From 9aa2ccf960fae6a6ef8991f67d5f4ca6392c7cb5 Mon Sep 17 00:00:00 2001
From: Frank Wall <fw@moov.de>
Date: Tue, 7 Apr 2026 16:25:10 +0200
Subject: [PATCH 1/3] security/acme-client: add help text for hostingde, refs
 #5373

---
 .../controllers/OPNsense/AcmeClient/forms/dialogValidation.xml   | 1 +
 1 file changed, 1 insertion(+)

diff --git a/security/acme-client/src/opnsense/mvc/app/controllers/OPNsense/AcmeClient/forms/dialogValidation.xml b/security/acme-client/src/opnsense/mvc/app/controllers/OPNsense/AcmeClient/forms/dialogValidation.xml
index d8c86d6e6..851e12c85 100644
--- a/security/acme-client/src/opnsense/mvc/app/controllers/OPNsense/AcmeClient/forms/dialogValidation.xml
+++ b/security/acme-client/src/opnsense/mvc/app/controllers/OPNsense/AcmeClient/forms/dialogValidation.xml
@@ -662,6 +662,7 @@
         <id>validation.dns_hostingde_server</id>
         <label>Server URL</label>
         <type>text</type>
+        <help>Enter the API endpoint, e.g. https://secure.hosting.de or https://partner.http.net.</help>
     </field>
     <field>
         <id>validation.dns_hostingde_apiKey</id>

From 72043b78bc9b0aa08c5769113e78a526e6b65a34 Mon Sep 17 00:00:00 2001
From: Frank Wall <fw@moov.de>
Date: Mon, 13 Apr 2026 14:37:48 +0200
Subject: [PATCH 2/3] security/acme-client: fix incorrect naming scheme of
 TrueNAS WS automation

---
 security/acme-client/Makefile                 |  2 +-
 security/acme-client/pkg-descr                |  5 ++
 .../AcmeClient/forms/dialogAction.xml         |  8 +--
 .../{AcmeTruenasWS.php => AcmeTruenasWs.php}  |  2 +-
 .../models/OPNsense/AcmeClient/AcmeClient.xml | 24 ++++++++-
 .../OPNsense/AcmeClient/Migrations/M4_4_0.php | 50 +++++++++++++++++++
 6 files changed, 83 insertions(+), 8 deletions(-)
 rename security/acme-client/src/opnsense/mvc/app/library/OPNsense/AcmeClient/LeAutomation/{AcmeTruenasWS.php => AcmeTruenasWs.php} (96%)
 create mode 100644 security/acme-client/src/opnsense/mvc/app/models/OPNsense/AcmeClient/Migrations/M4_4_0.php

diff --git a/security/acme-client/Makefile b/security/acme-client/Makefile
index 9d6b4ec8e..088f0bab4 100644
--- a/security/acme-client/Makefile
+++ b/security/acme-client/Makefile
@@ -1,5 +1,5 @@
 PLUGIN_NAME=		acme-client
-PLUGIN_VERSION=		4.15
+PLUGIN_VERSION=		4.16
 PLUGIN_COMMENT=		ACME Client
 PLUGIN_MAINTAINER=	opnsense@moov.de
 PLUGIN_DEPENDS=		acme.sh py${PLUGIN_PYTHON}-dns-lexicon
diff --git a/security/acme-client/pkg-descr b/security/acme-client/pkg-descr
index dfa6ce841..1210efbde 100644
--- a/security/acme-client/pkg-descr
+++ b/security/acme-client/pkg-descr
@@ -8,6 +8,11 @@ WWW: https://github.com/acmesh-official/acme.sh
 Plugin Changelog
 ================
 
