security/acme-client: Restart Action - Custom Shellscript

[Constey]

As in the documentation of acme.sh it's mentioned to specify custom restart commands like with:
--reloadcmd "service nginx force-reload"

acme.sh --install-cert -d example.com \
--key-file       /path/to/keyfile/in/nginx/key.pem  \
--fullchain-file /path/to/fullchain/nginx/cert.pem \
--reloadcmd     "service nginx force-reload"

Currently I just find some pre-defined Restart Actions like
"none, Update and reload intrusion detection rules, Issue a reboot, Reconfigure a plugin facility, and some others"

Is it possible to let the user enter here a custom shell restart command?

Background is, that I want to use opnsense with le as central to fetch certificates and distribute them to the needed servers. In order to do this, I need to execute some commands like push the certificate and so on.

[fraenki]

Hi @Constey, for security reasons it is not possible to inject arbitrary code through the OPNsense GUI (#100). That being said, it's still possible to create custom actions that can be used as "Restart Actions" for our Let's Encrypt plugin.

You'll have to create a custom action for the configd backend service. Please see the documentation for more information:
https://docs.opnsense.org/development/backend/configd.html

There are also several posts in the forums that demonstrate how to create custom configd actions:
https://forum.opnsense.org/index.php?topic=3047.msg9369#msg9369
https://forum.opnsense.org/index.php?topic=6177.msg25940#msg25940

HTH.