From c4e2f2559f7976c31fdce85567b756a60ea057f8 Mon Sep 17 00:00:00 2001 From: Frank Wall Date: Sun, 19 Jan 2025 12:31:47 +0100 Subject: [PATCH] security/acme-client: add note regarding OCSP support --- security/acme-client/pkg-descr | 7 +++++++ .../OPNsense/AcmeClient/forms/dialogCertificate.xml | 6 +++++- 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/security/acme-client/pkg-descr b/security/acme-client/pkg-descr index 8dd171559..5d07a9eae 100644 --- a/security/acme-client/pkg-descr +++ b/security/acme-client/pkg-descr @@ -10,6 +10,13 @@ Plugin Changelog 4.8 +BREAKING CHANGE: Let's Encrypt ends support for the OCSP Must Staple +extension on 30.01.2025. Issuance requests will fail if this option is +still enabled past this date. + +Changed: +* Add note regarding the support of OCSP + Fixed: * SFTP automation unable to transfer certs (#4477) diff --git a/security/acme-client/src/opnsense/mvc/app/controllers/OPNsense/AcmeClient/forms/dialogCertificate.xml b/security/acme-client/src/opnsense/mvc/app/controllers/OPNsense/AcmeClient/forms/dialogCertificate.xml index ddeda0b17..703b67d98 100644 --- a/security/acme-client/src/opnsense/mvc/app/controllers/OPNsense/AcmeClient/forms/dialogCertificate.xml +++ b/security/acme-client/src/opnsense/mvc/app/controllers/OPNsense/AcmeClient/forms/dialogCertificate.xml @@ -68,11 +68,15 @@ dropdown + + + info + certificate.ocsp checkbox - Generate and add OCSP Must Staple extension to the certificate. + Generate and add OCSP Must Staple extension to the certificate. When this option is enabled and issueance/renewal requests fail, then this extension is probably not supported by the CA.