-
-
branches/rel_apv_10_7/tools/update/ustacksystem.ks (Diff revision 1) Create a block yourself and add comments, instead of placing it under "for PostgreSQL and Prometheus."
TWSD-796 APV wants to support ACME (Automatic Certificate Management Environment)
Review Request #1055 — Created Sept. 11, 2025 and submitted
| Information | |
|---|---|
| mingji | |
| APV10 | |
| TWSD-796 | |
| Reviewers | |
| timsu, weikai | |
Implement ACME feature with
cerbot.
Document:
https://arraynetworks.atlassian.net/wiki/spaces/~712020b01d430745ea477faa9173a38c0a1430/pages/2889515062/ACME+for+APVnew CLIs:
ssl certbot test <domain_name> [challenge]
ssl certbot request <host_name> <domain_name> [cert_idx] [challenge]
ssl certbot sni request <host_name> <domain_name> [cert_idx] [challenge]
ssl certbot renew <host_name> [cert_idx] [domain_name] [is_force]
ssl certbot schedule <host_name> [cert_idx] [domain_name] [hour] [minute] [month] [days] [weekday]
no ssl certbot schedule <host_name> [cert_idx] [domain_name]
no ssl certbot certificate <host_name> [cert_idx] [domain_name]
show ssl certbot vhost <host_name>
show ssl certbot sni vhost <host_name>
show ssl certbot log [num_lines]
clear ssl certbot log
prerequisite:
- A public IP for VIP and has its domain name
- Register an EAB from a CA, for example Developer - ZeroSSL
- ACME server’s url: https://acme.zerossl.com/v2/DV90
- Generate your own EAB KID, EAB HMAC KeyVerify following the configuration steps:
https://arraynetworks.atlassian.net/browse/TWSD-796
| Description | From | Last Updated |
|---|---|---|
|
Create a block yourself and add comments, instead of placing it under "for PostgreSQL and Prometheus." |
 weikai
|
|
|
Remove redundant or non-functional code; don’t keep it in the project. |
weikai
|
|
|
Remove unnecessary spaces. |
weikai
|
|
|
If you can add comments here to explain what kind of command will be assembled and executed in the end, … |
weikai
|
|
|
Remove the unnecessary parts. If port 80 is already in use by someone else, the challenge should fail. That should … |
weikai
|
|
|
Currently only HTTP is supported, but here it says DNS is also accepted. Please fix this. You can leave a … |
weikai
|
|
|
Is anyone using this tag? If not, please remove it. If it’s only meant to separate code blocks, you can … |
weikai
|
|
|
Not quite sure about the meaning of this code and its comment. If it’s not needed, please remove it. If … |
weikai
|
|
|
The terminal width is not necessarily that wide. You can use line breaks or just a few - characters to … |
weikai
|
|
|
There’s no check for whether the file exists or whether fopen succeeds. |
weikai
|
|
|
Deleting might not be the best option, because there’s no prior check whether the file exists. You could also use … |
weikai
|
|
|
Remove redundant or non-functional code; don’t keep it in the project. |
weikai
|
|
|
Remove redundant or non-functional code; don’t keep it in the project. |
weikai
|
-
-
branches/rel_apv_10_7/usr/click/lib/libparser/commands.pm (Diff revision 1) Remove unnecessary spaces.
-
-
branches/rel_apv_10_7/usr/click/lib/libkernelapi/addCommands.pm (Diff revision 1) Remove redundant or non-functional code; don’t keep it in the project.
-
-
branches/rel_apv_10_7/usr/src/sys/click/app/ssl/ssl_ui.c (Diff revision 1) Remove redundant or non-functional code; don’t keep it in the project.
-
-
branches/rel_apv_10_7/usr/src/sys/click/app/ssl/ssl_ui.c (Diff revision 1) Remove redundant or non-functional code; don’t keep it in the project.
-
-
branches/rel_apv_10_7/usr/click/lib/libssl_cli/ssl_cli.c (Diff revision 1) If you can add comments here to explain what kind of command will be assembled and executed in the end, it will make it easier for everyone to understand.
-
-
branches/rel_apv_10_7/usr/click/lib/libssl_cli/ssl_cli.c (Diff revision 1) Remove the unnecessary parts.
-
If port 80 is already in use by someone else, the challenge should fail. That should be the expected error message, right?
-
If port 80 was already open, there’s no check here. The code always closes it afterward, which could break other functionality.
-
-
-
branches/rel_apv_10_7/usr/click/lib/libssl_cli/ssl_cli.c (Diff revision 1) Currently only HTTP is supported, but here it says DNS is also accepted. Please fix this.
You can leave a comment here so that anyone adding features in the future can understand more quickly.
-
-
branches/rel_apv_10_7/usr/click/lib/libssl_cli/ssl_cli.c (Diff revision 1) Not quite sure about the meaning of this code and its comment.
If it’s not needed, please remove it.
If it has important meaning, please provide an additional explanation.
-
-
branches/rel_apv_10_7/usr/click/lib/libssl_cli/ssl_cli.c (Diff revision 1) Is anyone using this tag? If not, please remove it.
If it’s only meant to separate code blocks, you can use comments instead.
-
-
branches/rel_apv_10_7/usr/click/lib/libssl_cli/ssl_cli.c (Diff revision 1) There’s no check for whether the file exists or whether fopen succeeds.
-
-
branches/rel_apv_10_7/usr/click/lib/libssl_cli/ssl_cli.c (Diff revision 1) Deleting might not be the best option,
because there’s no prior check whether the file exists.
You could also use echo "" > CERTBOTUSERLOGPATH.
-
-
branches/rel_apv_10_7/usr/click/lib/libssl_cli/ssl_cli.c (Diff revision 1) The terminal width is not necessarily that wide.
You can use line breaks or just a few - characters to indicate meaning, e.g., 10–20 -.
Diff: |
Revision 3 (+1279 -27)
|
|---|
Summary: |
|
|||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Description: |
|
|||||||||||||||||||||||||||||||||||||||||||||||||||
Testing Done: |
|
|||||||||||||||||||||||||||||||||||||||||||||||||||
Diff: |
Revision 4 (+1324 -27)
|