Merge pull request #4484 from fraenki/acme_480

security/acme-client: release 4.8

security/acme-client/Makefile

@@ -1,5 +1,5 @@
 PLUGIN_NAME=		acme-client
-PLUGIN_VERSION=		4.7
+PLUGIN_VERSION=		4.8
 PLUGIN_COMMENT=		ACME Client
 PLUGIN_MAINTAINER=	opnsense@moov.de
 PLUGIN_DEPENDS=		acme.sh py${PLUGIN_PYTHON}-dns-lexicon

security/acme-client/pkg-descr

@@ -8,6 +8,18 @@ WWW: https://github.com/acmesh-official/acme.sh
 Plugin Changelog
 ================
 
+4.8
+
+BREAKING CHANGE: Let's Encrypt ends support for the OCSP Must Staple
+extension on 30.01.2025. Issuance requests will fail if this option is
+still enabled past this date.
+
+Changed:
+* Add note regarding the support of OCSP
+
+Fixed:
+* SFTP automation unable to transfer certs (#4477)
+
 4.7
 
 Added:

security/acme-client/src/opnsense/mvc/app/controllers/OPNsense/AcmeClient/forms/dialogCertificate.xml

@@ -68,11 +68,15 @@
         <type>dropdown</type>
         <help><![CDATA[Specify the domain key length: 2048, 3072, 4096, 8192 or ec-256, ec-384.]]></help>
     </field>
+    <field>
+        <label><![CDATA[NOTE: OCSP is not supported by all CAs.]]></label>
+        <type>info</type>
+    </field>
     <field>
         <id>certificate.ocsp</id>
         <label>OCSP Must Staple</label>
         <type>checkbox</type>
-        <help>Generate and add OCSP Must Staple extension to the certificate.</help>
+        <help>Generate and add OCSP Must Staple extension to the certificate. When this option is enabled and issueance/renewal requests fail, then this extension is probably not supported by the CA.</help>
     </field>
     <field>
         <label>Advanced Settings</label>