[SOLVED] Lets Encrypt Cert on GUI not working

[fgams]

ACME is working and a valid certificate is installed.
SMTP uses the certificate and it works.

HTTPS on the GUI does not work, it uses the self signed cert.

How do I fix this?

Thanks

 

[Stoiko Ivanov]

Could you show your ACME and Certificate config? (Screenshots would do).

In general PMG has 2 Certificates (one for SMTP, and one for the API(8006)) - and you need to order one certificate for each use - just click on
'Order Certificates Now' in GUI->Configuration->Certificates->ACME and select 'Order API Certificate now'

I hope this helps!

 

[fgams]

When I try to order the API certificate, I get an error message. Does the API cert has to have a different hostname than the SMTP cert?

 

[Stoiko Ivanov]

what's the content of /etc/pmg/node.conf on the PMG?
did you edit that file manually?

Thanks!

 

[fgams]

I did not edit the file manually. Thanks for your help!

 

[Stoiko Ivanov]

I did not edit the file manually. Thanks for your help!

Thanks for pointing me to a small bug!

The issue is that you can save the same domain multiple times, but this (sadly) renders the config-file invalid
try replacing acmedomain0...acmedomain4 in the file by

acmedomain0: fides.gams.biz,usage=smtp;api

This should fix the issue (and you should be able to order an API cert via GUI)

 

[fgams]

That worked beautifully!

Thanks again.

 

[Stoiko Ivanov]

Glad that worked - I sent a preliminary patch for the issue to the pmg-devel mailinglist:
https://lists.proxmox.com/pipermail/pmg-devel/2021-June/001773.html

once this (or an improved version) has been applied the issue should not happen anymore
Thanks to you!

 

[velocity08]

Hi @Stoiko Ivanov

we've just encountered the same issue but after applying the fix suggested we are getting the below error:

• the domain name is valid
• DNS resolves to the domain name
• port 80 is open and pointing to PMG

any ideas?

Proxmox
Mail Gateway 6.4-4
Using Account:
default
()
Loading ACME account details
Placing ACME order
Order URL: https://acme-v02.api.letsencrypt.org/acme/order/127876665/10568835307

Getting authorization details from 'https://acme-v02.api.letsencrypt.org/acme/authz-v3/14194333989'
The validation for pmg.havencab.com.au is pending!
Setting up webserver
Triggering validation
Sleeping for 5 seconds
TASK ERROR: validating challenge 'https://acme-v02.api.letsencrypt.org/acme/authz-v3/14194333989' failed - status: invalid, Invalid response from http://sub.domainname.com.au/.well-known/acme-challenge/AnFvukRC8DNXwGdQNI6t0x3aKg-LxXtY4Ik-57fc60E [202.129.245.25]: "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01//EN\"\"http://www.w3.org/TR/html4/strict.dtd\">\r\n<HTML><HEAD><TITLE>Not Found</TITLE>\r"

""Cheers
G