From d18e09c78dda06e32104f93f1042e18bdd0a9ede Mon Sep 17 00:00:00 2001
From: Frank Wall <fw@moov.de>
Date: Thu, 29 Jan 2026 21:58:53 +0100
Subject: [PATCH 1/3] security/acme-client: release 4.13

---
 security/acme-client/Makefile  | 2 +-
 security/acme-client/pkg-descr | 7 +++++++
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/security/acme-client/Makefile b/security/acme-client/Makefile
index 22d30a042..9f8906b31 100644
--- a/security/acme-client/Makefile
+++ b/security/acme-client/Makefile
@@ -1,5 +1,5 @@
 PLUGIN_NAME=		acme-client
-PLUGIN_VERSION=		4.12
+PLUGIN_VERSION=		4.13
 PLUGIN_COMMENT=		ACME Client
 PLUGIN_MAINTAINER=	opnsense@moov.de
 PLUGIN_DEPENDS=		acme.sh py${PLUGIN_PYTHON}-dns-lexicon
diff --git a/security/acme-client/pkg-descr b/security/acme-client/pkg-descr
index 4402d75ce..a86ecbd96 100644
--- a/security/acme-client/pkg-descr
+++ b/security/acme-client/pkg-descr
@@ -8,6 +8,13 @@ WWW: https://github.com/acmesh-official/acme.sh
 Plugin Changelog
 ================
 
+4.13
+
+Added:
+* add support for ACME profiles (#5154)
+* add support for deploy hook "Ruckus" (#5157)
+* add support for Spaceship.com DNS API (#5158)
+
 4.12
 
 Added:

From db0b943465382085d2a844f34a936eb5fffd50ef Mon Sep 17 00:00:00 2001
From: Frank Wall <fw@moov.de>
Date: Thu, 29 Jan 2026 22:16:27 +0100
Subject: [PATCH 2/3] security/acme-client: remove duplicate slashes, refs
 #5166

---
 security/acme-client/pkg-descr                              | 3 +++
 .../OPNsense/AcmeClient/LeValidation/DnsNsupdate.php        | 2 +-
 .../library/OPNsense/AcmeClient/LeValidation/DnsTransip.php | 2 +-
 .../OPNsense/AcmeClient/LeValidation/HttpOpnsense.php       | 6 +++---
 .../OPNsense/AcmeClient/LeValidation/TlsalpnAcme.php        | 6 +++---
 5 files changed, 11 insertions(+), 8 deletions(-)

diff --git a/security/acme-client/pkg-descr b/security/acme-client/pkg-descr
index a86ecbd96..299b909ee 100644
--- a/security/acme-client/pkg-descr
+++ b/security/acme-client/pkg-descr
@@ -15,6 +15,9 @@ Added:
 * add support for deploy hook "Ruckus" (#5157)
 * add support for Spaceship.com DNS API (#5158)
 
+Fixed:
+* remove duplicate slashes in nsupdate, TransIP, OPNsense, TLS ALPN challenge types (#5166)
+
 4.12
 
 Added:
diff --git a/security/acme-client/src/opnsense/mvc/app/library/OPNsense/AcmeClient/LeValidation/DnsNsupdate.php b/security/acme-client/src/opnsense/mvc/app/library/OPNsense/AcmeClient/LeValidation/DnsNsupdate.php
index 999276751..fba6d3662 100644
--- a/security/acme-client/src/opnsense/mvc/app/library/OPNsense/AcmeClient/LeValidation/DnsNsupdate.php
+++ b/security/acme-client/src/opnsense/mvc/app/library/OPNsense/AcmeClient/LeValidation/DnsNsupdate.php
@@ -40,7 +40,7 @@ class DnsNsupdate extends Base implements LeValidationInterface
     public function prepare()
     {
         $configdir = (string)sprintf(self::ACME_CONFIG_DIR, $this->cert_id);
-        $secret_key_filename = "{$configdir}/secret.key";
+        $secret_key_filename = "{$configdir}secret.key";
         $secret_key_data = (string)$this->config->dns_nsupdate_key . "\n";
         file_put_contents($secret_key_filename, $secret_key_data);
 
diff --git a/security/acme-client/src/opnsense/mvc/app/library/OPNsense/AcmeClient/LeValidation/DnsTransip.php b/security/acme-client/src/opnsense/mvc/app/library/OPNsense/AcmeClient/LeValidation/DnsTransip.php
index e87ff3db2..b62043acf 100644
--- a/security/acme-client/src/opnsense/mvc/app/library/OPNsense/AcmeClient/LeValidation/DnsTransip.php
+++ b/security/acme-client/src/opnsense/mvc/app/library/OPNsense/AcmeClient/LeValidation/DnsTransip.php
@@ -40,7 +40,7 @@ class DnsTransip extends Base implements LeValidationInterface
     public function prepare()
     {
         $configdir = (string)sprintf(self::ACME_CONFIG_DIR, $this->cert_id);
-        $secret_key_filename = "{$configdir}/secret.key";
+        $secret_key_filename = "{$configdir}secret.key";
         $secret_key_data = (string)$this->config->dns_transip_key . "\n";
         file_put_contents($secret_key_filename, $secret_key_data);
 
