security/acme-client: make log level configurable, refs opnsense#69

security/acme-client/src/opnsense/mvc/app/controllers/OPNsense/AcmeClient/forms/settings.xml

@@ -37,4 +37,11 @@
         <help><![CDATA[The maximum time in seconds to wait for a restart action to complete. When the timeout is reached the command is forcefully aborted. Defaults to 600 seconds.]]></help>
         <advanced>true</advanced>
     </field>
+    <field>
+        <id>acmeclient.settings.logLevel</id>
+        <label>Log Level</label>
+        <type>dropdown</type>
+        <help><![CDATA[Specifies the log level for acme.sh, default is "normal". All other log levels add information for debug purposes, but be aware that this will break the log formatting in the GUI.]]></help>
+        <advanced>true</advanced>
+    </field>
 </form>

security/acme-client/src/opnsense/mvc/app/models/OPNsense/AcmeClient/AcmeClient.xml

@@ -1,7 +1,7 @@
 <model>
 
     <mount>//OPNsense/AcmeClient</mount>
-    <version>1.0.0</version>
+    <version>1.1.0</version>
     <description>
         a secure Let's Encrypt plugin
     </description>
@@ -101,6 +101,15 @@
                 <multiple>N</multiple>
                 <Required>N</Required>
             </haproxyBackendRef>
+            <logLevel type="OptionField">
+                <Required>Y</Required>
+                <default>normal</default>
+                <OptionValues>
+                    <normal>normal</normal>
+                    <extended>extended</extended>
+                    <debug>debug</debug>
+                </OptionValues>
+            </logLevel>
         </settings>
         <accounts>
             <account type="ArrayField">

security/acme-client/src/opnsense/scripts/OPNsense/AcmeClient/certhelper.php

@@ -286,12 +286,18 @@ function eval_optional_acme_args()
     $configObj = Config::getInstance()->object();
 
     $acme_args = array();
+
     // Force certificate renewal?
     $acme_args[] = isset($options["F"]) ? "--force" : null;
+
     // Use LE staging environment?
     $acme_args[] = $configObj->OPNsense->AcmeClient->settings->environment == "stg" ? "--staging" : null;
     $acme_args[] = isset($options["S"]) ? "--staging" : null; // for debug purpose
 
+    // Set log level
+    $acme_args[] = $configObj->OPNsense->AcmeClient->settings->logLevel == "normal" ? "--log-level 1" : "--log-level 2";
+    $acme_args[] = $configObj->OPNsense->AcmeClient->settings->logLevel == "debug" ? "--debug" : null;
+
     // Remove empty and duplicate elements from array
     return(array_unique(array_filter($acme_args)));
 }
@@ -390,7 +396,6 @@ function run_acme_account_registration($acctObj, $certObj, $modelObj)
         $acmecmd = "/usr/local/sbin/acme.sh "
           . implode(" ", $acme_args) . " "
           . "--registeraccount "
-          . "--log-level 2 "
           . "--home /var/etc/acme-client/home "
           . "--accountconf " . $account_conf_file;
         //echo "DEBUG: executing command: " . $acmecmd . "\n";
@@ -739,7 +744,6 @@ function run_acme_validation($certObj, $valObj, $acctObj)
       . "--domain " . (string)$certObj->name . " "
       . $altnames
       . $acme_validation . " "
-      . "--log-level 2 "
       . "--home /var/etc/acme-client/home "
       . "--keylength 4096 "
       . "--accountconf " . $account_conf_file . " "
@@ -804,7 +808,6 @@ function revoke_cert($certObj, $valObj, $acctObj)
       . implode(" ", $acme_args) . " "
       . "--revoke "
       . "--domain " . (string)$certObj->name . " "
-      . "--log-level 2 "
       . "--home /var/etc/acme-client/home "
       . "--keylength 4096 "
       . "--accountconf " . $account_conf_file;