packages
packages copied to clipboard
openwrt
acme: fix script standalone error
Maintainers: @tohojo, @stokito Run tested: OpenWrt 23.05.3
Description:
Fix issue with acme.sh:
acme-acmesh: Running ACME for ****
/usr/lib/acme/hook: line 123: standalone: parameter not set
Here is few reported issues: https://github.com/openwrt/packages/issues/23756
Finally solution found here: https://forum.openwrt.org/t/acme-not-working-on-openwrt-23-05-2/190724/3
And moved to this PR:
problem is that hook requres standalone` variabe. So it is worth to be exported, to avoid script fail, even if the standalone already deprecated.
And the second issue is that comment about deprecated state_dir used $CERT_DIR that points to /etc/ssl/acme.
While actual default value is /etc/acme, so fixed it to use $CERT_DIR.
Thank you for reporting. The hook doesn't use the $standalone var anymore but here it seems that you have an old version of the acme-acmesh package. So you upgraded only the acme-common but not upgraded the complimentary acme-acmesh package.
But anyway, given that the fix is small and can save someones time I would rather accept the PR and export the standalone for a backward compatibility.
But please also change the version number in Makefile to PKG_VERSION:=1.1.2.
And the second issue is that comment about deprecated state_dir used $CERT_DIR that points to /etc/ssl/acme. While actual default value is /etc/acme, so fixed it to use $CERT_DIR.
Please revert the change. The state_dir is a "working directory" for the acme.sh where it stores settings, while the /etc/ssl/acme is a folder when the current generated certs are placed for a webserver.
Did you had any troubles with that?
@stokito I've just upgrade my router to 23.05.3 and install acme from it. And this is the result of it. It wasn't working.
So I find this fixes and applied the changes.
Besides that standalone do not work it still fails in this line that was already removed from master but still not available for 23.05.3 (did we miss backport?):
elif [ "$standalone" = 1 ]; then
According to state_dir. When I investigating the issue I found this in log:
WARN: Option "state_dir" is deprecated, please remove it. Certificates now exist in /etc/ssl/acme"
So I've update my scripts to point to this folder /etc/ssl/acme. Which is wrong because actual folder is /etc/acme.
So I thought that someone forge something. This message is still confusing and I don't know then what it should be...
(did we miss backport?)
Yes. @tohojo please backport ASAP before many users will fail to renew certs and loose an access. This is critical.
This message is still confusing and I don't know then what it should be...
See the commit for details https://github.com/openwrt/packages/commit/b907223d57765d49858c2fb1bd6e0b0f4222db0e
Feel free to open a PR yourself. Otherwise I'll get to this when I do :)
On 29 April 2024 19:10:29 CEST, Sergey Ponomarev @.***> wrote:
@tohojo please backport missing changes
Alright, pushed the update to acme-acmesh as 798738c9b7a86df2166d70192cd95963c1c9bbeb, so closing this...
@tohojo thank you! I also created a forum topic for support https://forum.openwrt.org/t/letsencrypt-acme-sh-and-luci-app-acme-support-topic/196821 Please subscribe to it. I'm worried that the issue was reported on the forum for long time but I didn't noticed it. So now users can report issues in one topic and help each others.