diff --git a/security/acme-client/src/opnsense/mvc/app/library/OPNsense/AcmeClient/LeValidation/HttpOpnsense.php b/security/acme-client/src/opnsense/mvc/app/library/OPNsense/AcmeClient/LeValidation/HttpOpnsense.php
index 03ca5e97c..bbb2cb594 100644
--- a/security/acme-client/src/opnsense/mvc/app/library/OPNsense/AcmeClient/LeValidation/HttpOpnsense.php
+++ b/security/acme-client/src/opnsense/mvc/app/library/OPNsense/AcmeClient/LeValidation/HttpOpnsense.php
@@ -127,10 +127,10 @@ class HttpOpnsense extends Base implements LeValidationInterface
         }
 
         // Create temporary port forward to allow acme challenges to get through
-        File::file_put_contents("{$configdir}/acme_anchor_setup", "rdr-anchor \"acme-client\"\n", 0600);
+        File::file_put_contents("{$configdir}acme_anchor_setup", "rdr-anchor \"acme-client\"\n", 0600);
         Shell::run_safe('/sbin/pfctl -f %s', ["{$configdir}/acme_anchor_setup"]);
-        File::file_put_contents("{$configdir}/acme_anchor_rules", $anchor_rules, 0600);
-        Shell::run_safe('/sbin/pfctl -a %s -f %s', ['acme-client', "{$configdir}/acme_anchor_rules"]);
+        File::file_put_contents("{$configdir}acme_anchor_rules", $anchor_rules, 0600);
+        Shell::run_safe('/sbin/pfctl -a %s -f %s', ['acme-client', "{$configdir}acme_anchor_rules"]);
     }
 
     public function cleanup()
diff --git a/security/acme-client/src/opnsense/mvc/app/library/OPNsense/AcmeClient/LeValidation/TlsalpnAcme.php b/security/acme-client/src/opnsense/mvc/app/library/OPNsense/AcmeClient/LeValidation/TlsalpnAcme.php
index df5819600..f662e90a2 100644
--- a/security/acme-client/src/opnsense/mvc/app/library/OPNsense/AcmeClient/LeValidation/TlsalpnAcme.php
+++ b/security/acme-client/src/opnsense/mvc/app/library/OPNsense/AcmeClient/LeValidation/TlsalpnAcme.php
@@ -128,10 +128,10 @@ class TlsalpnAcme extends Base implements LeValidationInterface
         }
 
         // Create temporary port forward to allow acme challenges to get through
-        File::file_put_contents("{$configdir}/acme_anchor_setup", "rdr-anchor \"acme-client\"\n", 0600);
+        File::file_put_contents("{$configdir}acme_anchor_setup", "rdr-anchor \"acme-client\"\n", 0600);
         Shell::run_safe('/sbin/pfctl -f %s', ["{$configdir}/acme_anchor_setup"]);
-        File::file_put_contents("{$configdir}/acme_anchor_rules", $anchor_rules, 0600);
-        Shell::run_safe("/sbin/pfctl -a %s -f %s", ['acme-client', "{$configdir}/acme_anchor_rules"]);
+        File::file_put_contents("{$configdir}acme_anchor_rules", $anchor_rules, 0600);
+        Shell::run_safe("/sbin/pfctl -a %s -f %s", ['acme-client', "{$configdir}acme_anchor_rules"]);
     }
 
     public function cleanup()

From e0118195323c5693cdcb19a8e63d7cf8266b99fb Mon Sep 17 00:00:00 2001
From: Frank Wall <fw@moov.de>
Date: Thu, 29 Jan 2026 22:27:47 +0100
Subject: [PATCH 3/3] security/acme-client: update changelog

---
 security/acme-client/pkg-descr | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/security/acme-client/pkg-descr b/security/acme-client/pkg-descr
index 299b909ee..9fbe37ce3 100644
--- a/security/acme-client/pkg-descr
+++ b/security/acme-client/pkg-descr
@@ -14,6 +14,10 @@ Added:
 * add support for ACME profiles (#5154)
 * add support for deploy hook "Ruckus" (#5157)
 * add support for Spaceship.com DNS API (#5158)
+* add global access key option for TransIP DNS API (#5166)
+
+Changed:
+* allow setting renewal interval to 0 (#5168)
 
 Fixed:
 * remove duplicate slashes in nsupdate, TransIP, OPNsense, TLS ALPN challenge types (#5166)