Hello all:
As I rebuilt my Proxmox cluster from scratch, I attempted to configure ACME certificates for the first time.
I had no issues and got all (3) nodes working initially.
The following day, I could not log into nodes 2 and 3 via the UI but could via SSH.
The only change was that the ACME certificates were updated overnight (they have a 24-hour lifecycle).
I couldn't figure out what was happening, so I re-installed VE from scratch.
This time, I configured ACME before creating the cluster (I configured it after forming the cluster in the previous install).
After forming the cluster, I could again not log into the UI on nodes 2 and 3.
From the cluster's UI on node1, I saw that nodes 2 and 3 did not have the ACME certificate listed under Node -> System -> Certificates.
I placed another ACME order and could log into nodes 2 & 3 without issue.
Is there an order to onboard ACME certificates in a Proxmox VE cluster?
I am looking for clarity so that I can be rest assured that my documentation and environment are correct.
Here is the process I took on each node:
Please advise on what I am doing wrong here.
Thank you!
As I rebuilt my Proxmox cluster from scratch, I attempted to configure ACME certificates for the first time.
I had no issues and got all (3) nodes working initially.
The following day, I could not log into nodes 2 and 3 via the UI but could via SSH.
The only change was that the ACME certificates were updated overnight (they have a 24-hour lifecycle).
I couldn't figure out what was happening, so I re-installed VE from scratch.
This time, I configured ACME before creating the cluster (I configured it after forming the cluster in the previous install).
After forming the cluster, I could again not log into the UI on nodes 2 and 3.
From the cluster's UI on node1, I saw that nodes 2 and 3 did not have the ACME certificate listed under Node -> System -> Certificates.
I placed another ACME order and could log into nodes 2 & 3 without issue.
Is there an order to onboard ACME certificates in a Proxmox VE cluster?
I am looking for clarity so that I can be rest assured that my documentation and environment are correct.
Here is the process I took on each node:
Bash:
# Import ACME root certificate into the node's truststore
curl -k https://<acme-server-fqdn>/roots.pem -o /usr/local/share/ca-certificates/root_ca.crt
update-ca-certificates
# Register with the ACME server
pvenode acme account register default <email@tld> \
--directory https://<acme-server-fqdn>/acme/acme/directory
# Set the domain for the acme challenge
pvenode config set --acme domains=$HOSTNAME.<node-fqdn>
# Order a certificate
pvenode acme cert orderPlease advise on what I am doing wrong here.
Thank you!
Last edited: