ACME client includes private IP in request

D

d1nuc0m

New Member
Dec 6, 2024
10
3
3
Hi, I am trying to get a TLS certificate with ACME on PDM.
The machine has a private IPv4 and the certificate request fails because the IP is included in the request (and almost no public CA releases a certificate for a private IP):

1782299536183.png

Hostname is configured correctly both in hostnamectl and /etc/hosts

Packages:
Code: 
libproxmox-acme-plugins/stable,now 1.7.1 all [installed]
proxmox-archive-keyring/stable,now 4.0 all [installed]
proxmox-datacenter-manager-client/stable,now 1.1.4 amd64 [installed]
proxmox-datacenter-manager-docs/stable,now 1.1.4 all [installed]
proxmox-datacenter-manager-meta/stable,now 1.1.0 all [installed]
proxmox-datacenter-manager-ui/stable,now 1.1.2 amd64 [installed]
proxmox-datacenter-manager/stable,now 1.1.4 amd64 [installed]
proxmox-default-kernel/stable,now 2.1.0 all [installed]
proxmox-enterprise-support-keyring/stable,now 1.0 all [installed]
proxmox-geojson-data/stable,now 1.1 all [installed]
proxmox-kernel-7.0.2-6-pve-signed/stable,now 7.0.2-6 amd64 [installed]
proxmox-kernel-7.0.6-2-pve-signed/stable,now 7.0.6-2 amd64 [installed,automatic]
proxmox-kernel-7.0/stable,now 7.0.6-2 amd64 [installed,upgradable to: 7.0.12-1]
proxmox-kernel-helper/stable,now 9.2.0 all [installed]
proxmox-mail-forward/stable,now 1.0.3 amd64 [installed]
proxmox-mini-journalreader/stable,now 1.6 amd64 [installed]
proxmox-offline-mirror-docs/stable,now 0.7.4 all [installed]
proxmox-offline-mirror-helper/stable,now 0.7.4 amd64 [installed]
proxmox-termproxy/stable,now 2.1.0 amd64 [installed]
 
Hi @d1nuc0m

thanks for posting on the forum!

Can you please share your (sanitized) ACME cert configuration file and in case DNS validation is used the plugins file.
Code: 
cat /etc/proxmox-datacenter-manager/acme/certificate.cfg
cat /etc/proxmox-datacenter-manager/acme/plugins.cfg

Yours sincerely
Jonas
 
  • Like
Reactions: d1nuc0m
@j.theisen thanks, using HTTP-01 challenge, so there are no DNS files

Code: 
cat /etc/proxmox-datacenter-manager/acme/certificate.cfg
acme: account=acme.example.com
acmedomain0: my-pdm.example.com

cat /etc/proxmox-datacenter-manager/acme/plugins.cfg
cat: /etc/proxmox-datacenter-manager/acme/plugins.cfg: No such file or directory

Btw, I am not using Let's Encrypt, but added another CA with

Code: 
proxmox-datacenter-manager-admin acme account register acme.example.com my-email@example.com --directory https://acme.example.com/directory
 
Thanks for the information!

Could you please also provide the Output of the "Order Certificate" task you posted earlier.

Yours
Jonas
 
You must log in or register to reply here.
Top Bottom
Back