acme-acmesh: support listen_port option #27582
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
marshall-lee
force-pushed
the
acme-acmesh/listen_port-opt
branch
2 times, most recently
from
8c931dd to
fd74e5d
Compare
listen_port option allows to redefine the default 80/443 port used in standalone/alpn challenges. It's also useful for other types of challenges which require accepting a connection on some TCP port so we need to expose it via nft as well. Signed-off-by: Vladimir Kochnev <[email protected]>
It's possible that staging_moved variable is undeclared while being accessed. Lets explicitly declare it. Signed-off-by: Vladimir Kochnev <[email protected]>
acme.sh supports --httpport and --tlsport options to be used together with --standalone and --alpn modes respectively. This is useful if we're behind a reverse proxy or smth like that or if we cannot bind to standard 80 or 443 port for some other reason. This change makes listen_port from configuration to be passed as either --httpport or --tlsport Signed-off-by: Vladimir Kochnev <[email protected]>
marshall-lee
force-pushed
the
acme-acmesh/listen_port-opt
branch
from
fd74e5d to
00a0750
Compare
stokito
approved these changes
Oct 2, 2025
This was referenced Oct 2, 2025
Contributor
|
I added the new method and option to the Luci openwrt/luci#7147 (comment) |
iav
reviewed
Oct 5, 2025
| ;; | ||
| "standalone") | ||
| set -- "$@" --standalone --listen-v6 | ||
| set -- "$@" --standalone --listen-v6 --httpport "$listen_port" |
Contributor
There was a problem hiding this comment.
It should be ok. The options adds TCP6-LISTEN to socat
https://github.com/acmesh-official/acme.sh/blob/a91ab544499b9041afaf50bda9b16ea03867bb39/acme.sh#L2555
And it should listen both v4 and v6 https://superuser.com/a/1778944
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
📦 Package Details
Maintainer: @tohojo
Description:
acme.sh supports
--httpportand--tlsportoptions to be used together with--standaloneand--alpnmodes respectively.This is useful if we're behind a reverse proxy or smth like that or if we cannot bind to standard 80 or 443 port for some other reason.
This PR proposes to add a
listen_portconfiguration option and pass it as--httpportor--tlsportdepending onvalidation_methodchosen.See https://github.com/acmesh-official/acme.sh/wiki/How-to-issue-a-cert and https://github.com/acmesh-official/acme.sh/wiki/TLS-ALPN-without-downtime for details.
Replaces: #27559
Replaces: #20786
🧪 Run Testing Details
✅ Formalities
If your PR contains a patch:
git am(e.g., subject line, commit description, etc.)
We must try to upstream patches to reduce maintenance burden.