+4.16
+
+Fixed:
+* fix incorrect naming scheme of TrueNAS WS automation
+
 4.15
 
 Added:
diff --git a/security/acme-client/src/opnsense/mvc/app/controllers/OPNsense/AcmeClient/forms/dialogAction.xml b/security/acme-client/src/opnsense/mvc/app/controllers/OPNsense/AcmeClient/forms/dialogAction.xml
index 477443587..b03e6f89c 100644
--- a/security/acme-client/src/opnsense/mvc/app/controllers/OPNsense/AcmeClient/forms/dialogAction.xml
+++ b/security/acme-client/src/opnsense/mvc/app/controllers/OPNsense/AcmeClient/forms/dialogAction.xml
@@ -398,22 +398,22 @@
     <field>
         <label>Required Parameters</label>
         <type>header</type>
-        <style>method_table method_table_acme_truenasws</style>
+        <style>method_table method_table_acme_truenas_ws</style>
     </field>
     <field>
-        <id>action.acme_truenasws_apikey</id>
+        <id>action.acme_truenas_ws_apikey</id>
         <label>TrueNAS API key</label>
         <type>text</type>
         <help>API key generated in the TrueNAS web UI.</help>
     </field>
     <field>
-        <id>action.acme_truenasws_hostname</id>
+        <id>action.acme_truenas_ws_hostname</id>
         <label>TrueNAS hostname</label>
         <type>text</type>
         <help>Hostname or IP address of TrueNAS Server.</help>
     </field>
     <field>
-        <id>action.acme_truenasws_protocol</id>
+        <id>action.acme_truenas_ws_protocol</id>
         <label>TrueNAS protocol</label>
         <type>dropdown</type>
         <help>Connection scheme that will be used when uploading certificates to TrueNAS Server.</help>
diff --git a/security/acme-client/src/opnsense/mvc/app/library/OPNsense/AcmeClient/LeAutomation/AcmeTruenasWS.php b/security/acme-client/src/opnsense/mvc/app/library/OPNsense/AcmeClient/LeAutomation/AcmeTruenasWs.php
similarity index 96%
rename from security/acme-client/src/opnsense/mvc/app/library/OPNsense/AcmeClient/LeAutomation/AcmeTruenasWS.php
rename to security/acme-client/src/opnsense/mvc/app/library/OPNsense/AcmeClient/LeAutomation/AcmeTruenasWs.php
index 1a5fdb9ca..91ced0c0b 100644
--- a/security/acme-client/src/opnsense/mvc/app/library/OPNsense/AcmeClient/LeAutomation/AcmeTruenasWS.php
+++ b/security/acme-client/src/opnsense/mvc/app/library/OPNsense/AcmeClient/LeAutomation/AcmeTruenasWs.php
@@ -35,7 +35,7 @@ use OPNsense\AcmeClient\LeAutomationInterface;
  * Run acme.sh deploy hook truenas_ws
  * @package OPNsense\AcmeClient
  */
-class AcmeTruenasWS extends Base implements LeAutomationInterface
+class AcmeTruenasWs extends Base implements LeAutomationInterface
 {
     public function prepare()
     {
diff --git a/security/acme-client/src/opnsense/mvc/app/models/OPNsense/AcmeClient/AcmeClient.xml b/security/acme-client/src/opnsense/mvc/app/models/OPNsense/AcmeClient/AcmeClient.xml
index a9cf430fa..40359e945 100644
--- a/security/acme-client/src/opnsense/mvc/app/models/OPNsense/AcmeClient/AcmeClient.xml
+++ b/security/acme-client/src/opnsense/mvc/app/models/OPNsense/AcmeClient/AcmeClient.xml
@@ -1,6 +1,6 @@
 <model>
     <mount>//OPNsense/AcmeClient</mount>
-    <version>4.3.1</version>
+    <version>4.4.0</version>
     <description>A secure ACME Client plugin</description>
     <items>
         <settings>
@@ -1431,7 +1431,7 @@
                         <acme_vault>Upload certificate to HashiCorp Vault</acme_vault>
                         <acme_synology_dsm>Upload certificate to Synology DSM</acme_synology_dsm>
                         <acme_truenas>Upload certificate to TrueNAS Server (deprecated API)</acme_truenas>
-                        <acme_truenasws>Upload certificate to TrueNAS Server (Websocket API)</acme_truenasws>
+                        <acme_truenas_ws>Upload certificate to TrueNAS Server (Websocket API)</acme_truenas_ws>
                         <acme_zyxel_gs1900>Upload certificate to Zyxel GS1900 series switches</acme_zyxel_gs1900>
