[SOLVED] LetsEncrypt SSL Error

S

SagnikS

Well-Known Member
Feb 23, 2018
43
2
48
23
I tried generating an SSL certificate on this new Proxmox VE host, I just installed today. Normally, it works just fine, but I'm getting this error now. I've redacted the actual hostname.

Code: 
Loading ACME account details
Placing ACME order
Order URL: https://acme-v02.api.letsencrypt.org/acme/order/85468476/3267292027

Getting authorization details from 'https://acme-v02.api.letsencrypt.org/acme/authz-v3/4414329022'
The validation for <hostname> is pending!
TASK ERROR: plugin 'standalone' for domain '<hostname>' not found!

Any help would be appreciated. Thanks :)
 
it's a bug, should be fixed soon. you can workaround it by doing
touch /etc/pve/priv/acme/plugins.cfg
 
  • Like
Reactions: SagnikS and Moayad
Similar issue here... On all cluster nodes :(

Code: 
Loading ACME account details
Placing ACME order
Order URL: https://acme-v02.api.letsencrypt.org/acme/order/xxxxxx/xxxxxx

Getting authorization details from 'https://acme-v02.api.letsencrypt.org/acme/authz-v3/xxxxxxx'
The validation for xxxxxxxxx.com.pl is pending!
TASK ERROR: no config for domain 'xxxxxxxxx.com.pl'

Workaround with touching plugins.cfg not working.
Workaround with ACMEPlugin.pm (https://forum.proxmox.com/threads/r...alone-for-domain-not-found.69485/#post-311569) not valid too - we have proper content.
 
that's a different error though.. could you post the output of 'pveversion -v' and 'pvenode config get' ? feel free to censor the actual domains..
 
Hi,
Please find output below:

Code: 
[2020-06-08 11:04:35 CEST] root@XXXXXXXX:~# pveversion -v
proxmox-ve: 6.2-1 (running kernel: 5.4.41-1-pve)
pve-manager: 6.2-4 (running version: 6.2-4/9824574a)
pve-kernel-5.4: 6.2-2
pve-kernel-helper: 6.2-2
pve-kernel-5.3: 6.1-6
pve-kernel-5.0: 6.0-11
pve-kernel-5.4.41-1-pve: 5.4.41-1
pve-kernel-5.4.34-1-pve: 5.4.34-2
pve-kernel-5.3.18-3-pve: 5.3.18-3
pve-kernel-5.3.18-2-pve: 5.3.18-2
pve-kernel-5.3.13-3-pve: 5.3.13-3
pve-kernel-5.3.13-1-pve: 5.3.13-1
pve-kernel-5.3.10-1-pve: 5.3.10-1
pve-kernel-5.0.21-5-pve: 5.0.21-10
pve-kernel-5.0.21-4-pve: 5.0.21-9
pve-kernel-5.0.21-3-pve: 5.0.21-7
pve-kernel-5.0.21-2-pve: 5.0.21-7
pve-kernel-5.0.21-1-pve: 5.0.21-2
pve-kernel-5.0.18-1-pve: 5.0.18-3
pve-kernel-5.0.15-1-pve: 5.0.15-1
ceph: 14.2.9-pve1
ceph-fuse: 14.2.9-pve1
corosync: 3.0.3-pve1
criu: 3.11-3
glusterfs-client: 5.5-3
ifupdown: 0.8.35+pve1
ksm-control-daemon: 1.3-1
libjs-extjs: 6.0.1-10
libknet1: 1.15-pve1
libproxmox-acme-perl: 1.0.4
libpve-access-control: 6.1-1
libpve-apiclient-perl: 3.0-3
libpve-common-perl: 6.1-2
libpve-guest-common-perl: 3.0-10
libpve-http-server-perl: 3.0-5
libpve-storage-perl: 6.1-8
libqb0: 1.0.5-1
libspice-server1: 0.14.2-4~pve6+1
lvm2: 2.03.02-pve4
lxc-pve: 4.0.2-1
lxcfs: 4.0.3-pve2
novnc-pve: 1.1.0-1
proxmox-mini-journalreader: 1.1-1
proxmox-widget-toolkit: 2.2-1
pve-cluster: 6.1-8
pve-container: 3.1-6
pve-docs: 6.2-4
pve-edk2-firmware: 2.20200229-1
pve-firewall: 4.1-2
pve-firmware: 3.1-1
pve-ha-manager: 3.0-9
pve-i18n: 2.1-2
pve-qemu-kvm: 5.0.0-2
pve-xtermjs: 4.3.0-1
qemu-server: 6.2-2
smartmontools: 7.1-pve2
spiceterm: 3.1-1
vncterm: 1.6-1
zfsutils-linux: 0.8.4-pve1
[2020-06-08 11:04:48 CEST] root@xxxxxx:~# pvenode config get
acme: domains=R710-xxxxxx.xxxxxx.com.pl
 
was the censored domain from the initial log the full domain string from the config, or just the latter part? e.g., if your full domain is R710-foo.bar.com.pl, did the log show that or bar.com.pl?
 
Hi,
The scheme is [model]-[servicetag].[domain].com.pl (XXX-YYYYYY.domain.com.pl)
(hostname contains a dash)
Sorry for confusion, I should censor full hostname ;-)
(anyway, it worked all the time since PVE6.0, just now stopped)
 
that did not exactly answer my question ;)

what does the following report?

Code: 
perl -e 'use strict; use warnings; use PVE::NodeConfig; use Data::Dumper; my $nodecfg = PVE::NodeConfig::load_config(PVE::INotify::nodename()); print Dumper(PVE::NodeConfig::get_acme_conf($nodecfg))'

are there any special characters inside the hostname that might lead to encoding issues?
 
Oh, I'm sorry, I didn't noticed 'initial log' part ;-)

So... Again ;-)
Code: 
Loading ACME account details
Placing ACME order
Order URL: https://acme-v02.api.letsencrypt.org/acme/order/123456/78901234

Getting authorization details from 'https://acme-v02.api.letsencrypt.org/acme/authz-v3/123456789'
The validation for r210-YYYY.DDDD.com.pl is pending!
TASK ERROR: no config for domain 'r210-YYYY.DDDD.com.pl'
The error says: "no config for fqdn" and "validation for fqdn is pending"

Code: 
[2020-06-08 11:07:58 CEST] root@R210-YYYY:~# perl -e 'use strict; use warnings; use PVE::NodeConfig; use Data::Dumper; my $nodecfg = PVE::NodeConfig::load_config(PVE::INotify::nodename()); print Dumper(PVE::NodeConfig::get_acme_conf($nodecfg))'
$VAR1 = {
          'account' => 'default',
          'domains' => {
                         'R210-YYYYYY.DDDDD.com.pl' => {
                                                           'plugin' => 'standalone',
                                                           '_configkey' => 'acme'
                                                         }
                       }
        };
And except hyphen - no special characters used.

Different node, the same cluster, the same SW versions:
Code: 
[2020-06-08 11:07:31 CEST] root@R710-3608JS1:~# perl -e 'use strict; use warnings; use PVE::NodeConfig; use Data::Dumper; my $nodecfg = PVE::NodeConfig::load_config(PVE::INotify::nodename()); print Dumper(PVE::NodeConfig::get_acme_conf($nodecfg))'
$VAR1 = {
          'domains' => {
                         'R710-3608JS1.domain.com.pl' => {
                                                           '_configkey' => 'acme',
                                                           'plugin' => 'standalone'
                                                         }
                       },
          'account' => 'default'
        };
 
You must log in or register to reply here.
Top Bottom