diff --git a/security/acme-client/Makefile b/security/acme-client/Makefile
index e431857ae..f750997c0 100644
--- a/security/acme-client/Makefile
+++ b/security/acme-client/Makefile
@@ -1,5 +1,5 @@
PLUGIN_NAME= acme-client
-PLUGIN_VERSION= 4.7
+PLUGIN_VERSION= 4.8
PLUGIN_COMMENT= ACME Client
PLUGIN_MAINTAINER= opnsense@moov.de
PLUGIN_DEPENDS= acme.sh py${PLUGIN_PYTHON}-dns-lexicon
diff --git a/security/acme-client/pkg-descr b/security/acme-client/pkg-descr
index 1536c9c9c..5d07a9eae 100644
--- a/security/acme-client/pkg-descr
+++ b/security/acme-client/pkg-descr
@@ -8,6 +8,18 @@ WWW: https://github.com/acmesh-official/acme.sh
Plugin Changelog
================
+4.8
+
+BREAKING CHANGE: Let's Encrypt ends support for the OCSP Must Staple
+extension on 30.01.2025. Issuance requests will fail if this option is
+still enabled past this date.
+
+Changed:
+* Add note regarding the support of OCSP
+
+Fixed:
+* SFTP automation unable to transfer certs (#4477)
+
4.7
Added:
diff --git a/security/acme-client/src/opnsense/mvc/app/controllers/OPNsense/AcmeClient/forms/dialogCertificate.xml b/security/acme-client/src/opnsense/mvc/app/controllers/OPNsense/AcmeClient/forms/dialogCertificate.xml
index ddeda0b17..703b67d98 100644
--- a/security/acme-client/src/opnsense/mvc/app/controllers/OPNsense/AcmeClient/forms/dialogCertificate.xml
+++ b/security/acme-client/src/opnsense/mvc/app/controllers/OPNsense/AcmeClient/forms/dialogCertificate.xml
@@ -68,11 +68,15 @@
dropdown
+
+
+ info
+ certificate.ocspcheckbox
- Generate and add OCSP Must Staple extension to the certificate.
+ Generate and add OCSP Must Staple extension to the certificate. When this option is enabled and issueance/renewal requests fail, then this extension is probably not supported by the CA.