I have the namecheap API access and whitelists setup. when I run the "order" I can see the TXT record created and then removed as it should be, but the result is just "invalid".
hitting the https://acme-v02.api.letsencrypt.org/acme/authz/xxx/yyy url after gives the error "DNS problem: NXDOMAIN looking up TXT for _acme-challenge.proxmox.<domainclipped> - check that a DNS record exists for this domain"
I do notice that running "dig _acme-challenge.proxmox.<domainclipped> TXT @dns1.registrar-servers.com", using the dns servers the domain registration shows to rule out any local dns caching, it takes about 40 seconds to give the TXT result, so I edited /usr/share/perl5/PVE/API2/ACME.pm to increase the 5 seconds to 20, but that did not change the result. I haven't been able to find where the "Sleeping 30 seconds to wait for TXT record propagation" message comes from, or a CLI option to extend it, but if I follow the logic it shouldn't matter as the 5->20 change should have the same effect.
I'm not sure where to go from here. I would like to use a private IP for this and not have my proxmox publicly accessible, but still be able to use a signed cert to access it.
hitting the https://acme-v02.api.letsencrypt.org/acme/authz/xxx/yyy url after gives the error "DNS problem: NXDOMAIN looking up TXT for _acme-challenge.proxmox.<domainclipped> - check that a DNS record exists for this domain"
I do notice that running "dig _acme-challenge.proxmox.<domainclipped> TXT @dns1.registrar-servers.com", using the dns servers the domain registration shows to rule out any local dns caching, it takes about 40 seconds to give the TXT result, so I edited /usr/share/perl5/PVE/API2/ACME.pm to increase the 5 seconds to 20, but that did not change the result. I haven't been able to find where the "Sleeping 30 seconds to wait for TXT record propagation" message comes from, or a CLI option to extend it, but if I follow the logic it shouldn't matter as the 5->20 change should have the same effect.
I'm not sure where to go from here. I would like to use a private IP for this and not have my proxmox publicly accessible, but still be able to use a signed cert to access it.