acme

  1. S

    [SOLVED] Cannot find ACME in Datacenter menu anymore

    I followed the guide on the wiki a few months ago and configured automatic renewals of the server certs using ACME. Since then Proxmox has been updated, not by me. Now I wanted to check which e-mail I used for the account and I cannot find the ACME option anywhere. I can see under...
  2. T

    DNS Challenge fails on one Proxmox host (ACME: status invalid, All-Inkl)

    Hi everyone, I'm facing an issue where several of my hosts no longer receive certificates. I'm using the DNS challenge with All-Inkl. The TXT records are being created correctly with the configured settings. The problem occurs on two PVE installations at two different locations (both using...
  3. D

    Pi-hole LXC Container

    Hey All, I am creating a script to setup a Proxmox 8 LXC Container for Pi-hole with the following services & packages: Pi-hole Tailscale Unbound DOH (Cloudflare & Quad9) DOT (Cloudflare & Quad9) DNSDist DNS01 (Method: TXT Record) The script is here: HERE I get an an error when it gets to the...
  4. T

    [solved] acme nsupdate TSIG error with server: expected a TSIG or SIG(0)

    Hello, I created a file /usr/share/proxmox-acme/lebureaunsupdate.key with the content : ``` key "update" { algorithm hmac-sha512; secret "AAA/MY/SECRET/AAA=="; }; ``` and I filed the acme plugin like that but when I try to order a certificate, I get the following error : ```...
  5. M

    SSL Certificate issuing problem

    Hello ! so it seems I will not be able to access my home lab from outside through TalkTalk eero unless it is deemed 'secure enough'. I have followed all the steps necessary to configure ACME. My domain is with OVH. API Key has been configured and given PUT, GET, POST and DELETE permissions to...
  6. Z

    ACME max certificate

    Hello! I downloaded and started using the Proxmox Mail Gateway 8.1 software. In the Configuration/Certificates menu, ACME has 5 domains created and it won't let me add more, but I don't get any error messages. Is this a bug or a limitation of the free version? Best regards, Zoltan
  7. E

    Proxmox ACME Client doesn't recognise root certificates

    I use the smallstep step-ca ACME server from https://smallstep.com/docs/step-ca/ up and running. I have added the root and intermediate certificates to /usr/share/ca-certificates on my PVE node, and run update-ca-certificates I can succesfully run curl with curl...
  8. N

    Using the API to install HTTPS certificates on PBS

    My acme certificates are managed by my OPNsense VM and I have successfully used a plugin supplied by them to install certificates on the PVE servers via the API at https://${_target_hostname}:${_target_port}/api2/json/nodes/${_node_name}/certificates/custom Is there a way to do the same thing...
  9. O

    Proxmox clustering with ACME configuration order

    Hello all: As I rebuilt my Proxmox cluster from scratch, I attempted to configure ACME certificates for the first time. I had no issues and got all (3) nodes working initially. The following day, I could not log into nodes 2 and 3 via the UI but could via SSH. The only change was that the ACME...
  10. D

    PBS Unable to add FreeIPA ACME account

    When I try to add a new ACME account for PBS I am unable to register a new account, from my reading on various forum posts here I should only be utilising the default account via the CLI only (as the option is missing from the GUI, I've also tried other combinations of accounts and emails) and...
  11. T

    AMCE cert with Sectigo account

    Hi! We use Sectigo [1] for our x509 certs. They offer no challenge based system for ACME. We use accounts instead. I can setup an account in PVE config System/Certificates but cannot use it since I have to chose between DNS and HTTP challenge to add a certificate. Both are not an option. Please...
  12. B

    TASK ERROR: Failed to initialize HTTP daemon

    netstat -tulpn Find app use 80 port If you dont use this, stop service, or change used port. service nginx stop Go to node > acme > Order certificate now
  13. M

    Using HE DDNS for ACME certificates

    For anyone using Hurricane Electric's dynamic DNS records in https://dns.he.net/, here is an ACME DNS API plugin script for PVE: https://github.com/markkuleinio/pve-acme-he-ddns If I have understood it correctly, Proxmox will update their own proxmox-acme repo from acme.sh repo in GitHub, so...
  14. S

    ACME cert with the standalone backend

    I have several proxmox servers, bahind a firewall, and ha proxy. Each proxmox server has a public dns entry. I'm forwarding .well-known/acme-challenge via ha proxy, to each of my proxmox servers (hdr(host) -i proxmox1.example.com). I can run manually certbot successfully. When I try a pvenode...
  15. L

    Any way to make proxmox check if ACME cert renewal needed on startup?

    I am using my selfhosted smallstep server to issue certificates for everything in my homelab. By design, the certificates are short-lived (only 24 hours). I have managed to request the certificate just fine via proxmox, and the auto renewal process seems to work fine. However, when the proxmox...
  16. A

    ACME-Zertifikate für Guests nutzbar?

    Hallo! Hab mir gerade die ACME-Implementierung von Proxmox 8.2.2 angeschaut. Wenn ich die Doku richtig verstanden habe, dann wird das zunächst nur zur Absicherung der Promox Admin-Seite genutzt. (Also z.B. https://mein.pve.com:8006/.) Ist es denn möglich, die bezogenen Zertifikate auch den...
  17. L

    Bookmyname certificate, tips for PVE and PBS

    Since Acme released a bookmyname plugin at the end of 2023, it is now possible to use the user interface to manage certificates. A few comments though: I had trouble getting it to work, and couldn't find much information here. After a lot of struggling, I put some debugging code in...
  18. R

    [SOLVED] Issue with Proxmox 8.2 Namecheap ACME DNS Plugin.

    Hi - I'm running Proxmox 8.2.2 and running into the following odd error trying to provision certificates using the Namecheap ACME DNS Plugin. I believe this same configuration worked prior to the 8.2 upgrade within the last monthacme Under Datacenter -> ACME, I've defined a challenge plugin...
  19. M

    Certificate renew fails

    I sucessfully set up acme certificate on our proxmox node but certificate renew fails. Output of pvenode acme cert renew: Loading ACME account details Placing ACME order Order URL: https://acme-v02.api.letsencrypt.org/acme/order/1446374306/265127774607 Getting authorization details from...
  20. M

    Mail Server Not listening on Port 80

    Hello, I am trying to set up the ACME listener using HTTP but I keep getting validation failed connection refused. It looks like my server is not listening on port 80. When I do the following on the server itself pointing to it's own IP: nc 10.110.2.8 80 it returns connection refused. Any...