ACME DNS Plugin - DNS Manual Mode

D

dbinnunE3

Member
Jan 9, 2023
12
0
6
Hi,

Currently we have Squarespace as a DNS provider for our domain, and I have to use manual mode on pfSense for wildcard certificates to secure our local LAN DNS.

I was trying to experiment with the certificates on Proxmox, and was wondering if there is a way to do a manual DNS verification, similar to pfSense.

I don't see it mentioned in the GUI DNS plugin dropdown, so I'm not sure if I can try to do it via the command line or not even.

Has anyone tried this?



I have reviewed the following:

https://pve.proxmox.com/wiki/Certificate_Management
https://github.com/acmesh-official/acme.sh/wiki/dnsapi#how-to-use-dns-api
https://github.com/acmesh-official/acme.sh/wiki/DNS-manual-mode

As far as I can tell from researching, Proxmox does use this acme.sh, but I don't know enough about this to know if that means that this can "just work" from the command line

The documentation has this as the CLI command:


Code: 
acme.sh --issue -d example.com --dns \ --yes-I-know-dns-manual-mode-enough-go-ahead-please

The example code on the Proxmox documentation has this:

Code: 
root@proxmox:~# pvenode acme account register default mail@example.invalid
Directory endpoints:
0) Let's Encrypt V2 (https://acme-v02.api.letsencrypt.org/directory)
1) Let's Encrypt V2 Staging (https://acme-staging-v02.api.letsencrypt.org/directory)
2) Custom
Enter selection: 1

Terms of Service: https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf
Do you agree to the above terms? [y|N]y
...
Task OK
root@proxmox:~# pvenode config set --acme domains=example.invalid
root@proxmox:~# pvenode acme cert order
Loading ACME account details
Placing ACME order
...
Status is 'valid'!

All domains validated!
...
Downloading certificate
Setting pveproxy certificate and key
Restarting pveproxy
Task OK

But I am not sure how to modify this for the manual DNS mode...

TIA,
Dan
 
rabol said:
If I issue the command I simply get a acme.sh: command not found
Click to expand...
That is to be expected since acme.sh is not included in PVE.

But as you can see in the documentation:
Currently, the two ACME endpoints implemented are the Let’s Encrypt (LE) production and its staging environment. Our ACME client supports validation of http-01 challenges using a built-in web server and validation of dns-01 challenges using a DNS plugin supporting all the DNS API endpoints acme.sh does.
Click to expand...

Proxmox VE re-uses the DNS plugins developed for the acme.sh project, please refer to its documentation for details on configuration of specific APIs.
Click to expand...

So as you can see, PVE uses its own ACME plugin system that support the plugins/endpoints used in acme.sh - not that script itself.

Read all the above PVE documentation - to learn how to implement the goal/s you require.
 
You must log in or register to reply here.
Top Bottom