NethVoice Let's Encrypt validation enhancement

[DavidePrincipi]

Starting from version 4.0.0, the Traefik module extends the set-route action with Let's Encrypt certificate request validation and introduces a new set-certificate action behavior with the an opt-in validation check.

The behavior of existing actions remains unchanged. However, applications must comply with the new UX requirements: they must inform the cluster-admin user of failures and display a Traefik restart warning, as illustrated in the UI mockup.

Proposed solution

Implement the UI mockup for:

• NethVoice (set-route backend change required)
• NethVoice Proxy (set-certificate backend change required). Note that currently the switch is not present, it behaves like it is always enabled.

Backend changes

For NethVoice:

1. Call set-route with lets_encrypt_check:true to enable the validation error newcert_acme_error.
2. Call set-route with lets_encrypt_cleanup:true to trigger a Traefik restart. The UI must display the restart warning.

For NethVoice Proxy:

1. Call set-certificate. No flag is required to enable the newcert_acme_error validation.

Note for automatic actions

The import-module, clone-module, and restore-module actions must generally act like the Let's Encrypt toggle is off, because the UI generally does not implement the certificate validation during the related workflows (migration, clone/move, restoration).

See also

• Redesign of the TLS Certificates Page #7544