Https ACME

A

Arthur777

New Member
Apr 2, 2024
22
0
1
Hello, I'm trying to switch to HTTPS using ACME in my Proxmox cluster, but I'm encountering some difficulties.

I went to my PVE1 -> Certificate -> Add ACME Account.

Then, I went to Add -> HTTP and entered the domain pve1.example.com.

Does anyone have any idea why?

Thanks in advance.

Capture d'écran 2024-04-08 101626.png
 
Hi,

is the server publicly reachable? The default HTTP challenge of Let's Encrypt requires that.
If not, have you set up an appropriate DNS challenge plugin?

Please also see our extensive documentation on ACME Plugins, that should hopefully explain everything in detail.
 
Yes, I've seen that this could be the problem. The issue is that I have no idea what they mean by API identifier... I don't know what my API is or its identifiers. Its just a local home lab


Capture d'écran 2024-04-08 110230.png
 
So to order and receive a TLS certificate, Let's Encrypt must verify that you own the specified domain - through the so-called challenge.
It can either do that via HTTP (meaning the server must be publicly reachable) or via DNS. For the latter you need a DNS provider with a supported API (which is basically most of them).

So, you must have the DNS entries of your domain somewhere hosted. Based the WHOIS record, it seems to be GoDaddy/EasyDNS?

(Of course you can also go the route of running your internal CA, but that's a different story.)
 
I have tried this, but it doesn't seem to work.


curl https://get.acme.sh | sh -s email=youremail


acme.sh --issue --syslog 6 -d pve1.example.com --dns dns_acmedns --preferred-chain "ISRG Root X2" --keylength ec-256 --server letsencrypt



I have this issues with the seconde command :

[Mon Apr 8 11:53:56 AM CEST 2024] Using CA: https://acme-v02.api.letsencrypt.org/directory

[Mon Apr 8 11:53:56 AM CEST 2024] Create account key ok.

[Mon Apr 8 11:53:57 AM CEST 2024] Registering account: https://acme-v02.api.letsencrypt.org/directory

[Mon Apr 8 11:53:58 AM CEST 2024] Registered

[Mon Apr 8 11:53:58 AM CEST 2024] ACCOUNT_THUMBPRINT='XkDCyuvb3BK96MTFi1db8RkAaEV5awphDZy6huDjIUA'

[Mon Apr 8 11:53:58 AM CEST 2024] Creating domain key

[Mon Apr 8 11:53:58 AM CEST 2024] The domain key is here: /root/.acme.sh/pve1.example.com_ecc/pve1.example.com.key

[Mon Apr 8 11:53:58 AM CEST 2024] Single domain='pve1.example.com'

[Mon Apr 8 11:53:58 AM CEST 2024] Create new order error. Le_OrderFinalize not found. {

"type": "urn:ietf:params:acme:error:rejectedIdentifier",

"detail": "Error creating new order :: Cannot issue for \"pve1.example.com\": The ACME server refuses to issue a certificate for this domain name, because it is forbidden by policy",

"status": 400
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back