summaryrefslogtreecommitdiff
path: root/interface-definitions
diff options
context:
space:
mode:
authorChristian Breunig <christian@breunig.cc>2024-01-08 22:16:51 +0100
committerGitHub <noreply@github.com>2024-01-08 22:16:51 +0100
commita9ed12de93425a9e9637a61e5b7f17ae01575242 (patch)
tree003b5a397a666ff82ff4fa2605f64dd790fef29f /interface-definitions
parent3f64c00c892b12673c80ddf450334848476f5249 (diff)
parent692d700f903c665efb2e29f5ca66d4219ef96ada (diff)
downloadvyos-1x-a9ed12de93425a9e9637a61e5b7f17ae01575242.tar.gz
vyos-1x-a9ed12de93425a9e9637a61e5b7f17ae01575242.zip
Merge pull request #2774 from vyos/mergify/bp/sagitta/pr-2758
pki: T5886: add support for ACME protocol (LetsEncrypt) (backport #2758)
Diffstat (limited to 'interface-definitions')
-rw-r--r--interface-definitions/include/constraint/email.xml.i3
-rw-r--r--interface-definitions/include/version/https-version.xml.i2
-rw-r--r--interface-definitions/pki.xml.in54
-rw-r--r--interface-definitions/service_https.xml.in18
4 files changed, 58 insertions, 19 deletions
diff --git a/interface-definitions/include/constraint/email.xml.i b/interface-definitions/include/constraint/email.xml.i
new file mode 100644
index 000000000..b19a88d64
--- /dev/null
+++ b/interface-definitions/include/constraint/email.xml.i
@@ -0,0 +1,3 @@
+<!-- include start from constraint/email.xml.i -->
+<regex>[^\s@]+@([^\s@.,]+\.)+[^\s@.,]{2,}</regex>
+<!-- include end -->
diff --git a/interface-definitions/include/version/https-version.xml.i b/interface-definitions/include/version/https-version.xml.i
index fa18278f3..525314dbd 100644
--- a/interface-definitions/include/version/https-version.xml.i
+++ b/interface-definitions/include/version/https-version.xml.i
@@ -1,3 +1,3 @@
<!-- include start from include/version/https-version.xml.i -->
-<syntaxVersion component='https' version='5'></syntaxVersion>
+<syntaxVersion component='https' version='6'></syntaxVersion>
<!-- include end -->
diff --git a/interface-definitions/pki.xml.in b/interface-definitions/pki.xml.in
index 097c541ac..0ed199539 100644
--- a/interface-definitions/pki.xml.in
+++ b/interface-definitions/pki.xml.in
@@ -81,6 +81,60 @@
<constraintErrorMessage>Certificate is not base64-encoded</constraintErrorMessage>
</properties>
</leafNode>
+ <node name="acme">
+ <properties>
+ <help>Automatic Certificate Management Environment (ACME) request</help>
+ </properties>
+ <children>
+ #include <include/url-http-https.xml.i>
+ <leafNode name="url">
+ <defaultValue>https://acme-v02.api.letsencrypt.org/directory</defaultValue>
+ </leafNode>
+ <leafNode name="domain-name">
+ <properties>
+ <help>Domain Name</help>
+ <constraint>
+ <validator name="fqdn"/>
+ </constraint>
+ <constraintErrorMessage>Invalid domain name (RFC 1123 section 2).\nMay only contain letters, numbers and .-_</constraintErrorMessage>
+ <multi/>
+ </properties>
+ </leafNode>
+ <leafNode name="email">
+ <properties>
+ <help>Email address to associate with certificate</help>
+ <constraint>
+ #include <include/constraint/email.xml.i>
+ </constraint>
+ </properties>
+ </leafNode>
+ #include <include/listen-address-ipv4-single.xml.i>
+ <leafNode name="rsa-key-size">
+ <properties>
+ <help>Size of the RSA key</help>
+ <completionHelp>
+ <list>2048 3072 4096</list>
+ </completionHelp>
+ <valueHelp>
+ <format>2048</format>
+ <description>RSA key length 2048 bit</description>
+ </valueHelp>
+ <valueHelp>
+ <format>3072</format>
+ <description>RSA key length 3072 bit</description>
+ </valueHelp>
+ <valueHelp>
+ <format>4096</format>
+ <description>RSA key length 4096 bit</description>
+ </valueHelp>
+ <constraint>
+ <regex>(2048|3072|4096)</regex>
+ </constraint>
+ </properties>
+ <defaultValue>2048</defaultValue>
+ </leafNode>
+ </children>
+ </node>
#include <include/generic-description.xml.i>
<node name="private">
<properties>
diff --git a/interface-definitions/service_https.xml.in b/interface-definitions/service_https.xml.in
index 223f10962..57f36a982 100644
--- a/interface-definitions/service_https.xml.in
+++ b/interface-definitions/service_https.xml.in
@@ -192,24 +192,6 @@
<children>
#include <include/pki/ca-certificate.xml.i>
#include <include/pki/certificate.xml.i>
- <node name="certbot" owner="${vyos_conf_scripts_dir}/service_https_certificates_certbot.py">
- <properties>
- <help>Request or apply a letsencrypt certificate for domain-name</help>
- </properties>
- <children>
- <leafNode name="domain-name">
- <properties>
- <help>Domain name(s) for which to obtain certificate</help>
- <multi/>
- </properties>
- </leafNode>
- <leafNode name="email">
- <properties>
- <help>Email address to associate with certificate</help>
- </properties>
- </leafNode>
- </children>
- </node>
</children>
</node>
#include <include/interface/vrf.xml.i>