                         <acme_unifi>Update local Unifi keystore</acme_unifi>
                         <configd_generic>System or Plugin Command</configd_generic>
@@ -1745,6 +1745,26 @@
                         <https>HTTPS</https>
                     </OptionValues>
                 </acme_truenas_scheme>
+                <acme_truenas_ws_apikey type="TextField">
+                    <Required>N</Required>
+                    <Mask>/^.{1,1024}$/u</Mask>
+                    <ValidationMessage>Should be a string between 1 and 1024 characters.</ValidationMessage>
+                </acme_truenas_ws_apikey>
+                <acme_truenas_ws_hostname type="HostnameField">
+                    <Default>localhost</Default>
+                    <Required>N</Required>
+                    <Mask>/^.{1,1024}$/u</Mask>
+                    <ValidationMessage>Should be a string between 1 and 1024 characters.</ValidationMessage>
+                </acme_truenas_ws_hostname>
+                <acme_truenas_ws_protocol type="OptionField">
+                    <Default>ws</Default>
+                    <Required>N</Required>
+                    <OptionValues>
+                        <ws>ws [default]</ws>
+                        <wss>wss</wss>
+                    </OptionValues>
+                </acme_truenas_ws_protocol>
+                <!-- TODO: old "truenasws" values kept for model migration, should be removed in version 5.0.0 -->
                 <acme_truenasws_apikey type="TextField">
                     <Required>N</Required>
                     <Mask>/^.{1,1024}$/u</Mask>
diff --git a/security/acme-client/src/opnsense/mvc/app/models/OPNsense/AcmeClient/Migrations/M4_4_0.php b/security/acme-client/src/opnsense/mvc/app/models/OPNsense/AcmeClient/Migrations/M4_4_0.php
new file mode 100644
index 000000000..5df32bf20
--- /dev/null
+++ b/security/acme-client/src/opnsense/mvc/app/models/OPNsense/AcmeClient/Migrations/M4_4_0.php
@@ -0,0 +1,50 @@
+<?php
+
+/**
+ *    Copyright (C) 2026 Frank Wall
+ *
+ *    All rights reserved.
+ *
+ *    Redistribution and use in source and binary forms, with or without
+ *    modification, are permitted provided that the following conditions are met:
+ *
+ *    1. Redistributions of source code must retain the above copyright notice,
+ *       this list of conditions and the following disclaimer.
+ *
+ *    2. Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in the
+ *       documentation and/or other materials provided with the distribution.
+ *
+ *    THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ *    INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ *    AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ *    AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ *    OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ *    SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ *    INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ *    CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ *    ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ *    POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+namespace OPNsense\AcmeClient\Migrations;
+
+use OPNsense\Base\BaseModelMigration;
+
+class M4_4_0 extends BaseModelMigration
+{
+    public function run($model)
+    {
+        foreach ($model->getNodeByReference('actions.action')->iterateItems() as $action) {
+            $action_type = (string)$action->type;
+            if ($action_type === 'acme_truenasws') {
+                // Migrate data from misspelled item to new one
+                $action->type = 'acme_truenas_ws';
+                $action->acme_truenas_ws_apikey = (string)$action->acme_truenasws_apikey;
+                $action->acme_truenas_ws_hostname = (string)$action->acme_truenasws_hostname;
+                $action->acme_truenas_ws_protocol = (string)$action->acme_truenasws_protocol;
+            }
+        }
+    }
+}

