Hi
Bit of background first:
i have created a new PVE Server (8.2.4), the server is sitting within IANA reserved address space (i.e. 192.168.x.x) and goes through NAT to get out to the internet.
I am trying to configure the Certificate configuration to acquire a legitimate certificate via Lets Encrypt, since the server is not exposed to the internet I am using the ACME DNS Plugin to interact with my DNS Registrar (NAME.COM).
I have my user name and API Key set up, I have whitelisted the public IP of my NAT gateway with NAME.COM. I know the credentials are good as I can acquire certificates on another machine (beyond the gateway) using the DNS plugin.
What happens:
When I 'order' a certificate from the Proxmox UI (or even from the CLI using the pvenode command), I simple get the error:
What I have tried/verified:
I set up the 'legitimate' acme.sh script on the proxmox server using the "curl https://get.acme.sh | sh -s email=my@example.com" command. I entered the necessary credentials for NAME.COM into the accounts.conf file (basically copying the details from the "api" box).
Running the actual acme.sh script acquires a certificate as I would expect.
Since I'm running the actual acme.sh script from the server (and it will be going out through the NAT gateway like all other traffic from the server) and it all works then I can conclude that there is nothing wrong with the credentials, the api key is good, the IP whitelisting is good and generally the NAME.COM set up is good....
Also manually used curl to connect to NAME.COM with my API credentials:
And as expected that returned a JSON file with a list of the domains I have registered with NAME.COM
Question
Is the Proxmox version of the acme script for the DNS plugin (especially for NAME.COM) simply [known to be] broken or am I missing some esoteric configuration setting?
Thanks in advance for any info
Bit of background first:
i have created a new PVE Server (8.2.4), the server is sitting within IANA reserved address space (i.e. 192.168.x.x) and goes through NAT to get out to the internet.
I am trying to configure the Certificate configuration to acquire a legitimate certificate via Lets Encrypt, since the server is not exposed to the internet I am using the ACME DNS Plugin to interact with my DNS Registrar (NAME.COM).
I have my user name and API Key set up, I have whitelisted the public IP of my NAT gateway with NAME.COM. I know the credentials are good as I can acquire certificates on another machine (beyond the gateway) using the DNS plugin.
What happens:
When I 'order' a certificate from the Proxmox UI (or even from the CLI using the pvenode command), I simple get the error:
Code:
[Tue Aug 13 09:41:52 BST 2024] {"message":"Permission Denied"}
[Tue Aug 13 09:41:52 BST 2024] Please add your ip to api whitelist
[Tue Aug 13 09:41:52 BST 2024] Logging in failed.What I have tried/verified:
I set up the 'legitimate' acme.sh script on the proxmox server using the "curl https://get.acme.sh | sh -s email=my@example.com" command. I entered the necessary credentials for NAME.COM into the accounts.conf file (basically copying the details from the "api" box).
Running the actual acme.sh script acquires a certificate as I would expect.
Since I'm running the actual acme.sh script from the server (and it will be going out through the NAT gateway like all other traffic from the server) and it all works then I can conclude that there is nothing wrong with the credentials, the api key is good, the IP whitelisting is good and generally the NAME.COM set up is good....
Also manually used curl to connect to NAME.COM with my API credentials:
Code:
curl -u 'NNNNNNNN:XXXXXXXXXXXXXXXXXXXXXXXX' 'https://api.name.com/v4/domains'And as expected that returned a JSON file with a list of the domains I have registered with NAME.COM
Question
Is the Proxmox version of the acme script for the DNS plugin (especially for NAME.COM) simply [known to be] broken or am I missing some esoteric configuration setting?
Thanks in advance for any info
Last edited: