PVE 7: LE certificate renew fails

thommie

thommie

Member
Proxmox Subscriber
Aug 19, 2019
57
7
13
On PVE 7 I get the following error for the letsencrypt cert renewal (task acmerenewal):

Code: 
root@tokoeka ~ # pvenode acme cert renew
Loading ACME account details
Placing ACME order
Order URL: https://acme-v02.api.letsencrypt.org/acme/order/63630251/35385412630

Getting authorization details from 'https://acme-v02.api.letsencrypt.org/acme/authz-v3/44131491660'
The validation for tokoeka.netzwissen.de is pending!
Setting up webserver
Triggering validation
Sleeping for 5 seconds
Status is still 'pending', trying again in 10 seconds
validating challenge 'https://acme-v02.api.letsencrypt.org/acme/authz-v3/44131491660' failed - status: invalid
Task validating challenge 'https://acme-v02.api.letsencrypt.org/acme/authz-v3/44131491660' failed - status: invalid

I also get

Code: 
root@tokoeka ~ # pvenode acme cert order
400 Parameter verification failed.
force: Custom certificate exists but 'force' is not set.
pvenode acme cert order  [OPTIONS]

The PVE server is online and the current cert is valid until 13 Nov. Any ideas how to debug this on the shell?
 
thommie said:
On PVE 7 I get the following error for the letsencrypt cert renewal (task acmerenewal):

Code: 
root@tokoeka ~ # pvenode acme cert renew
Loading ACME account details
Placing ACME order
Order URL: https://acme-v02.api.letsencrypt.org/acme/order/63630251/35385412630

Getting authorization details from 'https://acme-v02.api.letsencrypt.org/acme/authz-v3/44131491660'
The validation for tokoeka.netzwissen.de is pending!
Setting up webserver
Triggering validation
Sleeping for 5 seconds
Status is still 'pending', trying again in 10 seconds
validating challenge 'https://acme-v02.api.letsencrypt.org/acme/authz-v3/44131491660' failed - status: invalid
Task validating challenge 'https://acme-v02.api.letsencrypt.org/acme/authz-v3/44131491660' failed - status: invalid

I also get

Code: 
root@tokoeka ~ # pvenode acme cert order
400 Parameter verification failed.
force: Custom certificate exists but 'force' is not set.
pvenode acme cert order  [OPTIONS]

The PVE server is online and the current cert is valid until 13 Nov. Any ideas how to debug this on the shell?
Click to expand...
you are better off using a reverse proxy like caddy as it'll make your life easier, i in fact run a caddy in a lxc container and reverse proxy all servers including the pve thro that for SSL

all you need is a Caddyfile with this. Caddy will do the renewal on it own

Code: 
{
    # email to use on Let's Encrypt
    email user@foo.com

    # Uncomment for debug
    debug
    # Uncomment for testing cert with staging
    #acme_ca https://acme-staging-v02.api.letsencrypt.org/directory
}


vm.foo.com {
  reverse_proxy 192.168.11.17:8006  {
    transport http {
        tls
        tls_insecure_skip_verify
    }
    }
}
 
Last edited:
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back