[SOLVED] LetsEncrypt SSL Error

S

SagnikS

Well-Known Member
Feb 23, 2018
42
2
48
23
I tried generating an SSL certificate on this new Proxmox VE host, I just installed today. Normally, it works just fine, but I'm getting this error now. I've redacted the actual hostname.

Code: 
Loading ACME account details
Placing ACME order
Order URL: https://acme-v02.api.letsencrypt.org/acme/order/85468476/3267292027

Getting authorization details from 'https://acme-v02.api.letsencrypt.org/acme/authz-v3/4414329022'
The validation for <hostname> is pending!
TASK ERROR: plugin 'standalone' for domain '<hostname>' not found!

Any help would be appreciated. Thanks :)
 
it's a bug, should be fixed soon. you can workaround it by doing
touch /etc/pve/priv/acme/plugins.cfg
 
  • Like
Reactions: SagnikS and Moayad
Similar issue here... On all cluster nodes :(

Code: 
Loading ACME account details
Placing ACME order
Order URL: https://acme-v02.api.letsencrypt.org/acme/order/xxxxxx/xxxxxx

Getting authorization details from 'https://acme-v02.api.letsencrypt.org/acme/authz-v3/xxxxxxx'
The validation for xxxxxxxxx.com.pl is pending!
TASK ERROR: no config for domain 'xxxxxxxxx.com.pl'

Workaround with touching plugins.cfg not working.
Workaround with ACMEPlugin.pm (https://forum.proxmox.com/threads/r...alone-for-domain-not-found.69485/#post-311569) not valid too - we have proper content.
 
that's a different error though.. could you post the output of 'pveversion -v' and 'pvenode config get' ? feel free to censor the actual domains..
 
Hi,
Please find output below:

Code: 
[2020-06-08 11:04:35 CEST] root@XXXXXXXX:~# pveversion -v
proxmox-ve: 6.2-1 (running kernel: 5.4.41-1-pve)
pve-manager: 6.2-4 (running version: 6.2-4/9824574a)
pve-kernel-5.4: 6.2-2
pve-kernel-helper: 6.2-2
pve-kernel-5.3: 6.1-6
pve-kernel-5.0: 6.0-11
pve-kernel-5.4.41-1-pve: 5.4.41-1
pve-kernel-5.4.34-1-pve: 5.4.34-2
pve-kernel-5.3.18-3-pve: 5.3.18-3
pve-kernel-5.3.18-2-pve: 5.3.18-2
pve-kernel-5.3.13-3-pve: 5.3.13-3
pve-kernel-5.3.13-1-pve: 5.3.13-1
pve-kernel-5.3.10-1-pve: 5.3.10-1
pve-kernel-5.0.21-5-pve: 5.0.21-10
pve-kernel-5.0.21-4-pve: 5.0.21-9
pve-kernel-5.0.21-3-pve: 5.0.21-7
pve-kernel-5.0.21-2-pve: 5.0.21-7
pve-kernel-5.0.21-1-pve: 5.0.21-2
pve-kernel-5.0.18-1-pve: 5.0.18-3
pve-kernel-5.0.15-1-pve: 5.0.15-1
ceph: 14.2.9-pve1
ceph-fuse: 14.2.9-pve1
corosync: 3.0.3-pve1
criu: 3.11-3
glusterfs-client: 5.5-3
ifupdown: 0.8.35+pve1
ksm-control-daemon: 1.3-1
libjs-extjs: 6.0.1-10
libknet1: 1.15-pve1
libproxmox-acme-perl: 1.0.4
libpve-access-control: 6.1-1
libpve-apiclient-perl: 3.0-3
libpve-common-perl: 6.1-2
libpve-guest-common-perl: 3.0-10
libpve-http-server-perl: 3.0-5
libpve-storage-perl: 6.1-8
libqb0: 1.0.5-1
libspice-server1: 0.14.2-4~pve6+1
lvm2: 2.03.02-pve4
lxc-pve: 4.0.2-1
lxcfs: 4.0.3-pve2
novnc-pve: 1.1.0-1
proxmox-mini-journalreader: 1.1-1
proxmox-widget-toolkit: 2.2-1
pve-cluster: 6.1-8
pve-container: 3.1-6
pve-docs: 6.2-4
pve-edk2-firmware: 2.20200229-1
pve-firewall: 4.1-2
pve-firmware: 3.1-1
pve-ha-manager: 3.0-9
pve-i18n: 2.1-2
pve-qemu-kvm: 5.0.0-2
pve-xtermjs: 4.3.0-1
qemu-server: 6.2-2
smartmontools: 7.1-pve2
spiceterm: 3.1-1
vncterm: 1.6-1
zfsutils-linux: 0.8.4-pve1
[2020-06-08 11:04:48 CEST] root@xxxxxx:~# pvenode config get
acme: domains=R710-xxxxxx.xxxxxx.com.pl
 
was the censored domain from the initial log the full domain string from the config, or just the latter part? e.g., if your full domain is R710-foo.bar.com.pl, did the log show that or bar.com.pl?
 
Hi,
The scheme is [model]-[servicetag].[domain].com.pl (XXX-YYYYYY.domain.com.pl)
(hostname contains a dash)
Sorry for confusion, I should censor full hostname ;-)
(anyway, it worked all the time since PVE6.0, just now stopped)
 
that did not exactly answer my question ;)

what does the following report?

Code: 
perl -e 'use strict; use warnings; use PVE::NodeConfig; use Data::Dumper; my $nodecfg = PVE::NodeConfig::load_config(PVE::INotify::nodename()); print Dumper(PVE::NodeConfig::get_acme_conf($nodecfg))'

are there any special characters inside the hostname that might lead to encoding issues?
 
Oh, I'm sorry, I didn't noticed 'initial log' part ;-)

So... Again ;-)
Code: 
Loading ACME account details
Placing ACME order
Order URL: https://acme-v02.api.letsencrypt.org/acme/order/123456/78901234

Getting authorization details from 'https://acme-v02.api.letsencrypt.org/acme/authz-v3/123456789'
The validation for r210-YYYY.DDDD.com.pl is pending!
TASK ERROR: no config for domain 'r210-YYYY.DDDD.com.pl'
The error says: "no config for fqdn" and "validation for fqdn is pending"

Code: 
[2020-06-08 11:07:58 CEST] root@R210-YYYY:~# perl -e 'use strict; use warnings; use PVE::NodeConfig; use Data::Dumper; my $nodecfg = PVE::NodeConfig::load_config(PVE::INotify::nodename()); print Dumper(PVE::NodeConfig::get_acme_conf($nodecfg))'
$VAR1 = {
          'account' => 'default',
          'domains' => {
                         'R210-YYYYYY.DDDDD.com.pl' => {
                                                           'plugin' => 'standalone',
                                                           '_configkey' => 'acme'
                                                         }
                       }
        };
And except hyphen - no special characters used.

Different node, the same cluster, the same SW versions:
Code: 
[2020-06-08 11:07:31 CEST] root@R710-3608JS1:~# perl -e 'use strict; use warnings; use PVE::NodeConfig; use Data::Dumper; my $nodecfg = PVE::NodeConfig::load_config(PVE::INotify::nodename()); print Dumper(PVE::NodeConfig::get_acme_conf($nodecfg))'
$VAR1 = {
          'domains' => {
                         'R710-3608JS1.domain.com.pl' => {
                                                           '_configkey' => 'acme',
                                                           'plugin' => 'standalone'
                                                         }
                       },
          'account' => 'default'
        };
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back