acme

In Proxmox 9.0.5: root@oats1:~# pvenode acme account register default ddrucker@mclean.harvard.edu Directory endpoints: 0) Let's Encrypt V2 (https://acme-v02.api.letsencrypt.org/directory) 1) Let's Encrypt V2 Staging (https://acme-staging-v02.api.letsencrypt.org/directory) 2) Custom Enter...

Hi everyone, I'm holding off on using the built-in ACME/Let's Encrypt integration in Proxmox VE for a specific reason, and I wanted to get your thoughts on it. The current implementation doesn't support wildcard certificates. This means I have to generate a specific certificate for each...

I followed the guide on the wiki a few months ago and configured automatic renewals of the server certs using ACME. Since then Proxmox has been updated, not by me. Now I wanted to check which e-mail I used for the account and I cannot find the ACME option anywhere. I can see under...

Hi everyone, I'm facing an issue where several of my hosts no longer receive certificates. I'm using the DNS challenge with All-Inkl. The TXT records are being created correctly with the configured settings. The problem occurs on two PVE installations at two different locations (both using...

Hey All, I am creating a script to setup a Proxmox 8 LXC Container for Pi-hole with the following services & packages: Pi-hole Tailscale Unbound DOH (Cloudflare & Quad9) DOT (Cloudflare & Quad9) DNSDist DNS01 (Method: TXT Record) The script is here: HERE I get an an error when it gets to the...

Hello, I created a file /usr/share/proxmox-acme/lebureaunsupdate.key with the content : ``` key "update" { algorithm hmac-sha512; secret "AAA/MY/SECRET/AAA=="; }; ``` and I filed the acme plugin like that but when I try to order a certificate, I get the following error : ```...

Hello ! so it seems I will not be able to access my home lab from outside through TalkTalk eero unless it is deemed 'secure enough'. I have followed all the steps necessary to configure ACME. My domain is with OVH. API Key has been configured and given PUT, GET, POST and DELETE permissions to...

Hello! I downloaded and started using the Proxmox Mail Gateway 8.1 software. In the Configuration/Certificates menu, ACME has 5 domains created and it won't let me add more, but I don't get any error messages. Is this a bug or a limitation of the free version? Best regards, Zoltan

I use the smallstep step-ca ACME server from https://smallstep.com/docs/step-ca/ up and running. I have added the root and intermediate certificates to /usr/share/ca-certificates on my PVE node, and run update-ca-certificates I can succesfully run curl with curl...

My acme certificates are managed by my OPNsense VM and I have successfully used a plugin supplied by them to install certificates on the PVE servers via the API at https://${_target_hostname}:${_target_port}/api2/json/nodes/${_node_name}/certificates/custom Is there a way to do the same thing...

Hello all: As I rebuilt my Proxmox cluster from scratch, I attempted to configure ACME certificates for the first time. I had no issues and got all (3) nodes working initially. The following day, I could not log into nodes 2 and 3 via the UI but could via SSH. The only change was that the ACME...

When I try to add a new ACME account for PBS I am unable to register a new account, from my reading on various forum posts here I should only be utilising the default account via the CLI only (as the option is missing from the GUI, I've also tried other combinations of accounts and emails) and...

Hi! We use Sectigo [1] for our x509 certs. They offer no challenge based system for ACME. We use accounts instead. I can setup an account in PVE config System/Certificates but cannot use it since I have to chose between DNS and HTTP challenge to add a certificate. Both are not an option. Please...

netstat -tulpn Find app use 80 port If you dont use this, stop service, or change used port. service nginx stop Go to node > acme > Order certificate now

For anyone using Hurricane Electric's dynamic DNS records in https://dns.he.net/, here is an ACME DNS API plugin script for PVE: https://github.com/markkuleinio/pve-acme-he-ddns If I have understood it correctly, Proxmox will update their own proxmox-acme repo from acme.sh repo in GitHub, so...

I have several proxmox servers, bahind a firewall, and ha proxy. Each proxmox server has a public dns entry. I'm forwarding .well-known/acme-challenge via ha proxy, to each of my proxmox servers (hdr(host) -i proxmox1.example.com). I can run manually certbot successfully. When I try a pvenode...

I am using my selfhosted smallstep server to issue certificates for everything in my homelab. By design, the certificates are short-lived (only 24 hours). I have managed to request the certificate just fine via proxmox, and the auto renewal process seems to work fine. However, when the proxmox...

Hallo! Hab mir gerade die ACME-Implementierung von Proxmox 8.2.2 angeschaut. Wenn ich die Doku richtig verstanden habe, dann wird das zunächst nur zur Absicherung der Promox Admin-Seite genutzt. (Also z.B. https://mein.pve.com:8006/.) Ist es denn möglich, die bezogenen Zertifikate auch den...

Since Acme released a bookmyname plugin at the end of 2023, it is now possible to use the user interface to manage certificates. A few comments though: I had trouble getting it to work, and couldn't find much information here. After a lot of struggling, I put some debugging code in...

Hi - I'm running Proxmox 8.2.2 and running into the following odd error trying to provision certificates using the Namecheap ACME DNS Plugin. I believe this same configuration worked prior to the 8.2 upgrade within the last monthacme Under Datacenter -> ACME, I've defined a challenge plugin...