ACME DNS Plugin - DNS Manual Mode

[dbinnunE3]

Hi,

Currently we have Squarespace as a DNS provider for our domain, and I have to use manual mode on pfSense for wildcard certificates to secure our local LAN DNS.

I was trying to experiment with the certificates on Proxmox, and was wondering if there is a way to do a manual DNS verification, similar to pfSense.

I don't see it mentioned in the GUI DNS plugin dropdown, so I'm not sure if I can try to do it via the command line or not even.

Has anyone tried this?



I have reviewed the following:

https://pve.proxmox.com/wiki/Certificate_Management
https://github.com/acmesh-official/acme.sh/wiki/dnsapi#how-to-use-dns-api
https://github.com/acmesh-official/acme.sh/wiki/DNS-manual-mode

As far as I can tell from researching, Proxmox does use this acme.sh, but I don't know enough about this to know if that means that this can "just work" from the command line

The documentation has this as the CLI command:

acme.sh --issue -d example.com --dns \ --yes-I-know-dns-manual-mode-enough-go-ahead-please

The example code on the Proxmox documentation has this:

root@proxmox:~# pvenode acme account register default mail@example.invalid
Directory endpoints:
0) Let's Encrypt V2 (https://acme-v02.api.letsencrypt.org/directory)
1) Let's Encrypt V2 Staging (https://acme-staging-v02.api.letsencrypt.org/directory)
2) Custom
Enter selection: 1

Terms of Service: https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf
Do you agree to the above terms? [y|N]y
...
Task OK
root@proxmox:~# pvenode config set --acme domains=example.invalid
root@proxmox:~# pvenode acme cert order
Loading ACME account details
Placing ACME order
...
Status is 'valid'!

All domains validated!
...
Downloading certificate
Setting pveproxy certificate and key
Restarting pveproxy
Task OK

But I am not sure how to modify this for the manual DNS mode...

TIA,
Dan