From 44ee1732f4ec5f70262b75fa6dd0ecd08ff026eb Mon Sep 17 00:00:00 2001
From: Frank Wall <fw@moov.de>
Date: Wed, 11 Sep 2019 00:07:16 +0200
Subject: [PATCH] security/acme-client: add headers for certificate options

---
 .../AcmeClient/forms/dialogCertificate.xml    | 40 +++++++++++++------
 1 file changed, 28 insertions(+), 12 deletions(-)

diff --git a/security/acme-client/src/opnsense/mvc/app/controllers/OPNsense/AcmeClient/forms/dialogCertificate.xml b/security/acme-client/src/opnsense/mvc/app/controllers/OPNsense/AcmeClient/forms/dialogCertificate.xml
index 4673272f2..8ec38a0c7 100644
--- a/security/acme-client/src/opnsense/mvc/app/controllers/OPNsense/AcmeClient/forms/dialogCertificate.xml
+++ b/security/acme-client/src/opnsense/mvc/app/controllers/OPNsense/AcmeClient/forms/dialogCertificate.xml
@@ -1,4 +1,8 @@
 <form>
+    <field>
+        <label>Certificate Options</label>
+        <type>header</type>
+    </field>
     <field>
         <id>certificate.enabled</id>
         <label>Enabled</label>
@@ -26,6 +30,10 @@
         <help><![CDATA[Configure additional names that should be part pf the certificate, i.e. www.example.com or mail.example.com. Use TAB key to complete typing a FQDN.<br/><div class="text-info"><b>NOTE:</b>You need to forcefully re-issue the certificate if you change "Alt Names" after the certificate was signed by the Let's Encrypt Authority! Use the "issue" button in the Commands column in this case.</div>]]></help>
         <hint>Enter FQDN here. Finish with TAB.</hint>
     </field>
+    <field>
+        <label>Let's Encrypt Settings</label>
+        <type>header</type>
+    </field>
     <field>
         <id>certificate.account</id>
         <label>LE Account</label>
@@ -38,6 +46,22 @@
         <type>dropdown</type>
         <help><![CDATA[Set the Let's Encrypt validation method for this certificate.]]></help>
     </field>
+    <field>
+        <id>certificate.autoRenewal</id>
+        <label>Auto Renewal</label>
+        <type>checkbox</type>
+        <help>Enable automatic renewal for this certificate to prevent expiration.</help>
+    </field>
+    <field>
+        <id>certificate.renewInterval</id>
+        <label>Renewal Interval</label>
+        <type>text</type>
+        <help><![CDATA[Specifies the days to renew the cert. The max value is 60 days.]]></help>
+    </field>
+    <field>
+        <label>Security Settings</label>
+        <type>header</type>
+    </field>
     <field>
         <id>certificate.keyLength</id>
         <label>Key Length</label>
@@ -50,6 +74,10 @@
         <type>checkbox</type>
         <help>Generate and add OCSP Must Staple extension to the certificate.</help>
     </field>
+    <field>
+        <label>Advanced Settings</label>
+        <type>header</type>
+    </field>
     <field>
         <id>certificate.restartActions</id>
         <label>Automations</label>
@@ -58,18 +86,6 @@
         <allownew>true</allownew>
         <help>Choose the automations that should be run after certificate creation and renewal. Basically every application requires a quick restart to reload the updated certificate. If you don't configure an automation, the in-memory certificate may expire and cause security warnings and other issues.</help>
     </field>
-    <field>
-        <id>certificate.autoRenewal</id>
-        <label>Auto Renewal</label>
-        <type>checkbox</type>
-        <help>Enable automatic renewal for this certificate to prevent expiration.</help>
-    </field>
-    <field>
-        <id>certificate.renewInterval</id>
-        <label>Renewal Interval</label>
-        <type>text</type>
-        <help><![CDATA[Specifies the days to renew the cert. The max value is 60 days.]]></help>
-    </field>
     <field>
         <id>certificate.aliasmode</id>
         <label>DNS Alias Mode</label>