← Back to index

opnsense_acmeclient_challenge (Resource)

Manage ACME client validation challenges on OPNsense.

Example Usage

resource "opnsense_acmeclient_challenge" "example_http" {
  enabled                    = true
  name                       = "tf-example-http"
  description                = "Terraform HTTP-01 challenge"
  method                     = "http01"
  dns_service                = "dns_freedns"
  http_service               = "opnsense"
  http_opn_autodiscovery     = true
  tlsalpn_acme_autodiscovery = true
}

Schema

Required

  • method (String) Validation method (http01, dns01, tlsalpn01).
  • name (String) Display name of the challenge.

Optional

  • description (String) Optional description of the challenge.
  • dns_aws_id (String) AWS Route 53 access key ID.
  • dns_aws_secret (String) AWS Route 53 secret access key.
  • dns_azure_app_id (String) Azure DNS application ID.
  • dns_azure_client_secret (String) Azure DNS client secret.
  • dns_azure_subscription_id (String) Azure DNS subscription ID.
  • dns_azure_tenant_id (String) Azure DNS tenant ID.
  • dns_google_domains_access_token (String) Google Domains access token.
  • dns_google_domains_zone (String) Google Domains managed zone name.
  • dns_ionos_prefix (String) IONOS domain prefix.
  • dns_ionos_secret (String) IONOS domain secret.
  • dns_service (String) DNS provider integration identifier when using dns-01.
  • dns_sleep (Number) Number of seconds to wait after updating DNS (dns-01).
  • enabled (Boolean) Whether this challenge is enabled.
  • http_haproxy_frontends (Set of String) HAProxy frontends to use when http-01 is integrated.
  • http_haproxy_inject (Boolean) Whether to inject HTTP-01 validation responses into HAProxy.
  • http_opn_autodiscovery (Boolean) Automatically discover OPNsense interfaces for http-01.
  • http_opn_interface (String) Specific OPNsense interface to use for http-01.
  • http_opn_ipaddresses (Set of String) Specific IPs to bind for http-01.
  • http_service (String) HTTP service integration when using http-01 (opnsense, haproxy, etc.).
  • parameters (Map of String) Additional provider-specific parameters (exact keys as expected by OPNsense, e.g. dns_cf_token).
  • tlsalpn_acme_autodiscovery (Boolean) Automatically discover interfaces for TLS-ALPN.
  • tlsalpn_acme_interface (String) Specific interface for TLS-ALPN validation.
  • tlsalpn_acme_ipaddresses (Set of String) Specific IPs for TLS-ALPN validation.
  • tlsalpn_service (String) TLS-ALPN service integration (acme, nginx, etc.).

Read-Only

  • id (String) UUID of the ACME challenge.