security/acme-client Feature request: Porkbun API endpoint changing on 2024-12-01

[tjscott]

Important notices Before you add a new report, we ask you kindly to acknowledge the following:

• [x] I have read the contributing guide lines at https://github.com/opnsense/plugins/blob/master/CONTRIBUTING.md
• [x] I have searched the existing issues, open and closed, and I'm convinced that mine is new.
• [x] When the request is meant for an existing plugin, I've added its name to the title.

Is your feature request related to a problem? Please describe. The Porkbun API endpoint is changing from https://porkbun.com/ to https://api.porkbun.com/, and the ACME client plugin will cease to work when the old endpoint is shut down on 2024-12-01.

Describe the solution you'd like I'd like the ACME client to be updated to the version with a fix upstream in https://github.com/acmesh-official/acme.sh/pull/5323

Describe alternatives you've considered The code to control this lives upstream, I'm not sure it can be worked around outside of pulling in a newer ACME client.

Additional context Email from Porkbun:

Porkbun Header Image

Hello there,

The reason you are receiving this email is because you have an API key associated with your account and are sending commands to a deprecated API hostname. We sent a previous warning on 2024-10-11. In order to ensure that any apps or tools you may have that utilize our API continue to work, we wanted to let you know about some upcoming critical updates.

We know these kinds of changes are annoying but the time has come to separate the processing of incoming API commands from our website. In previous documentation the hostname porkbun.com was used for the API but we have recently updated it to api.porkbun.com and in the near future will start enforcing its use. Please update the hostname for our API to api.porkbun.com as soon as possible.

CRITICAL UPDATE DETAILS

Type: API Hostname Change

Old Value: porkbun.com

New Value: api.porkbun.com

Deadline: 2024-12-01 00:00:00 UTC

Please note that after the deadline, API calls made to the old hostname will no longer be allowed. If you have any questions or concerns please contact support.

[fraenki]

I've asked the acme.sh developer to release a new version.

[fraenki]

acme.sh 3.1.0 was released a few days ago and uses the new Porkbun API endpoint, and it will be included in the next OPNsense minor release.

Until then you may want to check if SSL certificates are about to expire and renew them manually (via ACME Client GUI), before 2024-12-01. If your SSL certificates are still valid for several weeks, then I'd assume it's safe to wait for the next OPNsense minor release.