Let's encrypt + Free + bookmyname

Z

zacra

New Member
Aug 3, 2022
5
0
1
Hello,
I want to install a let's encrypt ssl certificate on my proxmox.
I bought a domain name from bookmyname because I used to work with them.

The dns of this domain name is attached to my Freebox, in fixed IP and in full stack. I also configured my Freebox reverse dns to be consistent with the domain name.

I wanted to generate a certificate from proxmox in http01, but I think I can't.
I tried with dns but bookmyname does not provide a plugin for ssl.
I'm a bit lost and I can't manage to generate the ssl.
I also tried going through nginx proxy manager, but generating the ssl for the subdomain does not work.
 
You have two options. The simple way of HTTP verification. For this, the FQDN (hostname + domain) should match the external domain. On port 80 on that domain, letsencrypt needs to be able to access the server directly (port forwarding). The Proxmox VE stack will create a webserver listening on port 80 by itself to answer the letsencrypt verification.

The other option is via DNS. For this, you need a DNS provider that has an API, and that API needs to be supported by acme.sh (used by Proxmox VE).
If the DNS provider does not have an API (that is supported by acme.sh), you might have another one that is. In that case you could use the fact that DNS requests can be delegated to other DNS zones.

In practice, this means that you would create a DNS plugin config under Datacenter -> ACME for the other DNS provider that has API support. Then create CNAME records on the actual domain that point to the other domain with API support.

For example:
Code: 
_acme-challenge.pveserver.mydomain.com.    3600    IN    CNAME    _acme-challenge.otherdomain-with-api.com.
Then configure it with an alias (currently only possible via the CLI):
Code: 
pvenode config set --acmedomain0 domain=pveserver.mydomain.com,alias=otherdomain-with-api.com,plugin=<name of DNS plugin created earlier>
This way, letsencrypt is redirected and the PVE node will create the challenge response with the configured DNS Plugin on the other domain.
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom