Feature request: Download CSR via API and use for issued certificate

[tjmullicani]

I am trying to integrate acme.sh with the Eaton Network-M2 device, but issued certificates must use their CSR file. They provide API methods for generating a CSR and importing the issued certificate. If you try to import an issued certificate without first generating a CSR on the device, the import will fail. The basic workflow is:

** Network-M2 API is documented at https://documenter.getpostman.com/view/7058770/S1EQTJ3z

1. HTTP POST {device}/rest/mbdetnrs/1.0/managers/1/certificatesManager/services/webserver/serverAuthentication/csr/actions/generate to generate and output CSR request.
2. Sign CSR (either manually or with ACME client).
3. HTTP POST {device}/rest/mbdetnrs/1.0/managers/1/certificatesManager/services/webserver/serverAuthentication/certificate/actions/import to import signed certificate.

I have created a deploy hook to upload the issued certificate via the Network-M2 API, but I can't figure out a good way to have acme.sh use the CSR. I see a few possible solutions:

1. Have a bash script that downloads the Network-M2 generated CSR before acme.sh runs on issue/renewal. The --sign-csr command doesn't seem to be compatible with renewals though.
2. Update acme.sh to allow for dynamic CSR download using a product API before certificate issuance (similar to deploy hook).

[github-actions[bot]]

Please upgrade to the latest code and try again first. Maybe it's already fixed. acme.sh --upgrade If it's still not working, please provide the log with --debug 2, otherwise, nobody can help you.

[Neilpang]

https://github.com/acmesh-official/acme.sh/wiki/Issue-a-cert-from-existing-CSR