security/acme-client: Undefined constant causes crash when validating with EasyDNS

[txr13]

Important notices
Before you add a new report, we ask you kindly to acknowledge the following:

• I have read the contributing guide lines at https://github.com/opnsense/plugins/blob/master/CONTRIBUTING.md
• I have searched the existing issues, open and closed, and I'm convinced that mine is new.
• The title contains the plugin to which this issue belongs

Describe the bug
When setting up a certificate request using DNS validation with the EasyDNS plugin, attempting to issue the certificate immediately results in a PHP crash. This was detected (and reported) by the crash reporter; this bug report is being submitted for the sake of completeness and visibility.

To Reproduce
Steps to reproduce the behavior:

1. Install the os-acme-client plugin.
2. Create and register an account with Let's Encrypt.
3. Create a DNS-01 validation with the EasyDNS plugin.
4. Create a certificate request using the registered account and validation method.
5. Issue / renew the certificate.
6. A crash is reported.

Expected behavior
The domain names should be processed for validation, allowing the certificate to be requested successfully.

Relevant log files

System Information:

User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:126.0) Gecko/20100101 Firefox/126.0
FreeBSD 13.2-RELEASE-p11 stable/24.1-n255023-99a14409566 SMP amd64
OPNsense 24.1.9_4 908aac04e
Plugins os-acme-client-4.3 os-lldpd-1.1_2 os-qemu-guest-agent-1.2 os-theme-cicada-1.35 os-wol-2.4_2
Time Sat, 29 Jun 2024 07:36:51 -0700
OpenSSL 3.0.14
Python 3.11.9
PHP 8.2.20

PHP Errors:

[29-Jun-2024 07:36:38 America/Vancouver] PHP Fatal error:  Uncaught Error: Undefined constant "OPNsense\AcmeClient\LeValidation\EASYDNS_Key" in /usr/local/opnsense/mvc/app/library/OPNsense/AcmeClient/LeValidation/DnsEasydns.php:42
Stack trace:
#0 /usr/local/opnsense/mvc/app/library/OPNsense/AcmeClient/LeCertificate.php(667): OPNsense\AcmeClient\LeValidation\DnsEasydns->prepare()
#1 /usr/local/opnsense/mvc/app/library/OPNsense/AcmeClient/LeCertificate.php(384): OPNsense\AcmeClient\LeCertificate->setValidation()
#2 /usr/local/opnsense/scripts/OPNsense/AcmeClient/lecert.php(170): OPNsense\AcmeClient\LeCertificate->issue()
#3 /usr/local/opnsense/scripts/OPNsense/AcmeClient/lecert.php(199): main()
#4 {main}
  thrown in /usr/local/opnsense/mvc/app/library/OPNsense/AcmeClient/LeValidation/DnsEasydns.php on line 42

Additional context
The EasyDNS token and API key being used for validation here are also in use on other systems, so they are known to be valid and working. This installation of OPNsense was a fresh install of 24.1 on Proxmox VE, and fully updated to 24.1.9_4 before any plugins were installed.

Environment
OPNsense 24.1.9_4
os-acme-client-4.3
Running as QEMU VM on Proxmox VE 8.2.2

[ehfortin]

Hi,

The resolution is simple. There was missing single quote around EASYDNS_Key and EASYDNS_Token. I've added it manually on my opnsense system and it work. Here is the revised code:

    $this->acme_env['EASYDNS_Key'] = (string)$this->config->dns_easydns_apikey;
    $this->acme_env['EASYDNS_Token'] = (string)$this->config->dns_easydns_apitoken;

Thank you.

[txr13]

Yes, that is the fix in the linked pull request. Just waiting on approval.

[ehfortin]

Not familiar with github. Didn't know you did it. I wanted to fix it and submit for review but got a message saying that I was not authorized to do so. Probably didn't do the proper thing. But at least, I now know that it should be part of the next version to be published. Thank you.