Issue/bug using custom CA - system_acmeregistration.tos


I guess I found a bug, here is what I’ve done : I made a step-ca standalone server and configured it (tested throught a web browser and the directory works)

I configured TrueNas Scale (ver 24.04) following this : dns-shell-script

I imported my root certificate trought the GUI.
Created my CSR and when I want to make an ACME-CSR I get this error :

sqlalchemy.exc.IntegrityError: (sqlite3.IntegrityError) NOT NULL constraint failed: system_acmeregistration.tos
[SQL: INSERT INTO system_acmeregistration (uri, directory, tos, new_account_uri, new_nonce_uri, new_order_uri, revoke_cert_uri) VALUES (?, ?, ?, ?, ?, ?, ?)]
[parameters: ('https://acme.myfakenetwork.local/acme/acme/account/HZEeW7lRjCGzc8xap7zBxGZYiUbhUl21', 'https://acme.myfakenetwork.local/acme/acme/directory/', None, 'https://acme.myfakenetwork.local/acme/acme/new-account', 'https://acme.myfakenetwork.local/acme/acme/new-nonce', 'https://acme.myfakenetwork.local/acme/acme/new-order', 'https://acme.myfakenetwork.local/acme/acme/revoke-cert')]

As you can see, all the informations are correctly retrieved from my server EXCEPT the termsOfService that are “None”.
Of course I added a line termsOfService to be sure that step-ca don’t send an empty line, but it didn’t change anything.

The error happens when I try to save my ACME CSR, so the acmeShellScript is not even executed. It’s really when TrueNAS registers the ACME server.

Here is what my step-ca server shows when I go to https://acme.myfakenetwork.local/acme/acme/directory :

    "newNonce": "https://acme.myfakenetwork.local/acme/acme/new-nonce",
    "newAccount": "https://acme.myfakenetwork.local/acme/acme/new-account",
    "newOrder": "https://acme.myfakenetwork.local/acme/acme/new-order",
    "revokeCert": "https://acme.myfakenetwork.local/acme/acme/revoke-cert",
    "keyChange": "https://acme.myfakenetwork.local/acme/acme/key-change",
    "meta": {
        "termsOfService": "https://acme.myfakenetwork.local/acme/acme/termsOfService"

I really think it’s a bug :frowning: