I need to add a plugin to those provided, I attempted to simple add a file into the /usr/share/proxmox-acme/dnsapi directory but now I don't get anything in the certificate DNS select list. Any hints as to what I am doing wrong, or how this should be done would be appreciated.
Adding an ACME DNS plugin
- Thread starter GodZone
- Start date
no such mechanism exists yet. you can of course patch it locally (add plugin file, add it to list of plugins in perl code) if you understand perl.
what is this plugin for? is it something that is shipped upstream in acme.sh, but we haven't synced since the addition? is it something that could be included in acme.sh proper? or is it really a custom plugin that serves no purpose outside of your systems?
what is this plugin for? is it something that is shipped upstream in acme.sh, but we haven't synced since the addition? is it something that could be included in acme.sh proper? or is it really a custom plugin that serves no purpose outside of your systems?
More than happy to patch code if you can tell me where the list is located.
I have a single Proxmox development host behind a NAT firewall so cant use HTTPS, as an ISP I host my own DNS zones so have written a small custom API to our DNS platform, I just want a way of invoking it. I have considered overwriting an exisiting dns_service.sh as a fudge but would prefer not to. Our Prod cluster can use HTTP.
I have a single Proxmox development host behind a NAT firewall so cant use HTTPS, as an ISP I host my own DNS zones so have written a small custom API to our DNS platform, I just want a way of invoking it. I have considered overwriting an exisiting dns_service.sh as a fudge but would prefer not to. Our Prod cluster can use HTTP.
yes, drop a file 'dns_YOURAPINAME.sh' (see my dns_myapi.sh for instruction on what it should contain) in /usr/share/proxmox-acme/dnsapi, and add YOURAPINAME to the list of plugins in /usr/share/perl5/PVE/ACME/DNSChallenge.pm . the latter will need to be re-done whenever our proxmox acme package gets updated. we'll probably add a way to streamline this without manually editing files (e.g., by adding a 'custom_dns' challenge plugin type that loads all plugins from a folder).
OK, added my api to that structure and restarted pveproxy. It now appears in the select list but when I select it I get an error,
Parameter verification failed. (400)
api: value 'godzone' does not have a value in the enumeration 'acmedns, acmeproxy ....
which suggests I am still missing something.
Parameter verification failed. (400)
api: value 'godzone' does not have a value in the enumeration 'acmedns, acmeproxy ....
which suggests I am still missing something.
No, but have now done so and things look good.
I have successfully got a cert from Lets Encrypt. The browser is now using that certificate but Chrome still shows the site as 'Not Secure'.
I can work on it from here, may need to flush the browser cache.
Thanks.
I have successfully got a cert from Lets Encrypt. The browser is now using that certificate but Chrome still shows the site as 'Not Secure'.
I can work on it from here, may need to flush the browser cache.
Thanks.
How do you manually update the "proxmox acme package"?
On 7.1-4 there is no plugin list and there is no ACME under Datacenter, so I am a bit puzzled!
Though there's loads of plugins in
/usr/share/proxmox-acme/dnsapi
Last edited: