ACME pkg v1.0
-
ACME pkg v1.0 is out now for pfSense Plus 25.07, 24.11, and CE 2.8.0.
Bug fixes/changes:
-
Synchronized with upstream acme.sh version 3.1.2 (master branch)
-
Various upstream bug fixes for DNS providers
-
Removed deprecated OCSP stapling options
https://redmine.pfsense.org/issues/16195 -
Fixed a bug with nsupdate and challenge aliases
https://redmine.pfsense.org/issues/15061 -
Added initial support for custom ACME servers
Add servers on the General Settings tab.
Note: This feature has undergone basic testing, however, there is no way to know if it will work against any custom ACME server, and there is no way for the package to know which validation methods are supported by an ACME server.
Use at own risk. Test before deployment.
Existing Provider Changes:
-
Gandi LiveDNS has deprecated API keys and now uses a Personal Access
Token (PAT). Configure the new PAT option to ensure future updates
work. -
Active24 changed from a single Token to an API Key + API Secret and
must be reconfigured before use. -
Selectel API version v1 is deprecated, but still available as a new
option, along with new API v2 options. Must be reconfigured before
use.
New DNS Providers:
- Beget.com
- EdgeCenter.ru
- FreeMyIP.com
- HE.net DDNS
- Mijn.host
- OpenProvider via REST API
- Spaceship
- Technitium
- ZoneEdit
Note: The change from 0.9 to 1.0 does not reflect any particular significant change in the package, but it has been stable for so long that keeping its version number below zero no longer made sense.
Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!
Need help fast? Netgate Global Support!
Do not Chat/PM for help!
-
-
J jimp pinned this topic
-
@jimp Just updated acme package to v1, and did a renew of certs even though they were not do for a while. All went fine, using dns-cloudflare
On 25.07 of pfsense+
-
Same pfSense here, upgrade to acme to "1.0" and hit the renew button.
I'm using the "nsupdate" method. The cert was renewed just fine. -
I tried to update ACME on a 2.8.0 pfsense, actually stuck and broken the installation, can't get to pfsense Webgui or SSH.
I'll get back with more info.
-
@Urbaman75 said in ACME pkg v1.0:
I tried to update ACME on a 2.8.0 pfsense, actually stuck and broken the installation, can't get to pfsense Webgui or SSH.
I'll get back with more info.
Start a fresh thread for that. I tested it on 2.8.x and it worked fine there, so it probably isn't something to do with the package itself, but something else going on with your installation.
-
Nice to read that news!
Will it be also available for 25.07.1?
I got an ! Exclamation Mark, after upgrading to 25.07.1 and reinstalled ACME and it was downgraded to 0.9. -
yeah, my pfSense (25.07.1) also tells me that a - downgrade ! - is, available :
but I keep my "acme 1.0" until further notice
'I works for me'. -
Not here and it works fine -
I don't use the email notifications for available updates. Maybe if you are using that it is confused ?
The update to 1.0 was applied when it became available (under 25.07) and the system has since been updated to 25.07.01. the only package the was updated during the 25.07 > 25.07.01 process was Nexus, which went to 25.07.1_1 All other packages (I use) remained untouched when going to 25.07.1
-
Check again now. The ACME 1 package came out after the 25.07.1 branch was frozen for the release, I picked it over there now and it should have just finished building.
Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!
Need help fast? Netgate Global Support!
Do not Chat/PM for help!
-
@jimp Could we kick off a build for the 2.8.1-BETA branch, too?
-
@tinfoilmatt said in ACME pkg v1.0:
@jimp Could we kick off a build for the 2.8.1-BETA branch, too?
It's not beta anymore, so no :-)
That process has been on hold while we worked on 25.07.1 so it should be coming along Soon
Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!
Need help fast? Netgate Global Support!
Do not Chat/PM for help!
-
@jimp True! Thanks for confirming.
(How's that trademark registration coming along, btw? Gotta be gettin' close to "
" this far down the road now! 
) -
@jimp said in ACME pkg v1.0:
Check again now. The ACME 1 package came out after the 25.07.1 branch was frozen for the release, I picked it over there now and it should have just finished building.
Version 25.07 includes Acme 1.0.
Version 25.07.1 includes only Acme 0.9_1.
If you do a fresh install of 25.07.1, you get only Acme 0.9_1.
If you upgrade to 25.07.1 from 25.07 and had already updated the Acme package to 1.0 in 25.07, you’ll still have Acme 1.0. -
And when you are on version 25.07.1 or 25.07 and then click on the reinstall button for the ACME package. It will downgrade. :)
-
OK, it should be there now if you check one more time. The new package builds for that branch were not completely ready yet, but they are now, and ACME 1.0 is in the 25.07.1 repository.
Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!
Need help fast? Netgate Global Support!
Do not Chat/PM for help!
-
@jimp yeah its there now, see the update available on my 25.07.1 vm
http://192.168.9.34/pkg_mgr_install.php?mode=reinstallpkg&pkg=pfSense-pkg-acme&from=0.9_1&to=1.0>>> Setting vital flag on php83...done. >>> Upgrading pfSense-pkg-acme... Updating pfSense-core repository catalogue... pfSense-core repository is up to date. Updating pfSense repository catalogue... pfSense repository is up to date. All repositories are up to date. The following 1 package(s) will be affected (of 0 checked): Installed packages to be UPGRADED: pfSense-pkg-acme: 0.9_1 -> 1.0 [pfSense] Number of packages to be upgraded: 1 277 KiB to be downloaded. [1/1] Fetching pfSense-pkg-acme-1.0.pkg: .......... done Checking integrity... done (0 conflicting) [1/1] Upgrading pfSense-pkg-acme from 0.9_1 to 1.0... [1/1] Extracting pfSense-pkg-acme-1.0: .......... done Removing acme components... Menu items... done. Loading package instructions... Deinstall commands... done. Saving updated package information... overwrite! Loading package configuration... done. Configuring package components... Loading package instructions... Custom commands... Executing custom_php_install_command()...done. Menu items... done. Writing configuration... done. >>> Cleaning up cache...done. Success -
Done.
I was on acme.sh 1.0 (25.07.1) and a downgrade was proposed.
Now, the issue is gone.
