026

Warning

Some formality checks failed.

Consider (re)reading submissions guidelines.

Failed checks

Issues marked with an ❌ are failing checks.

Commit c186253

For more details, see the full job log.

Something broken? Consider providing feedback.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@systemcrash systemcrash systemcrash left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ngehrsitz @systemcrash