[TUTORIAL] How-To -- Lets Encrypt and PMG

These instructions are fantastic. However, the cert on our server would not autorenew, due to:

"Problem binding to port 80: Could not bind to IPv4 or IPv6"

It turns out that with "authenticator" set to "standalone" it competes with nginx on port 80. You can stop nginx then the cert will renew -- but this is not ideal.

Steps to resolve:

1. nano /etc/letsencrypt/renewal/{your.server.name.conf}
2. Add new line under [renewalparams] "installer = nginx"

That should do it.

Or, you might need to install the plugin "apt install python3-certbot-nginx" to change the authenticator to "nginx" instead of standalone.
 
Just for completeness sake - PMG now ships its own ACME /Let's encrypt integration (which can be used via the GUI) - thus you need not install additional packages.
(of course if you've got something like nginx configured to listen on port 80, then the standalone plugin cannot work either)
 
  • Like
Reactions: larsen
Does the new ACME integration work in conjunction with creating a web interface for quarantine over standard HTTP/S ports?
As said - if the proxy is constantly listening on port 80 then it will not work with the standalone plugin (DNS based authorizations should work though).

However you could consider letting your proxy server/nginx listen only on 443 (since the quarantine report contains the link - and you can set that to point to https) and leave port 80 unused.
 
  • Like
Reactions: t.lamprecht
Sorry to hit up this older thread, but I couldn't find good step by step instructions for using letsencrypt and acme.
I did a few parts, but am stuck, has anyone documented their install proceedure?
Thanks!
 
Sorry to hit up this older thread, but I couldn't find good step by step instructions for using letsencrypt and acme.
I did a few parts, but am stuck, has anyone documented their install proceedure?
Thanks!
There is a good video on youtube that walks you through it. Hopefully, you find it helpful:

https://www.youtube.com/watch?v=nL0x0LIpLlk

Initially, it was tricky for me because I had firewall rules set in place that I had to deal with.
 
I saw that but it's different, and I'm tryin to use this for PM MGW and they are referring to PVE....
Thank you
Ah got ya! I am not familiar with the gateway software but I would assume it would be a similar process. Hope you find a solution! If I come up with anything, will make sure to share it with you!
 
  • Like
Reactions: MiamiJack

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!