Automatic renewal of ACME certificates

[microlinux]

Hi,

I successfully configured a LetsEncrypt certificate on my PVE installation on a Dedibox (Scaleway) root server.

Here's what the PVE administration guide says in chapter 3:

If a node has been successfully configured with an ACME-provided certificate (...), the certificate will be automatically renewed by the pve-daily-update.service. Currently renewal will be attempted if the certificate has expired already, or will expire in the next 30 days.

I checked this service on my machine, but it doesn't seem to be activated in the default configuration:

$ systemctl status pve-daily-update
● pve-daily-update.service - Daily PVE download activities
Loaded: loaded (/lib/systemd/system/pve-daily-update.service; static; vendor preset: enabled)
Active: inactive (dead) since Mon 2021-04-12 02:49:01 CEST; 6h ago
Process: 4887 ExecStart=/usr/bin/pveupdate (code=exited, status=0/SUCCESS)
Main PID: 4887 (code=exited, status=0/SUCCESS)

Do I have to manually enable this (using sudo systemctl enable pre-daily-update --now) ? Or is this triggered by something else in the system?

Cheers,

Niki

 

[Stoiko Ivanov]

`pve-daily-update.service` is triggered by a systemd-timer (see https://www.freedesktop.org/software/systemd/man/systemd.timer.html) - check:

systemctl list-timers
systemctl cat pve-daily-update.timer
systemctl cat pve-daily-update.service

I hope this explains it!

 

[microlinux]

It does very well. Thank you very much.