SSL trusted certificates doesn't show up on GUI

P

pardub

Member
Oct 7, 2019
23
3
23
Good morning,

I requested SSL certificates through ACME for non staging environment but the GUI still display the "non trusted certificates".

I used the documentation in https://pve.proxmox.com/pve-docs/pve-admin-guide.html#sysadmin_certificate_management

There are some outputs below to give you an overview :

Bash: 
oot@ns300000:~# pvenode acme account deactivate default
Renaming account file from '/etc/pve/priv/acme/default' to '/etc/pve/priv/acme/_deactivated_default_1'
Task OK
root@ns300000:~# cd /etc/pve/priv/acme/
total 2.0K
-rw------- 1 root www-data 4.5K Oct 14 09:04 _deactivated_default_0
-rw------- 1 root www-data 4.5K Oct 15 07:12 _deactivated_default_1
root@ns300000:/etc/pve/priv/acme# rm _deactivated_default_0 _deactivated_default_1
rm: remove regular file '_deactivated_default_0'? y
rm: remove regular file '_deactivated_default_1'? y
root@ns300000:/etc/pve/priv/acme# ll
total 0
root@ns300000:/etc/pve/priv/acme# pvenode acme account register default test8888@gmail.com
Directory endpoints:
0) Let's Encrypt V2 (https://acme-v02.api.letsencrypt.org/directory)
1) Let's Encrypt V2 Staging (https://acme-staging-v02.api.letsencrypt.org/directory)
2) Custom
Enter selection:
0

Attempting to fetch Terms of Service from 'https://acme-v02.api.letsencrypt.org/directory'..
Terms of Service: https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf
Do you agree to the above terms? [y|N]y

Attempting to register account with 'https://acme-v02.api.letsencrypt.org/directory'..
Generating ACME account key..
Registering ACME account..
Registration successful, account URL: 'https://acme-v02.api.letsencrypt.org/acme/acct/69423589'
Task OK
root@ns300000:/etc/pve/priv/acme# systemctl restart pveproxy


Bash: 
root@300000:~# pvenode acme account list
default
root@300000:~# systemctl restart pveproxy

Thank you
 
you still need to create a new certificate after registering with the production endpoint..
 
So,I have to proceed again the process in https://pve.proxmox.com/pve-docs/pve-admin-guide.html#sysadmin_certificate_management in the part called "Example: Sample pvenode invocation for using Let’s Encrypt certificates " ?

HTML: 
root@proxmox:~# pvenode acme account register default mail@example.invalid
Directory endpoints:
0) Let's Encrypt V2 (https://acme-v02.api.letsencrypt.org/directory)
1) Let's Encrypt V2 Staging (https://acme-staging-v02.api.letsencrypt.org/directory)
2) Custom
Enter selection:
1

Attempting to fetch Terms of Service from 'https://acme-staging-v02.api.letsencrypt.org/directory'..
Terms of Service: https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf
Do you agree to the above terms? [y|N]y

Attempting to register account with 'https://acme-staging-v02.api.letsencrypt.org/directory'..
Generating ACME account key..
Registering ACME account..
Registration successful, account URL: 'https://acme-staging-v02.api.letsencrypt.org/acme/acct/xxxxxxx'
Task OK
root@proxmox:~# pvenode acme account list
default
root@proxmox:~# pvenode config set --acme domains=example.invalid
root@proxmox:~# pvenode acme cert order
Loading ACME account details
Placing ACME order
Order URL: https://acme-staging-v02.api.letsencrypt.org/acme/order/xxxxxxxxxxxxxx

Getting authorization details from
'https://acme-staging-v02.api.letsencrypt.org/acme/authz/xxxxxxxxxxxxxxxxxxxxx-xxxxxxxxxxxxx-xxxxxxx'
... pending!
Setting up webserver
Triggering validation
Sleeping for 5 seconds
Status is 'valid'!

All domains validated!

Creating CSR
Finalizing order
Checking order status
valid!

Downloading certificate
Setting pveproxy certificate and key
Restarting pveproxy
Task OK
 
no. you just registered with the staging endpoint again, and then requested a certificate. if you want a certificate from the production endpoint, you need to have and use an account there, and then request a certificate.
 
When you say "you need to have and use an account there, " which account are you referring to?
 
an account with Let's Encrypt? just do the steps to switch to the trusted/production directory as given in the documentation, and then order a certificate (using the GUI, or using 'pvenode') without switching back to the untrusted/staging directory.
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back