os-acme-client 4.11 on Business Edition

greY · January 09, 2026, 02:15:38 PM

Hi,
I'm running OPNsense Business Edition 25.10.1_2 and noticed that the Community Edition already ships os-acme-client 4.11, which includes additional DNS providers (Hetzner Cloud).

On Business, the plugin is still on an older version and the provider is therefore not available.

My question:
Is there any supported way to pull os-acme-client 4.11 into the current Business release (25.10.1_2), or is this strictly tied to the Business plugin freeze and only possible with a future Business update?

franco · January 09, 2026, 03:56:21 PM

You can always install the community one:

# pkg add -f https://pkg.opnsense.org/FreeBSD:14:amd64/25.7/MINT/25.7.10/latest/All/acme.sh-3.1.2.pkg
# pkg add -f https://pkg.opnsense.org/FreeBSD:14:amd64/25.7/MINT/25.7.10/latest/All/os-acme-client-4.11.pkg

Cheers,
Franco

greY · January 09, 2026, 11:35:59 PM

Thanks Franco!

I followed your suggestion and the upgrade itself worked fine (installed the CE packages via pkg add -f and the ACME client is now on the newer version).

However, the DNS-01 flow still fails and the logs show that acme.sh is still using the old Hetzner DNS API endpoint:

it calls https://dns.hetzner.com/api/v1/zones?...

resulting in Error adding TXT record ... Invalid domain

From what I can see, the upstream acme.sh implementation for Hetzner Cloud DNS uses the new Cloud API (https://api.hetzner.cloud/v1/...) in dns_hetznercloud.sh, e.g.: https://github.com/acmesh-official/acme.sh/blob/master/dnsapi/dns_hetznercloud.sh

So it looks like the plugin update did not bring in the expected dns_hetznercloud behavior (or the OPNsense-packaged acme.sh dnsapi scripts differ from upstream / are not updated accordingly).

os-acme-client 4.11 on Business Edition

greY

January 09, 2026, 02:15:38 PM

franco

January 09, 2026, 03:56:21 PM #1

greY

January 09, 2026, 11:35:59 PM #2