Adding an ACME DNS plugin

GodZone

Well-Known Member
I need to add a plugin to those provided, I attempted to simple add a file into the /usr/share/proxmox-acme/dnsapi directory but now I don't get anything in the certificate DNS select list. Any hints as to what I am doing wrong, or how this should be done would be appreciated.
 
no such mechanism exists yet. you can of course patch it locally (add plugin file, add it to list of plugins in perl code) if you understand perl.

what is this plugin for? is it something that is shipped upstream in acme.sh, but we haven't synced since the addition? is it something that could be included in acme.sh proper? or is it really a custom plugin that serves no purpose outside of your systems?
 
More than happy to patch code if you can tell me where the list is located.
I have a single Proxmox development host behind a NAT firewall so cant use HTTPS, as an ISP I host my own DNS zones so have written a small custom API to our DNS platform, I just want a way of invoking it. I have considered overwriting an exisiting dns_service.sh as a fudge but would prefer not to. Our Prod cluster can use HTTP.
 
yes, drop a file 'dns_YOURAPINAME.sh' (see my dns_myapi.sh for instruction on what it should contain) in /usr/share/proxmox-acme/dnsapi, and add YOURAPINAME to the list of plugins in /usr/share/perl5/PVE/ACME/DNSChallenge.pm . the latter will need to be re-done whenever our proxmox acme package gets updated. we'll probably add a way to streamline this without manually editing files (e.g., by adding a 'custom_dns' challenge plugin type that loads all plugins from a folder).
 
OK, added my api to that structure and restarted pveproxy. It now appears in the select list but when I select it I get an error,

Parameter verification failed. (400)

api: value 'godzone' does not have a value in the enumeration 'acmedns, acmeproxy ....

which suggests I am still missing something.
 
did you also restart 'pvedaemon' ?
 
No, but have now done so and things look good.
I have successfully got a cert from Lets Encrypt. The browser is now using that certificate but Chrome still shows the site as 'Not Secure'.
I can work on it from here, may need to flush the browser cache.

Thanks.
 
yes, drop a file 'dns_YOURAPINAME.sh' (see my dns_myapi.sh for instruction on what it should contain) in /usr/share/proxmox-acme/dnsapi, and add YOURAPINAME to the list of plugins in /usr/share/perl5/PVE/ACME/DNSChallenge.pm . the latter will need to be re-done whenever our proxmox acme package gets updated. we'll probably add a way to streamline this without manually editing files (e.g., by adding a 'custom_dns' challenge plugin type that loads all plugins from a folder).
How do you manually update the "proxmox acme package"?
On 7.1-4 there is no plugin list and there is no ACME under Datacenter, so I am a bit puzzled!
Though there's loads of plugins in /usr/share/proxmox-acme/dnsapi
 
Last edited:
How do you manually update the "proxmox acme package"?
On 7.1-4 there is no plugin list and there is no ACME under Datacenter, so I am a bit puzzled!
Though there's loads of plugins in /usr/share/proxmox-acme/dnsapi
Okay, so worth noting that ACME is only available to the root user!
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!