Hello,
I have a Proxmox cluster I would like to use ACME issued LetsEncrypt SSL. The cluster is part of an internal only domain so I am trying to use the alias options for validation.
Is the alias option still valid and known to work? I have the issue where I have set the alias in the node config but this doesn't appear to be used causing validation to fail.
Have I missed something to tell ACME to use the alias hosted on Cloudflare?
Regards,
Matt.
I have a Proxmox cluster I would like to use ACME issued LetsEncrypt SSL. The cluster is part of an internal only domain so I am trying to use the alias options for validation.
Is the alias option still valid and known to work? I have the issue where I have set the alias in the node config but this doesn't appear to be used causing validation to fail.
Code:
root@proxmox07:/etc/pve/nodes/proxmox07# pvenode config get
acme: account=staging
acmedomain0: domain=proxmox07.INTERNAL,alias=proxmox07.le.EXTERNAL,plugin=Cloudflare-api
root@proxmox07:/etc/pve/nodes/proxmox07# pvenode acme cert order --force=1
Loading ACME account details
Placing ACME order
Order URL: https://acme-staging-v02.api.letsencrypt.org/acme/order/REDACTED/REDACTED
Getting authorization details from 'https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/REDACTED'
The validation for proxmox07.INTERNAL is pending!
[Mon Jun 10 11:49:11 BST 2024] Adding record
[Mon Jun 10 11:49:12 BST 2024] Added, OK
Add TXT record: _acme-challenge.proxmox07.INTERNAL
Sleeping 10 seconds to wait for TXT record propagation
Triggering validation
Sleeping for 5 seconds
Remove TXT record: _acme-challenge.proxmox07.INTERNAL
validating challenge 'https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/REDACTED' failed - status: invalid
Task validating challenge 'https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/REDACTED' failed - status: invalid
root@proxmox07:/etc/pve/nodes/proxmox07# curl https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/REDACTED
{
"identifier": {
"type": "dns",
"value": "proxmox07.INTERNAL"
},
"status": "invalid",
"expires": "2024-06-17T10:49:09Z",
"challenges": [
{
"type": "dns-01",
"status": "invalid",
"error": {
"type": "urn:ietf:params:acme:error:dns",
"detail": "DNS problem: NXDOMAIN looking up TXT for _acme-challenge.proxmox07.INTERNAL - check that a DNS record exists for this domain",
"status": 400
},
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/REDACTED/7TCMJA",
"token": "3YXeAHXavk8CsHtihWVCsSG66aZbyCoDOkmC0uZq97Y",
"validated": "2024-06-10T10:49:22Z"
}
]
}Have I missed something to tell ACME to use the alias hosted on Cloudflare?
Regards,
Matt.