security/acme-client/src/opnsense/service/conf/actions.d/actions_acmeclient.conf

[setup]
command:/usr/local/opnsense/scripts/OPNsense/AcmeClient/setup.sh
parameters:
type:script_output

##########################################
## lighttpd actions
##########################################

[http-start]
command:/usr/local/etc/rc.d/acme_http_challenge start
parameters:
type:script
message:starting acme_http_challenge

[http-stop]
command:/usr/local/etc/rc.d/acme_http_challenge stop; exit 0
parameters:
type:script
message:stopping acme_http_challenge

[http-restart]
command:/usr/local/etc/rc.d/acme_http_challenge restart
parameters:
type:script
message:restarting acme_http_challenge

[http-status]
command:/usr/local/etc/rc.d/acme_http_challenge status || exit 0
parameters:
type:script_output
message:requesting acme_http_challenge status

[http-configtest]
command:/usr/local/etc/rc.d/acme_http_challenge configtest 2>&1 || exit 0
parameters:
type:script_output
message:testing acme_http_challenge configuration

##########################################
## certificate actions
##########################################

[sign-cert]
command:/usr/local/opnsense/scripts/OPNsense/AcmeClient/setup.sh; /usr/sbin/daemon -f /usr/local/opnsense/scripts/OPNsense/AcmeClient/lecert.php --mode issue --force --cert
parameters:%s
type:script
message:signing or renewing a certificate

[revoke-cert]
command:/usr/local/opnsense/scripts/OPNsense/AcmeClient/lecert.php --mode revoke --cert
parameters:%s
type:script
message:revoking a certificate

[remove-cert]
command:/usr/local/opnsense/scripts/OPNsense/AcmeClient/lecert.php --mode remove --cert
parameters:%s
type:script
message:removing a certificate

[remove-key]
command:/usr/local/opnsense/scripts/OPNsense/AcmeClient/lecert.php --mode reset --cert
parameters:%s
type:script
message:removing a certificate private key

[sign-all-certs]
command:/usr/local/opnsense/scripts/OPNsense/AcmeClient/setup.sh; /usr/sbin/daemon -f /usr/local/opnsense/scripts/OPNsense/AcmeClient/lecert.php --mode issue --all
parameters:
type:script
message:signing or renewing all certificates

[run-automation]
command:/usr/local/opnsense/scripts/OPNsense/AcmeClient/setup.sh; /usr/sbin/daemon -f /usr/local/opnsense/scripts/OPNsense/AcmeClient/lecert.php --mode automation --cert
parameters:%s
type:script
message:running automations for a certificate

[import]
command:/usr/local/opnsense/scripts/OPNsense/AcmeClient/setup.sh; /usr/sbin/daemon -f /usr/local/opnsense/scripts/OPNsense/AcmeClient/lecert.php --mode import --cert
parameters:%s
type:script
message:running import for a certificate

[cron-auto-renew]
command:/usr/local/opnsense/scripts/OPNsense/AcmeClient/setup.sh; /usr/sbin/daemon -f /usr/local/opnsense/scripts/OPNsense/AcmeClient/lecert.php --mode issue --all --cron
parameters:
type:script
message:cronjob running to sign or renew certificates
description:Renew ACME certificates

[register-account]
command:/usr/local/opnsense/scripts/OPNsense/AcmeClient/lecert.php --mode register --account
parameters:%s
type:script
message:registering an account

[upload_highwinds]
command:/usr/local/opnsense/scripts/OPNsense/AcmeClient/upload_highwinds.php
parameters:-c %s -a %s
type:script
message:uploading a certificate to highwinds

[upload-sftp]
command:/usr/local/opnsense/scripts/OPNsense/AcmeClient/upload_sftp.php
parameters:--certificates=%s --automation-id=%s
type:script
message:uploading a certificate to sftp server

[test-sftp-connection]
command:/usr/local/opnsense/scripts/OPNsense/AcmeClient/upload_sftp.php
parameters:--host=%s --host-key=%s --port=%s --user=%s --identity-type=%s --remote-path=%s --chmod=%s --chgrp=%s --no-error test-connection
type:script_output
message:testing connection to sftp server

[show-sftp-identity]
command:/usr/local/opnsense/scripts/OPNsense/AcmeClient/upload_sftp.php
parameters:--identity-type=%s --host=%s show-identity
type:script_output
message:prints the public key used to connect to sftp server

[reset-acme-client]
command:/usr/bin/find /var/etc/acme-client/home /var/etc/acme-client/configs /var/etc/acme-client/certs /var/etc/acme-client/keys /var/etc/acme-client/accounts -type f -delete
parameters:
type:script
message:wiping acme client config and data