Not able to order ACME cert

papatikka

New Member
Jun 26, 2023
27
0
1
I figured out to make my DC safer and add SSL cert for trusted https that is only accessible from LAN, with 2FA etc...

however when pvenode acme cert order -f

Code:
Can't use an undefined value as a HASH reference at /usr/share/perl5/PVE/API2/ACME.pm line 196.

I never messed with certs before, this is first time and I just followed the steps of https://pve.proxmox.com/wiki/Certificate_Management
and yeah... it stops at pvenode acme cert order...

I tried following the solution for lps90 but I have no file at etc/default/pveproxy, doesn't exist.

So... I am at loss... what should I do?
 
What is version of Proxmox VE you're using?
Code:
pveversion -v
proxmox-ve: 8.0.1 (running kernel: 6.2.16-3-pve)
pve-manager: 8.0.3 (running version: 8.0.3/bbf3993334bfa916)
pve-kernel-6.2: 8.0.2
pve-kernel-5.15: 7.4-4
pve-kernel-6.2.16-3-pve: 6.2.16-3
pve-kernel-5.15.108-1-pve: 5.15.108-1
pve-kernel-5.15.102-1-pve: 5.15.102-1
ceph-fuse: 16.2.11+ds-2
corosync: 3.1.7-pve3
criu: 3.17.1-2
glusterfs-client: 10.3-5
ifupdown2: 3.2.0-1+pmx3
ksm-control-daemon: 1.4-1
libjs-extjs: 7.0.0-3
libknet1: 1.25-pve1
libproxmox-acme-perl: 1.4.6
libproxmox-backup-qemu0: 1.4.0
libproxmox-rs-perl: 0.3.0
libpve-access-control: 8.0.3
libpve-apiclient-perl: 3.3.1
libpve-common-perl: 8.0.5
libpve-guest-common-perl: 5.0.3
libpve-http-server-perl: 5.0.3
libpve-rs-perl: 0.8.3
libpve-storage-perl: 8.0.2
libspice-server1: 0.15.1-1
lvm2: 2.03.16-2
lxc-pve: 5.0.2-4
lxcfs: 5.0.3-pve3
novnc-pve: 1.4.0-2
proxmox-backup-client: 3.0.1-1
proxmox-backup-file-restore: 3.0.1-1
proxmox-kernel-helper: 8.0.2
proxmox-mail-forward: 0.2.0
proxmox-mini-journalreader: 1.4.0
proxmox-widget-toolkit: 4.0.5
pve-cluster: 8.0.1
pve-container: 5.0.4
pve-docs: 8.0.4
pve-edk2-firmware: 3.20230228-4
pve-firewall: 5.0.2
pve-firmware: 3.7-1
pve-ha-manager: 4.0.2
pve-i18n: 3.0.4
pve-qemu-kvm: 8.0.2-3
pve-xtermjs: 4.16.0-3
qemu-server: 8.0.6
smartmontools: 7.3-pve1
spiceterm: 3.3.0
swtpm: 0.8.0+pve1
vncterm: 1.8.0
zfsutils-linux: 2.1.12-pve1
 
Hi,

Sorry for the late answer...

Thank you for the output of pveversion -v! can you please check of the configuration for the ACME if correct?

What do you see in the syslog during the order a new certificate?
 
the error does sound like your config is wrong - could you post the complete node config file?
 
the error does sound like your config is wrong - could you post the complete node config file?


Sorry, I've had a lot stuff to do but now I am utilizing tailscale and its become important for me to have valid HTTPS cert when I'm using vpn services to access my LAN.

Do you mean
Code:
/etc/pve/nodes/y33/config
?

It's empty except a ACME account/user and nothing else.
 
Last edited:
you have to specify the domain there as well.. I'd suggest configuring it over the web UI if you are unsure!
 
that won't work (at least not for a trusted-by-default CA like Let's Encrypt). for IP addresses or internal/local domains you can only use an internal CA or self-signed certificates, in which case your client system(s) must trust that CA (or self-signed certificate)..
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!