[TUTORIAL] How-To -- Lets Encrypt and PMG

[zadro]

These instructions are fantastic. However, the cert on our server would not autorenew, due to:

"Problem binding to port 80: Could not bind to IPv4 or IPv6"

It turns out that with "authenticator" set to "standalone" it competes with nginx on port 80. You can stop nginx then the cert will renew -- but this is not ideal.

Steps to resolve:

1. nano /etc/letsencrypt/renewal/{your.server.name.conf}
2. Add new line under [renewalparams] "installer = nginx"

That should do it.

Or, you might need to install the plugin "apt install python3-certbot-nginx" to change the authenticator to "nginx" instead of standalone.

 

[Stoiko Ivanov]

Just for completeness sake - PMG now ships its own ACME /Let's encrypt integration (which can be used via the GUI) - thus you need not install additional packages.
(of course if you've got something like nginx configured to listen on port 80, then the standalone plugin cannot work either)

 

[t.lamprecht]

Adding to that, PMG's native ACME/Let's Encrypt integration is documented here: https://pmg.proxmox.com/pmg-docs/pmg-admin-guide.html#sysadmin_certificate_management

 

[zadro]

Does the new ACME integration work in conjunction with creating a web interface for quarantine over standard HTTP/S ports?

Using this type of setup: https://pmg.proxmox.com/wiki/index.php/Quarantine_Web_Interface_Via_Nginx_Proxy

If not, seems it's best to use the manual setup route -- at least for our needs to allow users seamless management.

 

[Stoiko Ivanov]

Does the new ACME integration work in conjunction with creating a web interface for quarantine over standard HTTP/S ports?

As said - if the proxy is constantly listening on port 80 then it will not work with the standalone plugin (DNS based authorizations should work though).

However you could consider letting your proxy server/nginx listen only on 443 (since the quarantine report contains the link - and you can set that to point to https) and leave port 80 unused.

 

[MiamiJack]

Sorry to hit up this older thread, but I couldn't find good step by step instructions for using letsencrypt and acme.
I did a few parts, but am stuck, has anyone documented their install proceedure?
Thanks!

 

[rtlarose]

Sorry to hit up this older thread, but I couldn't find good step by step instructions for using letsencrypt and acme.
I did a few parts, but am stuck, has anyone documented their install proceedure?
Thanks!

There is a good video on youtube that walks you through it. Hopefully, you find it helpful:

https://www.youtube.com/watch?v=nL0x0LIpLlk

Initially, it was tricky for me because I had firewall rules set in place that I had to deal with.

 

[MiamiJack]

I saw that but it's different, and I'm tryin to use this for PM MGW and they are referring to PVE....
Thank you

 

[rtlarose]

I saw that but it's different, and I'm tryin to use this for PM MGW and they are referring to PVE....
Thank you

Ah got ya! I am not familiar with the gateway software but I would assume it would be a similar process. Hope you find a solution! If I come up with anything, will make sure to share it with you!