os-acme-client 4.11 on Business Edition

[greY]

Hi,
I'm running OPNsense Business Edition 25.10.1_2 and noticed that the Community Edition already ships os-acme-client 4.11, which includes additional DNS providers (Hetzner Cloud).

On Business, the plugin is still on an older version and the provider is therefore not available.

My question:
Is there any supported way to pull os-acme-client 4.11 into the current Business release (25.10.1_2), or is this strictly tied to the Business plugin freeze and only possible with a future Business update?

[franco]

You can always install the community one:

# pkg add -f https://pkg.opnsense.org/FreeBSD:14:amd64/25.7/MINT/25.7.10/latest/All/acme.sh-3.1.2.pkg
# pkg add -f https://pkg.opnsense.org/FreeBSD:14:amd64/25.7/MINT/25.7.10/latest/All/os-acme-client-4.11.pkg


Cheers,
Franco

[greY]

Thanks Franco!

I followed your suggestion and the upgrade itself worked fine (installed the CE packages via pkg add -f and the ACME client is now on the newer version).

However, the DNS-01 flow still fails and the logs show that acme.sh is still using the old Hetzner DNS API endpoint:

it calls https://dns.hetzner.com/api/v1/zones?...

resulting in Error adding TXT record ... Invalid domain

From what I can see, the upstream acme.sh implementation for Hetzner Cloud DNS uses the new Cloud API (https://api.hetzner.cloud/v1/...) in dns_hetznercloud.sh, e.g.:  https://github.com/acmesh-official/acme.sh/blob/master/dnsapi/dns_hetznercloud.sh

So it looks like the plugin update did not bring in the expected dns_hetznercloud behavior (or the OPNsense-packaged acme.sh dnsapi scripts differ from upstream / are not updated accordingly).

[franco]

I can offer you the latest code we shipped. If that's not what you want from upstream acme.sh you need to patch the file manually because it looks like they did not release it yet?

In general it helps to get the data straight before experimenting if the change one wants is actually there.


Cheers,
Franco