This is not supported by letsencrypt, so issuing the certificate will fail.
Instead, add 3072 bits as an intermediate option.

Signed-off-by: Toke Høiland-Jørgensen <toke@redhat.com>

As pointed out by @andersk, acme.sh already supports ECC certificates, and
they can be set manually in the uci file, just not in Luci. Fix this by
changing the key size selector into a listbox, and adding ECC certs as
options.

Fixes #7825.

Signed-off-by: Toke Høiland-Jørgensen <toke@redhat.com>

Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>

This adds a metapakcge for acme luci ap without uhttpd dependency and adds entities and check to stop handle nginx server and modify the certificate set automatically.

Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>

Fixes #6370.

Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>

Tested with dynu.com ddns.

Install acme-dnsapi:

    # opkg install acme-dnsapi

Example `/etc/config/acme`:

    config acme
        option state_dir '/etc/acme'
        option account_email email@example.org'
        option debug '0'

    config cert 'foo'
        option enabled '1'
        option use_staging '1'
        option keylength '2048'
        option update_uhttpd '0'
        option dns 'dns_dynu'
        list domains 'foo.dynu.com'
        list domains '*.foo.dynu.com'
        list credentials 'Dynu_ClientId="xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"'
        list credentials 'Dynu_Secret="yyyyyyyyyyyyyyyyyyyyyyyyy"'

Run:

    # /etc/init.d/acme start

Signed-off-by: Zhong Jianxin <azuwis@gmail.com>

For configurations where another web server is running on port 80, running
acme.sh in standalone mode fails. Try to detect this and refuse to run; and
allow the user to configure a webroot directory to use the running webserver for
certificate verification.

This also updates acme.sh to the latest version.

Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>

This adds a Luci configuration app for the ACME certificate package.

Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>