From a5e06c504ad8251664a3a212a313e9ca618b3aae Mon Sep 17 00:00:00 2001
From: Frank Wall <fw@moov.de>
Date: Mon, 13 Apr 2026 17:23:37 +0200
Subject: [PATCH 3/3] security/acme-client: add support for Active24 API v2,
 closes #5381

---
 security/acme-client/pkg-descr                           | 6 ++++++
 .../OPNsense/AcmeClient/forms/dialogValidation.xml       | 9 +++++++--
 .../OPNsense/AcmeClient/LeValidation/DnsActive24.php     | 4 +++-
 .../mvc/app/models/OPNsense/AcmeClient/AcmeClient.xml    | 7 +++++--
 4 files changed, 21 insertions(+), 5 deletions(-)

diff --git a/security/acme-client/pkg-descr b/security/acme-client/pkg-descr
index 1210efbde..49a81e7f0 100644
--- a/security/acme-client/pkg-descr
+++ b/security/acme-client/pkg-descr
@@ -10,6 +10,12 @@ Plugin Changelog
 
 4.16
 
+Added:
+* add support for Active24 API v2 (#5381)
+
+Changed:
+* credentials for Active24 DNSAPI must be entered again (#5381)
+
 Fixed:
 * fix incorrect naming scheme of TrueNAS WS automation
 
diff --git a/security/acme-client/src/opnsense/mvc/app/controllers/OPNsense/AcmeClient/forms/dialogValidation.xml b/security/acme-client/src/opnsense/mvc/app/controllers/OPNsense/AcmeClient/forms/dialogValidation.xml
index 851e12c85..6b3ce02aa 100644
--- a/security/acme-client/src/opnsense/mvc/app/controllers/OPNsense/AcmeClient/forms/dialogValidation.xml
+++ b/security/acme-client/src/opnsense/mvc/app/controllers/OPNsense/AcmeClient/forms/dialogValidation.xml
@@ -137,10 +137,15 @@
         <style>table_dns table_dns_active24</style>
     </field>
     <field>
-        <id>validation.dns_active24_token</id>
-        <label>Token</label>
+        <id>validation.dns_active24_api_key</id>
+        <label>API Key</label>
         <type>text</type>
     </field>
+    <field>
+        <id>validation.dns_active24_api_secret</id>
+        <label>API Secret</label>
+        <type>password</type>
+    </field>
     <field>
         <label>Alwaysdata</label>
         <type>header</type>
diff --git a/security/acme-client/src/opnsense/mvc/app/library/OPNsense/AcmeClient/LeValidation/DnsActive24.php b/security/acme-client/src/opnsense/mvc/app/library/OPNsense/AcmeClient/LeValidation/DnsActive24.php
index 4b26d1bcf..79100ae6e 100644
--- a/security/acme-client/src/opnsense/mvc/app/library/OPNsense/AcmeClient/LeValidation/DnsActive24.php
+++ b/security/acme-client/src/opnsense/mvc/app/library/OPNsense/AcmeClient/LeValidation/DnsActive24.php
@@ -1,6 +1,7 @@
 <?php
 
 /*
+ * Copyright (C) 2026 Frank Wall
  * Copyright (C) 2022 Jan Winkler
  * All rights reserved.
  *
@@ -39,6 +40,7 @@ class DnsActive24 extends Base implements LeValidationInterface
 {
     public function prepare()
     {
-        $this->acme_env['ACTIVE24_Token'] = (string)$this->config->dns_active24_token;
+        $this->acme_env['Active24_ApiKey'] = (string)$this->config->dns_active24_api_key;
+        $this->acme_env['Active24_ApiSecret'] = (string)$this->config->dns_active24_api_secret;
     }
 }
diff --git a/security/acme-client/src/opnsense/mvc/app/models/OPNsense/AcmeClient/AcmeClient.xml b/security/acme-client/src/opnsense/mvc/app/models/OPNsense/AcmeClient/AcmeClient.xml
index 40359e945..04b929616 100644
--- a/security/acme-client/src/opnsense/mvc/app/models/OPNsense/AcmeClient/AcmeClient.xml
+++ b/security/acme-client/src/opnsense/mvc/app/models/OPNsense/AcmeClient/AcmeClient.xml
@@ -552,9 +552,12 @@
                     <ValidationMessage>Please specify a value between 0 and 84600 seconds.</ValidationMessage>
                     <Required>Y</Required>
                 </dns_sleep>
-                <dns_active24_token type="TextField">
+                <dns_active24_api_key type="TextField">
                     <Required>N</Required>
-                </dns_active24_token>
+                </dns_active24_api_key>
+                <dns_active24_api_secret type="TextField">
+                    <Required>N</Required>
+                </dns_active24_api_secret>
                 <dns_ad_key type="TextField">
                     <Required>N</Required>
                 </dns_ad_key>