[openwrt-23.05] acme-common: syntax error in uci default configuration

[JKSTAFF]

Steps to reproduce:

1. Make a fiemware with luci-app-acme and its depends build in
2. go to: Services → ACME certs
   

Actual behavior:

In browser luci shows

RPCError
RPC call to uci/get failed with ubus code 9: Unspecified error
  at ClassConstructor.handleCallReply (https://192.168.0.1/luci-static/resources/rpc.js?v=git-24.080.71710-b07cf9d:15:3)

Expected behavior:

ACME gui displayed correctly

Additional Information:

DISTRIB_ID='OpenWrt'
DISTRIB_RELEASE='23.05-SNAPSHOT'
DISTRIB_REVISION='r23812-0a2047cf77'
DISTRIB_TARGET='mediatek/filogic'
DISTRIB_ARCH='aarch64_cortex-a53'
DISTRIB_DESCRIPTION='OpenWrt 23.05-SNAPSHOT r23812-0a2047cf77'
DISTRIB_TAINTS='no-all'

[systemcrash]

@tohojo any ideas?

Make a fiemware with luci-app-acme and its depends build in

@JKSTAFF and what are its depends?

[tohojo]

No idea how the UCI stuff works under the hood, sorry :/

[JKSTAFF]

@tohojo any ideas?

Make a fiemware with luci-app-acme and its depends build in

@JKSTAFF and what are its depends?

I checked that luci-mod-admin-full acme acme-acmesh acme-common acme-acmesh-dnsapi libc were installed

[jow-]

Error code 9 is UBUS_STATUS_UNKNOWN_ERROR - this can only happen if libuci reports a lower level error such as bus error.

Edit:
Root cause is

root@OpenWrt:/# uci show acme
uci: Parse error (invalid command) at line 23, byte 1

Specifically the line validation_method webroot in

root@OpenWrt:/# cat /etc/config/acme 
config acme
	option account_email 'email@example.org'
	option debug 0

config cert 'example_wildcard'
	option enabled 0
	option staging 1
	list domains example.org
	list domains sub.example.org
	list domains *.sub.example.org
	option validation_method dns
	option dns "dns_freedns"
	list credentials 'FREEDNS_User="ssladmin@example.org"'
	list credentials 'FREEDNS_Password="1234"'
	option calias "example.com"
	option dalias "dalias.example.com"

config cert 'example'
	option enabled 0
	option staging 1
	list domains example.org
	list domains sub.example.org
	validation_method webroot

This has been fixed in master with d701cae which needs to be backported to OpenWrt 23.05

[saudiqbal]

Same problem when installing the package. https://forum.openwrt.org/t/installing-luci-app-acme-not-working-on-23-05-2/192303

[tohojo]

Ah, thanks @jow- ! I will push a fix to the 23.05 branch :)

[user8446]

I am on 23.05.3 installing acme for the 1st time. Even after the d701cae fix it does not start:

Failed to execute "/etc/init.d/acme enable" action: Command failed

If I run /usr/lib/acme/client/acme.sh the script itself runs but of course isn't usable since nothing is configured.

[tohojo]

Fixed with 73bee1f

[stokito]

I forgot to say sorry for this bug. I added the option in the VM when tested but when copied back to sources forgot the option.
But, I would say that the UCI should be more lenient for syntax errors and better to follow the Postel Law. This is a good sample of a minor error on the embedded device that broke the world.
We should try to make the UCI more smart and not fail in such cases.

[user8446]

No worries my friend, thank you for the development!

[saudiqbal]

Using acme plugin in Openwrt does not replace the default certificate.