From 71464ecfcfd1b5fce5e28e8ca28e7d61d62e6bbf Mon Sep 17 00:00:00 2001
From: Joe Bauser <coderjoe@coderjoe.net>
Date: Sat, 24 May 2025 18:24:33 -0400
Subject: [PATCH] Add a section for deploying to Zyxel GS1900 series switches
 for PR #5043

---
 deployhooks.md | 36 +++++++++++++++++++++++++++++++++++-
 1 file changed, 35 insertions(+), 1 deletion(-)

diff --git a/deployhooks.md b/deployhooks.md
index e05f3c6..4312e58 100644
--- a/deployhooks.md
+++ b/deployhooks.md
@@ -1121,8 +1121,42 @@ If you have multiple APs then ensure the management interface doesn't migrate to
 
 Although these notes only mention Unleashed, the deploy hook also supports Ruckus ZoneDirector.
 
+## 36. Deploying to Zyxel GS1900 Series Switches
 
-## 36. Deploying to multiple services with the same hooks
+This script uses the https web administration interface in order
+to upload updated certificates to Zyxel GS1900 series switches.
+Only the GS1900-8 and GS1900-24E have been tested but untested 
+switches from the same model line are expected to work as well.
+
+**Tested Working Switches**
+| **Switch Model** | **Minimum Firmware Version** |
+|------------------|------------------------------|
+| GS1900-8         | V2.80                        |
+| GS1900-24E       | V2.80                        |
+
+**Known Issues:**
+1. This is a consumer grade switch and is a bit underpowered. RSA 4096 certs may work but you may experience performance problems.
+2. Firmware V2.80(Axxx.1)C0 will only accept RSA certificates.
+3. Firmware V2.90(Axxx.0)C0 adds support for EC-256 but drops support for RSA-4096.
+4. Firmware V2.90(Axxx.1)C0 supports up to RSA-4096 and EC-256 certs.
+
+**Prerequisite Setup Steps:**
+1. Install the latest firmware (V2.80 or later) on your switch.
+2. Check the known issues above for any certificate compatibility notes for your firmware version.
+3. Enable HTTPS web management on your switch.
+
+Usage:
+
+```sh
+export DEPLOY_ZYXEL_SWITCH          # The switch hostname. (Default: the certificate domain)
+export DEPLOY_ZYXEL_SWITCH_USER     # The webadmin user. (Default: admin)
+export DEPLOY_ZYXEL_SWITCH_PASSWORD # The webadmin password for the switch.
+export DEPLOY_ZYXEL_SWITCH_REBOOT   # If "1" reboot the switch after a certificate update. (Default: "0")
+
+acme.sh --deploy -d example.com --deploy-hook zyxel_gs1900 # specify --insecure if the switch currently has a self-signed certificate
+```
+
+## 37. Deploying to multiple services with the same hooks
 Multideploy allows you to deploy your certificates to multiple services, even those that use the same hook. To use this hook, issue a cert and create a new file, `multideploy.yml,` in the certificate directory. This must contain a version and the services to which your certificate will be deployed. All services specified will be used to deploy your certificate!
 
 ### Compatibility