For my internal PVE nodes I want to get ACME working. Since I'm behind a NAT firewall and the single IP's port 80 is not available, I'm trying with the DNS API challenge.
Unfortunately, my own web hoster does not provide a DNS API, so I forwarded a subdomain to 1984.hosting, which has a built-in ACME plugin in PVE.
The current version of this plugin shipping with PVE however does not work - it errors out with a 'login failed' message.
As per this Github comment - it seems the 1984hosting ACME plugin shipping with PVE is not working anymore since the file
I manually replaced every
I would like to report this to the Proxmox Bugzilla, but I'm not sure which component I should connect it to - perhaps 'Backend'?
(Everything described below might be a different issue)
However, even after fixing the above issue, I'm still unable get a certificate for my PVE nodes (actual domain replaced by 'my-redacted-domain'):
Now I have no clue what's going wrong here. Things I checked already:
Unfortunately, my own web hoster does not provide a DNS API, so I forwarded a subdomain to 1984.hosting, which has a built-in ACME plugin in PVE.
The current version of this plugin shipping with PVE however does not work - it errors out with a 'login failed' message.
As per this Github comment - it seems the 1984hosting ACME plugin shipping with PVE is not working anymore since the file
/usr/share/proxmox-acme/dnsapi/dns_1984hosting.sh is outdated.I manually replaced every
management.1984hosting.com entry in that file into 1984.hosting and then it works again - at least up to the point where the DNS challenge TXT entry is created at 1984.hosting.I would like to report this to the Proxmox Bugzilla, but I'm not sure which component I should connect it to - perhaps 'Backend'?
(Everything described below might be a different issue)
However, even after fixing the above issue, I'm still unable get a certificate for my PVE nodes (actual domain replaced by 'my-redacted-domain'):
Bash:
Loading ACME account details
Placing ACME order
Order URL: https://acme-staging-v02.api.letsencrypt.org/acme/order/66542803/3857977533
Getting authorization details from 'https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/3485842723'
The validation for my-redacted-domain is pending!
[Tue Aug 30 20:39:32 CEST 2022] Add TXT record using 1984Hosting
[Tue Aug 30 20:39:35 CEST 2022] Added acme challenge TXT record for _acme-challenge.my-redacted-domain at 1984Hosting
Add TXT record: _acme-challenge.my-redacted-domain
Sleeping 30 seconds to wait for TXT record propagation
Triggering validation
Sleeping for 5 seconds
[Tue Aug 30 20:40:11 CEST 2022] Delete TXT record using 1984Hosting
[Tue Aug 30 20:40:15 CEST 2022] Deleted acme challenge TXT record for _acme-challenge.my-redacted-domain at 1984Hosting
Remove TXT record: _acme-challenge.my-redacted-domain
TASK ERROR: validating challenge 'https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/3485842723' failed - status: invalidNow I have no clue what's going wrong here. Things I checked already:
- Checked actual creation of TXT record at 1984hosting - it's there while the script runs and then gets deleted
- Resolving of my domain at 1984.hosting works both externally as well as internally
- Changing the internal DNS entry of my PVE host from the internal IP to the external IP makes no difference
Last edited:
