Merge pull request #2774 from vyos/mergify/bp/sagitta/pr-2758

pki: T5886: add support for ACME protocol (LetsEncrypt) (backport #2758)
author: Christian Breunig <christian@breunig.cc> 2024-01-08 22:16:51 +0100
committer: GitHub <noreply@github.com> 2024-01-08 22:16:51 +0100
commit: a9ed12de93425a9e9637a61e5b7f17ae01575242 (patch)
tree: 003b5a397a666ff82ff4fa2605f64dd790fef29f /interface-definitions/pki.xml.in
parent: 3f64c00c892b12673c80ddf450334848476f5249 (diff)
parent: 692d700f903c665efb2e29f5ca66d4219ef96ada (diff)
download: vyos-1x-a9ed12de93425a9e9637a61e5b7f17ae01575242.tar.gz
vyos-1x-a9ed12de93425a9e9637a61e5b7f17ae01575242.zip
1 files changed, 54 insertions, 0 deletions
diff --git a/interface-definitions/pki.xml.in b/interface-definitions/pki.xml.in
index 097c541ac..0ed199539 100644
--- a/interface-definitions/pki.xml.in
+++ b/interface-definitions/pki.xml.in
@@ -81,6 +81,60 @@
               <constraintErrorMessage>Certificate is not base64-encoded</constraintErrorMessage>
             </properties>
           </leafNode>
+          <node name="acme">
+            <properties>
+              <help>Automatic Certificate Management Environment (ACME) request</help>
+            </properties>
+            <children>
+              #include <include/url-http-https.xml.i>
+              <leafNode name="url">
+                <defaultValue>https://acme-v02.api.letsencrypt.org/directory</defaultValue>
+              </leafNode>
+              <leafNode name="domain-name">
+                <properties>
+                  <help>Domain Name</help>
+                  <constraint>
+                    <validator name="fqdn"/>
+                  </constraint>
+                  <constraintErrorMessage>Invalid domain name (RFC 1123 section 2).\nMay only contain letters, numbers and .-_</constraintErrorMessage>
+                  <multi/>
+                </properties>
+              </leafNode>
+              <leafNode name="email">
+                <properties>
+                  <help>Email address to associate with certificate</help>
+                  <constraint>
+                    #include <include/constraint/email.xml.i>
+                  </constraint>
+                </properties>
+              </leafNode>
+              #include <include/listen-address-ipv4-single.xml.i>
+              <leafNode name="rsa-key-size">
+                <properties>
+                  <help>Size of the RSA key</help>
+                  <completionHelp>
+                    <list>2048 3072 4096</list>
+                  </completionHelp>
+                  <valueHelp>
+                    <format>2048</format>
+                    <description>RSA key length 2048 bit</description>
+                  </valueHelp>
+                  <valueHelp>
+                    <format>3072</format>
+                    <description>RSA key length 3072 bit</description>
+                  </valueHelp>
+                  <valueHelp>
+                    <format>4096</format>
+                    <description>RSA key length 4096 bit</description>
+                  </valueHelp>
+                  <constraint>
+                    <regex>(2048|3072|4096)</regex>
+                  </constraint>
+                </properties>
+                <defaultValue>2048</defaultValue>
+              </leafNode>
+            </children>
+          </node>
           #include <include/generic-description.xml.i>
           <node name="private">
             <properties>
author	Christian Breunig <christian@breunig.cc>	2024-01-08 22:16:51 +0100
committer	GitHub <noreply@github.com>	2024-01-08 22:16:51 +0100
commit	a9ed12de93425a9e9637a61e5b7f17ae01575242 (patch)
tree	003b5a397a666ff82ff4fa2605f64dd790fef29f /interface-definitions/pki.xml.in
parent	3f64c00c892b12673c80ddf450334848476f5249 (diff)
parent	692d700f903c665efb2e29f5ca66d4219ef96ada (diff)
download	vyos-1x-a9ed12de93425a9e9637a61e5b7f17ae01575242.tar.gz vyos-1x-a9ed12de93425a9e9637a61e5b7f17ae01575242.zip