9 L
.resolveDefault(fs
.stat('/usr/sbin/nginx'), {}),
10 L
.resolveDefault(fs
.stat('/usr/sbin/uhttpd'), {})
14 render: function (stats
) {
17 m
= new form
.Map("acme", _("ACME certificates"),
18 _("This configures ACME (Letsencrypt) automatic certificate installation. " +
19 "Simply fill out this to have the router configured with Letsencrypt-issued " +
20 "certificates for the web interface. " +
21 "Note that the domain names in the certificate must already be configured to " +
22 "point at the router's public IP address. " +
23 "Once configured, issuing certificates can take a while. " +
24 "Check the logs for progress and any errors."));
26 s
= m
.section(form
.TypedSection
, "acme", _("ACME global config"));
29 o
= s
.option(form
.Value
, "state_dir", _("State directory"),
30 _("Where certs and other state files are kept."));
32 o
.datatype
= "directory";
34 o
= s
.option(form
.Value
, "account_email", _("Account email"),
35 _("Email address to associate with account key."))
37 o
.datatype
= "minlength(1)";
39 o
= s
.option(form
.Flag
, "debug", _("Enable debug logging"));
42 s
= m
.section(form
.TypedSection
, "cert", _("Certificate config"))
46 o
= s
.option(form
.Flag
, "enabled", _("Enabled"));
49 o
= s
.option(form
.Flag
, "use_staging", _("Use staging server"),
50 _("Get certificate from the Letsencrypt staging server " +
51 "(use for testing; the certificate won't be valid)."));
54 o
= s
.option(form
.ListValue
, "keylength", _("Key size"),
55 _("Key size (and type) for the generated certificate."));
56 o
.value("2048", _("RSA 2048 bits"));
57 o
.value("3072", _("RSA 3072 bits"));
58 o
.value("4096", _("RSA 4096 bits"));
59 o
.value("ec-256", _("ECC 256 bits"));
60 o
.value("ec-384", _("ECC 384 bits"));
64 if (stats
[1].type
=== 'file') {
65 o
= s
.option(form
.Flag
, "update_uhttpd", _("Use for uhttpd"),
66 _("Update the uhttpd config with this certificate once issued " +
67 "(only select this for one certificate). " +
68 "Is also available luci-app-uhttpd to configure uhttpd form the LuCI interface."));
72 if (stats
[0].type
=== 'file') {
73 o
= s
.option(form
.Flag
, "update_nginx", _("Use for nginx"),
74 _("Update the nginx config with this certificate once issued " +
75 "(only select this for one certificate). " +
76 "Nginx must support ssl, if not it won't start as it needs to be " +
77 "compiled with ssl support to use cert options"));
81 o
= s
.option(form
.Value
, "webroot", _("Webroot directory"),
82 _("Webserver root directory. Set this to the webserver " +
83 "document root to run Acme in webroot mode. The web " +
84 "server must be accessible from the internet on port 80."));
87 o
= s
.option(form
.DynamicList
, "domains", _("Domain names"),
88 _("Domain names to include in the certificate. " +
89 "The first name will be the subject name, subsequent names will be alt names. " +
90 "Note that all domain names must point at the router in the global DNS."));
91 o
.datatype
= "list(string)";
93 s
.option(form
.Value
, "dns", _("DNS API"),
94 _("To use DNS mode to issue certificates, set this to the name of a DNS API supported by acme.sh. " +
95 "See https://github.com/acmesh-official/acme.sh/wiki/dnsapi for the list of available APIs. " +
96 "In DNS mode, the domain name does not have to resolve to the router IP. " +
97 "DNS mode is also the only mode that supports wildcard certificates. " +
98 "Using this mode requires the acme-dnsapi package to be installed."));
100 o
= s
.option(form
.DynamicList
, "credentials", _("DNS API credentials"),
101 _("The credentials for the DNS API mode selected above. " +
102 "See https://github.com/acmesh-official/acme.sh/wiki/dnsapi for the format of credentials required by each API. " +
103 "Add multiple entries here in KEY=VAL shell variable format to supply multiple credential variables."))
104 o
.datatype
= "list(string)";
106 s
.option(form
.Value
, "calias", _("Challenge Alias"),
107 _("The challenge alias to use for ALL domains. " +
108 "See https://github.com/acmesh-official/acme.sh/wiki/DNS-alias-mode for the details of this process. " +
109 "LUCI only supports one challenge alias per certificate."));
111 s
.option(form
.Value
, "dalias", _("Domain Alias"),
112 _("The domain alias to use for ALL domains. " +
113 "See https://github.com/acmesh-official/acme.sh/wiki/DNS-alias-mode for the details of this process. " +
114 "LUCI only supports one challenge domain per certificate."));