pvenode ACME

rlovelett

New Member
Feb 14, 2021
4
0
1
36
I am trying to work with the ACME account and certificates in Proxmox VE.

Unfortunately, when I try and do actions like pvenode acme account register second <email> or pvenode acme account deactivate default. The command fails with:

Code:
error during cfs-locked 'acme-second' operation: Registration failed: Error: GET to https://acme-v02.api.letsencrypt.org/directory got lock timeout - aborting command
Task error during cfs-locked 'acme-second' operation: Registration failed: Error: GET to https://acme-v02.api.letsencrypt.org/directory got lock timeout - aborting command

I would like to try and debug it further but this is a bit opaque to me. Is there a way to increase log verbosity or logs in other places? Heck, is there a way to just reset the whole ACME stuff back to vanilla and start from scratch? Either will work for me.

Thank you for your time reading this.
 

fabian

Proxmox Staff Member
Staff member
Jan 7, 2016
5,489
904
163
the get request to the ACME directory blocked, which caused the whole operation to run into a timeout. some network problem?
 

rlovelett

New Member
Feb 14, 2021
4
0
1
36
the get request to the ACME directory blocked, which caused the whole operation to run into a timeout. some network problem?

Bash:
# curl -I https://acme-v02.api.letsencrypt.org/directory
HTTP/2 200
server: nginx
date: Mon, 15 Feb 2021 13:36:21 GMT
content-type: application/json
content-length: 658
cache-control: public, max-age=0, no-cache
replay-nonce: 0104cpQyyC070fhhCXeGGjiL46q2B58VL70j1HDj7e1pAPc
x-frame-options: DENY
strict-transport-security: max-age=604800

I can get to it from the root shell. So I do not think it is a network problem, unless the pvenode utility uses some other network stack.
 

fabian

Proxmox Staff Member
Staff member
Jan 7, 2016
5,489
904
163
is there any other output by the pvenode command? could you also include your pveversion -v output?
 

rlovelett

New Member
Feb 14, 2021
4
0
1
36
is there any other output by the pvenode command? could you also include your pveversion -v output?

Unfortunately there is no other output by the pvenode command.

Code:
proxmox-ve: 6.3-1 (running kernel: 5.4.78-2-pve)
pve-manager: 6.3-3 (running version: 6.3-3/eee5f901)
pve-kernel-5.4: 6.3-3
pve-kernel-helper: 6.3-3
pve-kernel-5.4.78-2-pve: 5.4.78-2
pve-kernel-5.4.73-1-pve: 5.4.73-1
pve-kernel-5.4.60-1-pve: 5.4.60-2
pve-kernel-5.4.34-1-pve: 5.4.34-2
ceph-fuse: 12.2.11+dfsg1-2.1+b1
corosync: 3.1.0-pve1
criu: 3.11-3
glusterfs-client: 5.5-3
ifupdown: 0.8.35+pve1
ksm-control-daemon: 1.3-1
libjs-extjs: 6.0.1-10
libknet1: 1.20-pve1
libproxmox-acme-perl: 1.0.7
libproxmox-backup-qemu0: 1.0.2-1
libpve-access-control: 6.1-3
libpve-apiclient-perl: 3.1-3
libpve-common-perl: 6.3-2
libpve-guest-common-perl: 3.1-4
libpve-http-server-perl: 3.1-1
libpve-storage-perl: 6.3-5
libqb0: 1.0.5-1
libspice-server1: 0.14.2-4~pve6+1
lvm2: 2.03.02-pve4
lxc-pve: 4.0.6-2
lxcfs: 4.0.6-pve1
novnc-pve: 1.1.0-1
proxmox-backup-client: 1.0.8-1
proxmox-mini-journalreader: 1.1-1
proxmox-widget-toolkit: 2.4-4
pve-cluster: 6.2-1
pve-container: 3.3-3
pve-docs: 6.3-1
pve-edk2-firmware: 2.20200531-1
pve-firewall: 4.1-3
pve-firmware: 3.1-3
pve-ha-manager: 3.1-1
pve-i18n: 2.2-2
pve-qemu-kvm: 5.1.0-8
pve-xtermjs: 4.7.0-3
qemu-server: 6.3-4
smartmontools: 7.1-pve2
spiceterm: 3.1-1
vncterm: 1.6-2
zfsutils-linux: 0.8.5-pve1
 

rlovelett

New Member
Feb 14, 2021
4
0
1
36
Hi, rlovelett
Same problem here since last night.
Did you get any fix or explanation?

I do not have a fix, yet. However, I think I am close. So _I think_ what has happened is that my Route53 credentials went bad. Which caused my account to be locked (I think Proxmox was in some sort of checking loop and eventually locked my account with Let's Encrypt).

Where that let me to was going to /etc/pve/priv/acme/ and renaming it. This stopped the feedback loop and my account is no longer "locked". Still no certificates but I think I am passed that error.
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE and Proxmox Mail Gateway. We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get your own in 60 seconds.

Buy now!