security/os-acme-client: HTTP-01 does not work without adding some lighttpd config

[andanotheruser]

Important notices Before you add a new report, we ask you kindly to acknowledge the following:

• [x] I have read the contributing guide lines at https://github.com/opnsense/plugins/blob/master/CONTRIBUTING.md
• [x] I have searched the existing issues, open and closed, and I'm convinced that mine is new.
• [x] The title contains the plugin to which this issue belongs

Describe the bug A clear and concise description of what the bug is, including last known working version (if any).

Tip: to validate your setup was working with the previous version, use opnsense-revert (https://docs.opnsense.org/manual/opnsense_tools.html#opnsense-revert)

Version: 4.10

The HTTP-01 challenge does not work. Instead of retrieving the challenge, the ACME provider will be redirected:

/.well-known/acme-challenge/xxxxxxxxx -> ?url=/.well-known/acme-challenge/xxxxxxxxx

The only way I was able to make it work has been by adding a lighttpd config snippet:

root@opnsense:~ # cat /usr/local/etc/lighttpd_webgui/conf.d/acme.conf 
server.modules += ( "mod_proxy" )

$HTTP["url"] =~ "^/\.well-known/acme-challenge/.*" {
    proxy.server = ( "" => (( "host" => "127.0.0.1", "port" => 43580 ) ))
}
root@opnsense:~ # 

After executing /usr/local/etc/rc.restart_webgui, the challenge would finally work.

To Reproduce Steps to reproduce the behavior:

1. Set up HTTP-01 challenge
2. Let it run
3. ACME provider fails to retrieve the challenge

Expected behavior A clear and concise description of what you expected to happen.

The plugin automatically sets up the webserver's config to reverse proxy ACME requests to the ACME plugin.