From 22939ae2fc74ac938525c4ee165afc4679238c43 Mon Sep 17 00:00:00 2001
From: Frank Wall <fw@moov.de>
Date: Sun, 19 Jan 2025 12:09:51 +0100
Subject: [PATCH 1/2] security/acme-client: bump version

---
 security/acme-client/Makefile  | 2 +-
 security/acme-client/pkg-descr | 5 +++++
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/security/acme-client/Makefile b/security/acme-client/Makefile
index e431857ae..f750997c0 100644
--- a/security/acme-client/Makefile
+++ b/security/acme-client/Makefile
@@ -1,5 +1,5 @@
 PLUGIN_NAME=		acme-client
-PLUGIN_VERSION=		4.7
+PLUGIN_VERSION=		4.8
 PLUGIN_COMMENT=		ACME Client
 PLUGIN_MAINTAINER=	opnsense@moov.de
 PLUGIN_DEPENDS=		acme.sh py${PLUGIN_PYTHON}-dns-lexicon
diff --git a/security/acme-client/pkg-descr b/security/acme-client/pkg-descr
index 1536c9c9c..8dd171559 100644
--- a/security/acme-client/pkg-descr
+++ b/security/acme-client/pkg-descr
@@ -8,6 +8,11 @@ WWW: https://github.com/acmesh-official/acme.sh
 Plugin Changelog
 ================
 
+4.8
+
+Fixed:
+* SFTP automation unable to transfer certs (#4477)
+
 4.7
 
 Added:

From c4e2f2559f7976c31fdce85567b756a60ea057f8 Mon Sep 17 00:00:00 2001
From: Frank Wall <fw@moov.de>
Date: Sun, 19 Jan 2025 12:31:47 +0100
Subject: [PATCH 2/2] security/acme-client: add note regarding OCSP support

---
 security/acme-client/pkg-descr                             | 7 +++++++
 .../OPNsense/AcmeClient/forms/dialogCertificate.xml        | 6 +++++-
 2 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/security/acme-client/pkg-descr b/security/acme-client/pkg-descr
index 8dd171559..5d07a9eae 100644
--- a/security/acme-client/pkg-descr
+++ b/security/acme-client/pkg-descr
@@ -10,6 +10,13 @@ Plugin Changelog
 
 4.8
 
+BREAKING CHANGE: Let's Encrypt ends support for the OCSP Must Staple
+extension on 30.01.2025. Issuance requests will fail if this option is
+still enabled past this date.
+
+Changed:
+* Add note regarding the support of OCSP
+
 Fixed:
 * SFTP automation unable to transfer certs (#4477)
 
diff --git a/security/acme-client/src/opnsense/mvc/app/controllers/OPNsense/AcmeClient/forms/dialogCertificate.xml b/security/acme-client/src/opnsense/mvc/app/controllers/OPNsense/AcmeClient/forms/dialogCertificate.xml
index ddeda0b17..703b67d98 100644
--- a/security/acme-client/src/opnsense/mvc/app/controllers/OPNsense/AcmeClient/forms/dialogCertificate.xml
+++ b/security/acme-client/src/opnsense/mvc/app/controllers/OPNsense/AcmeClient/forms/dialogCertificate.xml
@@ -68,11 +68,15 @@
         <type>dropdown</type>
         <help><![CDATA[Specify the domain key length: 2048, 3072, 4096, 8192 or ec-256, ec-384.]]></help>
     </field>
+    <field>
+        <label><![CDATA[NOTE: OCSP is not supported by all CAs.]]></label>
+        <type>info</type>
+    </field>
     <field>
         <id>certificate.ocsp</id>
         <label>OCSP Must Staple</label>
         <type>checkbox</type>
-        <help>Generate and add OCSP Must Staple extension to the certificate.</help>
+        <help>Generate and add OCSP Must Staple extension to the certificate. When this option is enabled and issueance/renewal requests fail, then this extension is probably not supported by the CA.</help>
     </field>
     <field>
         <label>Advanced Settings</label>