Recent content by thesix

We upgrade PBS to 4.1.0 today but the problem still exists :oops:

By the time of this writing it was not possible to create/edit/delete ACME accounts via GUI. Thas has changed, so this issue is obsolete.

OK, that could be the problem here too.

I don't want to disclose that here in public. Suffice to say that the certificates are created at the provider, it works for proxmox pve hosts in the same subnet behind the same firewall. This still has me puzzled :cool:

We did a check on firewall logs and found no anomaly, no trace of dropped packets. I can confirm that the certificates were created but somehow the process stops before successfully retrieving the certificate. I did try the same process on one of our PVE nodes and it worked flawlessly. PVE and...

Since a couple of days our PBS tries to renew its x509 cert. We configured it to use our ACME-PROVIDER with the same credentials we use everywhere else. Here is what happens. We get emails stating: Proxmox Backup Server was not able to renew a TLS certificate. Error: connection closed before...

Hi, I ask politely: when will there be a working account creation for ACME accounts (that are NOT letsencrypt) in the GUI? Sincerely, T.

I believe you and at the same time state that this is undesired behavior. But thanks for taking you time. Just checked btw. The certificate I configured via CLI appears as ACME HTTP in the UIX ...

Just out of curiosity: why would you need a challenge if you are using EAB?

As I said I am not aware of any challenge methods Sectigo offers. The only way to get a certificate is to use an account and get certificates by logging in. Configuring this using the above described way works now. Would not know how to do that in the UIX though.

Hi there! This is completely annoying and actually unacceptable! I write this because it works fine for PVE and not at all for PBS. But I can add more error messages to this thread: Base64 encoding the key I use for PVE: Error: urn:ietf:params:acme:error:malformed: [External Account Binding]...

Thanks, did that. In order to make it easier for others in the future I summarize what I had to do to get it working. I did all that using the CLI since I felt the UIX is not as comfortable as it should be. Register and account using your EMAIL, EAB_KEY_ID and EAB_KEY root@pve:~# pvenode acme...

Hi! We use Sectigo [1] for our x509 certs. They offer no challenge based system for ACME. We use accounts instead. I can setup an account in PVE config System/Certificates but cannot use it since I have to chose between DNS and HTTP challenge to add a certificate. Both are not an option. Please...

I want to add one more thing. Changing the ownership of backups via the UI is cumbersome if the number of backup groups is too large. The documentation for the cli tool `proxmox-backup-client` is, well, not existent. I could not find any example how to run the script **on a PBS** system. So I...

Solved it! As a former colleague once said: it's always a permissions problem. The sync was done **before** the API Token user was created. Hence all the backups belonged to the root user. Changing ownership of the backups solved it!