Problems with linode_v4 and ACME DNS plugin

A

Anthony Hiscox

New Member
Nov 25, 2022
1
0
1
I am a brand new user that JUST installed Proxmox, so please bare with me if this is an easy thing. I'm trying to use linode_v4 plugin but no matter what I'm getting:


Code: 
Loading ACME account details
Placing ACME order
Order URL: https://acme-staging-v02.api.letsencrypt.org/acme/order/235235235/235235235

Getting authorization details from 'https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/2523523'
The validation for proxmox.mydomain.ca is pending!
[Thu Nov 24 21:18:00 MST 2022] Using Linode
sed: -e expression #1, char 49: Invalid preceding regular expression
[Thu Nov 24 21:18:11 MST 2022] Error adding the domain resource.
[Thu Nov 24 21:18:11 MST 2022] Error add txt for domain:_acme-challenge.proxmox.mydomain.ca
TASK ERROR: command 'setpriv --reuid nobody --regid nogroup --clear-groups --reset-env -- /bin/bash /usr/share/proxmox-acme/proxmox-acme setup linode_v4 proxmox.mydomain.ca' failed: exit code 1

I put my Linode API key at LINODE_V4_API_KEY=MYKEY at Datacenter -> ACME -> Challenge Plugins under API Data.
I tried with and without quotes. I made sure there was no beginning line or spaces, and tried with and without a single newline at the end, yet I continue to get this sed error.

I also tried manually adding via the command line with the same results. I got the suggestion for this from the single thread I can find with this issue:
https://forum.proxmox.com/threads/api-key.104255/#post-448849


In this thread Hannes recommends setting an environment variable before "running the setup command in the terminal"
I tried setting that before running pvenode acme plugin add dns linode --api linode_v4 but that didn't set the data field. I've also tried running that command with the --data switch pointing to a file that contains the LINODE_V4_API_KEY=MYKEY line, again with and without quotes.


Now I'm not sure what I should try next.

Edit: I had problems with my screen turning off when using the Proxmox installer, so I installed Debian Buster and Proxmox using these directions: https://pve.proxmox.com/wiki/Install_Proxmox_VE_on_Debian_Buster
Edit 2: I noticed that spaces keep getting applied to the API data somewhere between adding it and ordering the certificates. In both terminal and web I can confirm extra lines are added after this process.
 
Last edited:
Similar issue here:

Using
Code: 
LINODE_V4_API_KEY=<API_KEY>
works for me to add the TXT record to the DNS (verified on the DNS provider side) however the process fails with multiple sed errors.

Code: 
[Thu Mar  9 09:48:58 EST 2023] Using Linode
sed: -e expression #1, char 48: Invalid preceding regular expression
[Thu Mar  9 09:48:59 EST 2023] Domain resource successfully added.
Add TXT record: _acme-challenge.host.example.com
Sleeping 30 seconds to wait for TXT record propagation
Triggering validation
Sleeping for 5 seconds
[Thu Mar  9 09:49:34 EST 2023] Using Linode
sed: -e expression #1, char 48: Invalid preceding regular expression
sed: -e expression #1, char 51: Invalid preceding regular expression
Remove TXT record: _acme-challenge.host.example.com
TASK ERROR: validating challenge 'https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/5656933784' failed - status: invalid

Where the heck does that sed expression come from and where to debug?

If the error message would be more transparent with a bit more detail...
 
I was struggling with this, too, but I think I have a working solution.

  1. Open the web gui
  2. Select datacenter from the side bar
  3. Select that ACME tab
  4. Add your Let's Encrypt account
    1. Enter letsencrypt for the account name
    2. Enter your email
    3. Use Let's Encrypt V2 for the directory
    4. Check Accept TOS
    5. Click Register button
  5. Optional (Make a second account for staging so you don't get rate limited while testing)
  6. Add a challenge plugin
    1. Enter linode for the Plugin ID
    2. Change the validation delay to 120 (THIS IS KEY)
    3. Change DNS API to linode_V4
    4. Enter LINODE_V4_API_KEY=YOUR_API_KEYin API Data
      1. Do not quote the API key
      2. Ensure there are NO newlines before or after the API key
    5. Click Add
    6. Select the linode plugin
    7. Click the Edit Button
      1. Ensure proxmox did not insert any newlines either before or after your API key
      2. If there are newlines
        1. Remove them
        2. Click Okay
      3. If there are no newlines
        1. Click the X to close the dialog
  7. Select your proxmox host from the side bar
  8. Under System, Select the Certificates Tab
  9. Under ACME, Click Add
    1. Change Challenge Type to DNS
    2. Select linode as the Plugin
    3. Enter your proxmox server domain name
    4. Click the Create button
  10. Click Order Certificates Now
You will see sed errors in the output. If you have your API key in there as I have outlined, these will be a red herring. You can confirm this in two ways.

Do you see a line in the output that reads Domain resource successfully added? If so, you should be good.
Go to your linode domain management and look for the text records. You should see one that says _acme-challenge.YOUR_DOMAIN_NAME. If so, linode is working fine.

So what about the error validating challenge errors? As far as I can tell, Lets Encrypt needs more than the 30 second default propagation time. It needed more than 60 for me, too. 120 is the first value I tried that worked. It worked in staging, and it worked in production, so I'm sticking with it. It's a long time to wait for the first certificate, but it will renew in the background, so who cares after that?

You probably already found a solution since I'm necrobumping a thread more than a year old at this point, but I wanted to document what worked for me for the next person (which will probably be me the next time I reinstall proxmox and forget what I had to do to get this working).
 
Really glad I wrote that up since I did end up reinstalling proxmox again. But I ran into more problems.

First, make sure you login as root. ACME configurations don't seem to be available to any other user. Not sure if there is a permission you can add for that, but my regular user who had the Administrator role could not do this.

Second, linode can be RIDICULOUSLY slow to propagate the DNS records.
https://community.letsencrypt.org/t/no-txt-record-found-using-linode-dns-plugin/76403/2

The second post suggests a 15 minute timeout, and the post is from several years ago, so maybe things are better. 2 minutes was working for me before, but then it was flaky for me this time. Changing it to 3 minutes helped at least once. That's what I'm going to use for now. Maybe it's time to look for a different cloud provider.
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back