Ordering certificate fails with ACME DNS plugin for cyon.ch

[tofele]

I am new to Proxmox, just installed PVE 8.2.7 and am now trying to set up Let's Encrypt certificates following the instructions at https://www.derekseaman.com/2023/04/proxmox-lets-encrypt-ssl-the-easy-button.html

The ACME DNS Plugin I use is for cyon. When I try to order a certificate in staging I get the following error:

Loading ACME account details
Placing ACME order
Order URL: https://acme-staging-v02.api.letsencrypt.org/acme/order/167888573/19870383473

Getting authorization details from 'https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/14509536443'
The validation for proxmox.mydomain.com is pending!
[Sun Oct 20 13:07:39 CEST 2024]
[Sun Oct 20 13:07:39 CEST 2024] +---------------------------------------------+
[Sun Oct 20 13:07:39 CEST 2024] | Adding DNS TXT entry to your cyon.ch domain |
[Sun Oct 20 13:07:39 CEST 2024] +---------------------------------------------+
[Sun Oct 20 13:07:39 CEST 2024]
[Sun Oct 20 13:07:39 CEST 2024]   * Full Domain: _acme-challenge.proxmox.mydomain.com
[Sun Oct 20 13:07:39 CEST 2024]   * TXT Value:   w7xlEtnEvoNamCETcWWzkd5-VjkienuisqN05BWdZjU
[Sun Oct 20 13:07:39 CEST 2024]
[Sun Oct 20 13:07:39 CEST 2024]   - Logging in...
[Sun Oct 20 13:07:39 CEST 2024]     success
[Sun Oct 20 13:07:40 CEST 2024]
[Sun Oct 20 13:07:40 CEST 2024]   - Changing domain environment...
[Sun Oct 20 13:07:42 CEST 2024]     success
[Sun Oct 20 13:07:42 CEST 2024]
[Sun Oct 20 13:07:42 CEST 2024]   - Adding DNS TXT entry...
[Sun Oct 20 13:07:43 CEST 2024]     success (TXT|_acme-challenge.proxmox.mydomain.com.|w7xlEtnEvoNamCETcWWzkd5-VjkienuisqN05BWdZjU)
[Sun Oct 20 13:07:43 CEST 2024]
[Sun Oct 20 13:07:43 CEST 2024]   - Logging out...
[Sun Oct 20 13:07:44 CEST 2024]     success
[Sun Oct 20 13:07:44 CEST 2024]
Add TXT record: _acme-challenge.proxmox.mydomain.com
Sleeping 30 seconds to wait for TXT record propagation
Triggering validation
Sleeping for 5 seconds
[Sun Oct 20 13:08:20 CEST 2024]
[Sun Oct 20 13:08:20 CEST 2024] +-------------------------------------------------+
[Sun Oct 20 13:08:20 CEST 2024] | Deleting DNS TXT entry from your cyon.ch domain |
[Sun Oct 20 13:08:20 CEST 2024] +-------------------------------------------------+
[Sun Oct 20 13:08:20 CEST 2024]
[Sun Oct 20 13:08:20 CEST 2024]   * Full Domain: _acme-challenge.proxmox.mydomain.com
[Sun Oct 20 13:08:20 CEST 2024]
[Sun Oct 20 13:08:20 CEST 2024]   - Logging in...
[Sun Oct 20 13:08:20 CEST 2024]     success
[Sun Oct 20 13:08:21 CEST 2024]
[Sun Oct 20 13:08:21 CEST 2024]   - Changing domain environment...
[Sun Oct 20 13:08:23 CEST 2024]     success
[Sun Oct 20 13:08:23 CEST 2024]
[Sun Oct 20 13:08:23 CEST 2024]   - Deleting DNS TXT entry...
[Sun Oct 20 13:08:26 CEST 2024]     success (TXT|_acme-challenge.proxmox.mydomain.com.|w7xlEtnEvoNamCETcWWzkd5-VjkienuisqN05BWdZjU)
[Sun Oct 20 13:08:26 CEST 2024]     done
[Sun Oct 20 13:08:26 CEST 2024]
[Sun Oct 20 13:08:26 CEST 2024]   - Logging out...
[Sun Oct 20 13:08:26 CEST 2024]     success
[Sun Oct 20 13:08:26 CEST 2024]
Remove TXT record: _acme-challenge.proxmox.mydomain.com
TASK ERROR: validating challenge 'https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/14509536443' failed - status: invalid

Looking at the error message from the validating challenge part, I get this error:

DNS problem: NXDOMAIN looking up TXT for _acme-challenge.proxmox.mydomain.com - check that a DNS record exists for this domain

I am new to Proxmox and not an expert on Let's Encrypt and DNS, but I can see in my DNS records that the TXT entry is added and then removed again. The error looks like it is trying to validate it after the TXT entry has been removed again ... ??? Is this some race condition?

What am I missing here or what am I doing wrong?

 

[Salzi]

This has nothing to do with Proxmox. Cyon changed their API in October. Unfortunately, since there was no (proper) validation in acme.sh, the error isn't visible. The required TXT entries are simply not being created with the current script. Someone created a fix for this, but the pull request was deleted. I'm not entirely sure why.