ACME account config file 'default' does not exist.

[Xela]

Hi,

when trying to install a SSL certificate, I get the message:

ACME account config file 'default' does not exist.
Task ACME account config file 'default' does not exist.

Info:

root@subdomain:~# pvenode config set --acme domains=subdomain.meinedomain.de

root@subdomain:~# pvenode acme cert order
400 Parameter verification failed.
force: Custom certificate exists but 'force' is not set.
pvenode acme cert order  [OPTIONS]

root@subdomain:~# pvenode acme cert order --force
ACME account config file 'default' does not exist.
Task ACME account config file 'default' does not exist.

root@subdomain:~# pvenode config get
#rpcbind deaktivieren
#
#- systemctl disable rpcbind.target
#- systemctl disable rpcbind.socket
#- systemctl disable rpcbind.service
#- systemctl stop rpcbind.target
#- systemctl stop rpcbind.socket
#- systemctl stop rpcbind.service
acme: domains=subdomain.meinedomain.de

GUI is also no longer accessible.

 

[Stoiko Ivanov]

Did you register an account with Let's encrypt - see the reference documentation:
https://pve.proxmox.com/pve-docs/chapter-sysadmin.html#sysadmin_certs_get_trusted_acme_cert

I hope this helps!

 

[Xela]

Yes, I did:

root@subdomain:~# pvenode acme account register account-name mail@meinedomain.de
Directory endpoints:
0) Let's Encrypt V2 (https://acme-v02.api.letsencrypt.org/directory)
1) Let's Encrypt V2 Staging (https://acme-staging-v02.api.letsencrypt.org/directory)
2) Custom
Enter selection: 0

Attempting to fetch Terms of Service from 'https://acme-v02.api.letsencrypt.org/directory'..
Terms of Service: https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf
Do you agree to the above terms? [y|N]: y

Attempting to register account with 'https://acme-v02.api.letsencrypt.org/directory'..
400 Parameter verification failed.
name: ACME account config file 'account-name' already exists.
pvenode acme account register [<name>] {<contact>} [OPTIONS]

Any idea how to correct that?

 

[ihr]

Hi,

This problem hits me this morning, hopefully, reading the documentation I managed to fix it so let me document what I did so I can help others:

Context:
1. I run my own private CA.
2. When proxmox was first set up, I manually set the certificate created by my CA. I didn't use the ACME server at that time.
2. Later, I installed my own acme server.
3. I set up the account and challenge plug in at the datacenter level

What was missing is to set the account at the server level!

# pvenode config set --acme account=<your account name as it is in the datacenter>

You can also use the GUI to do it.

Then you can run:

# pvenode acme cert renew

and the certificate gets renewed.

BUT!

The process launched an error when trying to revoke old certificate. I think this is unrelated with proxmox but with my ACME server and due to the reason the previous certificate was not issued by that CA (was issued manually)

If you are curious, this is the error I got. Sensible information has been anonymized:

root@zz:~# pvenode acme cert renew
Loading ACME account details
Placing ACME order
Order URL: https://my-acme-server.mylocaldomain/acme/acme/order/JMsbdQCOIs75VGynLEs7uUazR3WbrAVV

Getting authorization details from 'https://my-acme-server.mylocaldomain/acme/acme/authz/xYhz98FLrtTsYWVdWtb2N5n80AwXfiex'
The validation for zz.mylocaldomain is pending!
[Tue Dec  9 10:18:46 CET 2025] adding _acme-challenge.zz.mylocaldomain. 60 in txt "kOdWjXMCrj3wGddGCkqo21BSo6n7FTZg9hr66Wbo6Oo"
Add TXT record: _acme-challenge.zz.mylocaldomain
Sleeping 30 seconds to wait for TXT record propagation
Triggering validation
Sleeping for 5 seconds
Status is 'valid', domain 'zz.mylocaldomain' OK!
[Tue Dec  9 10:19:22 CET 2025] removing _acme-challenge.zz.mylocaldomain. txt
Remove TXT record: _acme-challenge.zz.mylocaldomain

All domains validated!

Creating CSR
Checking order status
Order is ready, finalizing order
valid!

Downloading certificate
Setting pveproxy certificate and key
Restarting pveproxy
Revoking old certificate
Revoke request to CA failed: Error: POST to https://my-acme-server.mylocaldomain/acme/acme/revoke-cert
{"type":"urn:ietf:params:acme:error:malformed","detail":"The request message was malformed"}

Task OK