Hello
By digging in the code I saw that is possible (but only from console) to use dns challenge with alias. The problem is that nsupdate runs as nobody/nogroup, and if you want to keep the dns key in a single place somewhere in /etc/pve/ it will be root:www-data, and no 0644 is possible (even it could be, surely it will be not recommended).
Did I missed some settings ? How can I use nsupdate securely and put the dns key in a single place ?
[Sat Jul 11 18:53:05 EEST 2020] key "/etc/pve/xxxxxx.key" is unreadable
command 'setpriv --reuid nobody --regid nogroup --clear-groups --reset-env -- /bin/bash /usr/share/proxmox-acme/proxmox-acme setup nsupdate $alias_domain' failed: exit code 1
By digging in the code I saw that is possible (but only from console) to use dns challenge with alias. The problem is that nsupdate runs as nobody/nogroup, and if you want to keep the dns key in a single place somewhere in /etc/pve/ it will be root:www-data, and no 0644 is possible (even it could be, surely it will be not recommended).
Did I missed some settings ? How can I use nsupdate securely and put the dns key in a single place ?
[Sat Jul 11 18:53:05 EEST 2020] key "/etc/pve/xxxxxx.key" is unreadable
command 'setpriv --reuid nobody --regid nogroup --clear-groups --reset-env -- /bin/bash /usr/share/proxmox-acme/proxmox-acme setup nsupdate $alias_domain' failed: exit code 1
