Missing ACME account info for new & updated accounts.

[DICKHILL]

Hi there!
Running fully updated proxmox-ve 8.4.0 & pve-manager 8.4.14 here...
So I don't know if this also exists in 9.1 or what most of you guys run.

Spoiler: Package list

proxmox-ve: 8.4.0 (running kernel: 6.8.12-17-pve)
pve-manager: 8.4.14 (running version: 8.4.14/b502d23c55afcba1)
proxmox-kernel-helper: 8.1.4
pve-kernel-5.15: 7.4-9
proxmox-kernel-6.8: 6.8.12-17
proxmox-kernel-6.8.12-17-pve-signed: 6.8.12-17
proxmox-kernel-6.8.12-11-pve-signed: 6.8.12-11
proxmox-kernel-6.5.13-6-pve-signed: 6.5.13-6
proxmox-kernel-6.5: 6.5.13-6
pve-kernel-5.15.131-2-pve: 5.15.131-3
pve-kernel-5.4.203-1-pve: 5.4.203-1
ceph-fuse: 16.2.15+ds-0+deb12u1
corosync: 3.1.9-pve1
criu: 3.17.1-2+deb12u2
glusterfs-client: 10.3-5
ifupdown: not correctly installed
ifupdown2: 3.2.0-1+pmx11
libjs-extjs: 7.0.0-5
libknet1: 1.30-pve2
libproxmox-acme-perl: 1.6.0
libproxmox-backup-qemu0: 1.5.2
libproxmox-rs-perl: 0.3.5
libpve-access-control: 8.2.2
libpve-apiclient-perl: 3.3.2
libpve-cluster-api-perl: 8.1.2
libpve-cluster-perl: 8.1.2
libpve-common-perl: 8.3.4
libpve-guest-common-perl: 5.2.2
libpve-http-server-perl: 5.2.2
libpve-network-perl: 0.11.2
libpve-rs-perl: 0.9.4
libpve-storage-perl: 8.3.7
libspice-server1: 0.15.1-1
lvm2: 2.03.16-2
lxc-pve: 6.0.0-2
lxcfs: 6.0.0-pve2
novnc-pve: 1.6.0-2
proxmox-backup-client: 3.4.7-1
proxmox-backup-file-restore: 3.4.7-1
proxmox-backup-restore-image: 0.7.0
proxmox-firewall: 0.7.1
proxmox-kernel-helper: 8.1.4
proxmox-mail-forward: 0.3.3
proxmox-mini-journalreader: 1.5
proxmox-offline-mirror-helper: 0.6.8
proxmox-widget-toolkit: 4.3.13
pve-cluster: 8.1.2
pve-container: 5.3.3
pve-docs: 8.4.1
pve-edk2-firmware: not correctly installed
pve-esxi-import-tools: 0.7.4
pve-firewall: 5.1.2
pve-firmware: 3.16-3
pve-ha-manager: 4.0.7
pve-i18n: 3.4.5
pve-qemu-kvm: 9.2.0-7
pve-xtermjs: 5.5.0-2
qemu-server: 8.4.5
smartmontools: 7.3-pve1
spiceterm: 3.3.1
swtpm: 0.8.0+pve1
vncterm: 1.8.1
zfsutils-linux: 2.2.8-pve1

But I just noticed that when creating, and updating existing, ACME accounts, all data aren't saved to the account-file.
The WebUI account info are plain empty. - Which is caused by missing "contact" section.

Let's say you installed Proxmox back in 2021 (like me) and have the "default" account.
That shows all info in the WebUI and also by running "pvenode acme account info" you see the "contact" and "initialIp" fields.

But if you update that "default" (or any other) account or create a new one, it doesn't save the "contact" or "initialIp" fields.
"initialIp" isn't visible in WebUI and aren't important, but the contact/mailto is.

You can just edit the account account-file and add the "contact" section yourself (with correct email of course) and it shows the info in WebUI again.

/etc/pve/priv/acme/default

{
   "account" : {
      "contact" : [
         "mailto:HIDDEN@MAIL.TLD"
      ],
      "createdAt" : "2021-04-07T17:33:55.518468265Z",
      "initialIp" : "194.XXX.XXX.24",
      "key" : {
         "e" : "AQAB",
         "kty" : "RSA",
         "n" : "7Ju ... u50",
         "use" : "sig"
      },
      "status" : "valid"
   },
   "directory" : "https://acme-v02.api.letsencrypt.org/directory",
   "key" : "-----BEGIN RSA PRIVATE KEY-----\n ... \n-----END RSA PRIVATE KEY-----\n",
   "location" : "https://acme-v02.api.letsencrypt.org/acme/acct/XXX",
   "tos" : "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf"
}

/etc/pve/priv/acme/test-LEv2

{
   "account" : {
      "createdAt" : "2025-12-17T06:16:28.990082319Z",
      "key" : {
         "e" : "AQAB",
         "kty" : "RSA",
         "n" : "pEn ... IIs",
         "use" : "sig"
      },
      "status" : "valid"
   },
   "directory" : "https://acme-staging-v02.api.letsencrypt.org/directory",
   "key" : "-----BEGIN RSA PRIVATE KEY-----\n ... \n-----END RSA PRIVATE KEY-----\n",
   "location" : "https://acme-staging-v02.api.letsencrypt.org/acme/acct/XXX",
   "tos" : "https://letsencrypt.org/documents/LE-SA-v1.6-August-18-2025.pdf"

 

[fabian]

it does seem to work on PVE 9.1.. (it doesn't add the `contact`, but the account is selectable/usable )

 

[DICKHILL]

Thanks for the reply...

It's also selectable/useable here.
Found only out since I wanted to change mail address for my account and therefore updated it.

But can you see information about the account(s) in the WebUI on 9.1 then?
Otherwise it must be a bug there too, since the "contact mailto" aren't saved there as well?

 

[fabian]

the information is stripped when storing, yes. the contact field is not used by the ACME client, but by the CA. you can always get the account info from the CA using the key, which is stored.

 

[DICKHILL]

Oh, so it's intentionally not saved in the account-file.
But why, when WebUI then doesn't show anything? - Still must be a bug somewhere?

I do understand that the email only are used by CA.
Is it really just me or wouldn't it be nice to see which email was used for each account?
(All this was only because I saw my personal email on my default account and then wanted to update with proper email.)

 

[fabian]

I think originally the reasoning was that it's not useful for the client to store that information. that it doesn't render correctly for you seems strange and likely a bug, for me it does render correctly.

what does "pvesh get /cluster/acme/account/test-LEv2 --output-format json-pretty" print?

 

[DICKHILL]

Oh okay, so it works as intended on 9.1 - Good!
I thought it were a bug and I actually just wanted to inform.

Personally I don't care, since 8.4 have EOL next year and I'm going to install all over.

root@pve1:~# pvesh get /cluster/acme/account/test-LEv2 --output-format json-pretty
{
   "account" : {
      "createdAt" : "2025-12-17T06:16:28.990082319Z",
      "key" : {
         "e" : "AQAB",
         "kty" : "RSA",
         "n" : "pEn ... IIs",
         "use" : "sig"
      },
      "status" : "valid"
   },
   "directory" : "https://acme-staging-v02.api.letsencrypt.org/directory",
   "location" : "https://acme-staging-v02.api.letsencrypt.org/acme/acct/XXX",
   "tos" : "https://letsencrypt.org/documents/LE-SA-v1.6-August-18-2025.pdf"
}