Datacenter ACME Accounts Add Customer account field is missing

K

kalle3

New Member
Sep 5, 2025
9
1
3
In contrast to System Certificates there is no possibility to add a customer ACME account (not Let's Encrypt) under Datacenter. I solved my problem with one account for all nodes, but sometimes it could be helpful to add more than one customer ACME accounts below Datacenter.
 
hi

i'm not super sure what you mean? on pve you can create multiple accounts for ACME?

i can create multiple acme accounts without a problem?
 
Hi,

There are two points with custom ACME accounts (Let's Encrypt ist OK):
a) below Datacenter you can only create Let's Encrypt ACME Accounts (the select field is missing).
b) below System Certificates you can create one custom ACME account, but then you can not add a second custom ACME account on the second node.
 
ah ok i get what you mean now.

yes this seems this was overlooked in the datacenter view

you can however register as many custom accounts you want on the cli with

Code: 
pvenode acme account register
 
see the help output on the cli:

Code: 
# pvenode help acme account register
USAGE: pvenode acme account register [<name>] {<contact>} [OPTIONS]

  Register a new ACME account with a compatible CA.

  <name>     <name>   (default=default)
             ACME account config file name.

  <contact>  <string>
             Contact email addresses.

  --directory ^https?://.*
             URL of ACME CA directory endpoint.

so a
Code: 
pvenode acme account register <name> <contact> --directory <directory>

should work
 
Sorry, that doesn't work because you can't specify the keyid and key in the cli command like you can via the GUI on the node.


pvenode acme account register pvecluster1 name@domain.com --directory https://acme-v02.harica.gr/acme/d45...686/directory

Attempting to fetch Terms of Service from 'https://acme-v02.harica.gr/acme/d45...686/directory'..
Terms of Service: https://repo.harica.gr/documents/SA-ToU.pdf
Do you agree to the above terms? [y|N]: y
The CA requires external account binding.
You should have received a key id and a key from your CA.
Only one Term::ReadLine::Gnu instance is allowed. at /usr/share/perl5/PVE/CLI/pvenode.pm line 161.
 
ah ok, so that too is missing..

don't worry, there is still a way that should work ;)

you can directly use the api or use the cli helper tool 'pvesh' (which exposes the whole api on the cli)

Code: 
pvesh create /cluster/acme/account --contact <contact> --eab-hmac-key <key> ...

the usage can be printed like this:

Code: 
pvesh usage /cluster/acme/account --verbose
 
Oh, wonderful, that's how it works. Thank you for your help.

pvesh create /cluster/acme/account --contact name@domain.com --name <account_name> --eab-kid <eab-kid> --eab-hmac-key <eab-hmac-key> --directory https://acme-v02.harica.gr/acme/d45....686/directory --tos_url https://repo.harica.gr/documents/SA-ToU.pdf
 
An additional note/question: If I want to delete the account registration, this isn't possible via the CLI or the GUI (error message below).

pvesh delete /cluster/acme/account --name pvecluster1
No 'delete' handler defined for '/cluster/acme/account'

If I try to delete the registered account in the GUI then I get following error message:
Error: POST to https://acme-v02.harica.gr/acme/d45...686/acct/e2... { "type": "urn:ietf:params:acme:error:malformed", "detail": "get account request must not contain body as account update is not yet supported" }
It looks like the Proxmox will delete the account at the certificate provider. But I only would like to delete the local registered account.

Is it safe to delete the file: /etc/pve/priv/acme/<account-name> ?
 
You must log in or register to reply here.
Top Bottom