ACME Cert Order Not Working

duluxoz

New Member
Sep 24, 2024
6
0
1
Hi All,

I'm trying to set up a private PKI (Step-CA: stepca.example.com) to provide my PVE (Proxmox v18.2.4) with certificates.

I have the Step-CA server set up and working (I can receive/renew certs via ACME.sh from a different server to the stepca.example.com).

I have run the command:
Code:
pvenode acme account register my_acme root at example.com  --directory https://stepca.example.com/acme/my_acme/directory
and this returned:

Code:
Attempting to fetch Terms of Service from 'https://stepca.example.com/acme/my_acme/directory'..
No Terms of Service found, proceeding.
Attempting to register account with 'https://stepca.example.com/acme/my_acme/directory'..
Generating ACME account key..
Registering ACME account..
Registration successful, account URL: 'https://stepca.example.com/acme/my_acme/account/PLeTGsgGbogPgnURjpYMuieKc1Yj2cFQ'
Task OK

Running the command:
Code:
pvenode acme account info my_acme
returns all the correct information (as above) - the most important part is:
Code:
status: valid

However, when I then run the command:
Code:
pvenode acme cert order
I receive:
Code:
Can't use an undefined value as a HASH reference at /usr/share/perl5/PVE/API2/ACME.pm line 196

Also, when I run the command:
Code:
pvenode acme cert renew
I (as expected) receive:
Code:
No current (custom) certificate found, please order a new certificate!

Finally, when I run the command:
Code:
pvenode cert info
I receive info only about the "pve-root-ca.pem" and "pve-ssl.pem" certificates (again, as expected).

So, if someone could be kind enough to let me know where I've gone wrong, I'd appreciate it.

Cheers

Dulux-Oz

PS: Also, the (on-line) Proxmox doco says (in section 3.12.4. Trusted certificates via Let’s Encrypt (ACME) ) that "You can register and deactivate ACME accounts over the web interface Datacenter -> ACME...", but I can't find that in the Web Interface - has something changed in recent versions of ProxMox?
 
Hi All,

Just giving this a bump because I still have the same issue (and I'm only just now getting back to this :) )

Cheers
dulux-oz
 
please run "pveversion -v" and post the output here
 
Hi Fabian,

Results as requested:

proxmox-ve: 8.2.0 (running kernel: 6.8.12-3-pve)
pve-manager: 8.2.9 (running version: 8.2.9/98c7f34632fee424)
proxmox-kernel-helper: 8.1.0
proxmox-kernel-6.8: 6.8.12-4
proxmox-kernel-6.8.12-4-pve-signed: 6.8.12-4
proxmox-kernel-6.8.12-3-pve-signed: 6.8.12-3
proxmox-kernel-6.8.12-1-pve-signed: 6.8.12-1
proxmox-kernel-6.8.4-2-pve-signed: 6.8.4-2
ceph: 18.2.4-pve3
ceph-fuse: 18.2.4-pve3
corosync: 3.1.7-pve3
criu: 3.17.1-2
glusterfs-client: 10.3-5
ifupdown2: 3.2.0-1+pmx11
intel-microcode: 3.20240910.1~deb12u1
ksm-control-daemon: 1.5-1
libjs-extjs: 7.0.0-5
libknet1: 1.28-pve1
libproxmox-acme-perl: 1.5.1
libproxmox-backup-qemu0: 1.4.1
libproxmox-rs-perl: 0.3.4
libpve-access-control: 8.2.0
libpve-apiclient-perl: 3.3.2
libpve-cluster-api-perl: 8.0.10
libpve-cluster-perl: 8.0.10
libpve-common-perl: 8.2.9
libpve-guest-common-perl: 5.1.6
libpve-http-server-perl: 5.1.2
libpve-network-perl: 0.9.8
libpve-rs-perl: 0.8.12
libpve-storage-perl: 8.2.8
libspice-server1: 0.15.1-1
lvm2: 2.03.16-2
lxc-pve: 6.0.0-1
lxcfs: 6.0.0-pve2
novnc-pve: 1.5.0-1
proxmox-backup-client: 3.2.9-1
proxmox-backup-file-restore: 3.2.9-1
proxmox-firewall: 0.5.0
proxmox-kernel-helper: 8.1.0
proxmox-mail-forward: 0.3.1
proxmox-mini-journalreader: 1.4.0
proxmox-offline-mirror-helper: 0.6.7
proxmox-widget-toolkit: 4.3.1
pve-cluster: 8.0.10
pve-container: 5.2.2
pve-docs: 8.2.4
pve-edk2-firmware: 4.2023.08-4
pve-esxi-import-tools: 0.7.2
pve-firewall: 5.0.7
pve-firmware: 3.14-1
pve-ha-manager: 4.0.5
pve-i18n: 3.2.4
pve-qemu-kvm: 9.0.2-4
pve-xtermjs: 5.3.0-3
qemu-server: 8.2.7
smartmontools: 7.3-pve1
spiceterm: 3.3.0
swtpm: 0.8.0+pve1
vncterm: 1.8.0
zfsutils-linux: 2.2.6-pve1

Cheers
 
could you post the output of "pvenode config get"?
 
Cool...

So which of the following should be set?:

Code:
pvenode config set --property <acme | acmedomain0 | acmedomain1 | acmedomain2 | acmedomain3 | acmedomain4 | acmedomain5 > example.com

Can I assume (ie make an ass out of you and me) that it's acmedomain0?

(No, it is not clear from the documentation / man page :) )

Cheers

(And thanks for the help :D )
 
Last edited:
shouldn't matter ;) you can also use the UI to define them :)
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!