ACME cert update confusion

C

chudak

Well-Known Member
Proxmox Subscriber
May 11, 2019
322
16
58
Hello

I am a bit confused. I use ACME with dynu DNS challenge and when ordering new certificate via WebGUI all works fine.
However the command line from crontab

"/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh

fails as:

[Fri 16 Jul 2021 11:54:31 AM PDT] Getting Dynu token.
[Fri 16 Jul 2021 11:54:32 AM PDT] Authentication failed.
[Fri 16 Jul 2021 11:54:32 AM PDT] Can not get token.
[Fri 16 Jul 2021 11:54:32 AM PDT] Getting https://api.dynu.com/v2/dns/getroot/connections.dynu.net
[Fri 16 Jul 2021 11:54:32 AM PDT] Getting https://api.dynu.com/v2/dns/getroot/dynu.net
[Fri 16 Jul 2021 11:54:32 AM PDT] Getting https://api.dynu.com/v2/dns/getroot/net
[Fri 16 Jul 2021 11:54:33 AM PDT] Invalid domain.
[Fri 16 Jul 2021 11:54:33 AM PDT] Error add txt for domain:_acme-challenge.connections.dynu.net
[Fri 16 Jul 2021 11:54:33 AM PDT] Please add '--debug' or '--log' to check more details.
[Fri 16 Jul 2021 11:54:33 AM PDT] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh
[Fri 16 Jul 2021 11:54:33 AM PDT] Error renew XXX.dynu.YYY.

Why?

And PBS ACME related question - we don't have a crontab line for it ?

Thx
 
chudak said:
I am a bit confused. I use ACME with dynu DNS challenge and when ordering new certificate via WebGUI all works fine.
However the command line from crontab
Click to expand...
All Proxmox products (PVE, PBS and PMG) use their own acme-implementation (they do use the dns-plugins of acme.sh, but they are called by the pve-tools not by acme.sh)

the crontab is most likely a leftover from a manual install of acme.sh you did?
I'd suggest to remove the cronentry - if everything works fine via GUI

I hope this helps!
 
Stoiko Ivanov said:
All Proxmox products (PVE, PBS and PMG) use their own acme-implementation (they do use the dns-plugins of acme.sh, but they are called by the pve-tools not by acme.sh)

the crontab is most likely a leftover from a manual install of acme.sh you did?
I'd suggest to remove the cronentry - if everything works fine via GUI

I hope this helps!
Click to expand...

IIRC I did not install ACME it was standard proxmox

How then proxmox does automatic certificates updates ?
 
chudak said:
How then proxmox does automatic certificates updates ?
Click to expand...
depending on the product - for Proxmox VE it's pve-daily-update.service (invoked by pve-daily-update.timer) , for PMG it's pmg-daily.timer
for PBS proxmox-backup-daily-update.timer.
 
Stoiko Ivanov said:
depending on the product - for Proxmox VE it's pve-daily-update.service (invoked by pve-daily-update.timer) , for PMG it's pmg-daily.timer
for PBS proxmox-backup-daily-update.timer.
Click to expand...


That's interesting, thank you !

I removed the line:

0 0 * * * "/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null

Is there a way to test what you described in the term ?
 
chudak said:
Is there a way to test what you described in the term ?
Click to expand...
Again this depends on the product - I'll assume you're speaking about PVE (due to the forum):
` pvenode acme cert renew -force`
should do the trick

see the man-page of pvenode

I hope this helps!
 
  • Like
Reactions: chudak
  • Like
Reactions: Stoiko Ivanov
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom