Using an Internal ACME Provider?

[daffster]

We have built an internal ACME CA using step-ca to provision certificates using our own Root CA.

None of our servers are exposed to the internet, and us an internal domain so we can't use one of the acme.sh DNS plugins either.

Is there a way to point proxmox at our internal ACME CA instead of Letsencrypt?

EDIT:
Figured it out... Use the CLI to do it.

# pvenode acme account register default user@internaldomain
Directory endpoints:
0) Let's Encrypt V2 (https://acme-v02.api.letsencrypt.org/directory)
1) Let's Encrypt V2 Staging (https://acme-staging-v02.api.letsencrypt.org/directory)
2) Custom
Enter selection: 2
Enter custom URL: https://acme.internaldomain/acme/acme/directory

 

[jackb]

Thanks for sharing this, exactly what I was looking for

 

[maxim.webster]

How did you install Step CA‘s root certificate on the PVE host? Otherwise it refuses to connect to the ACME service using HTTPS.

 

[jackb]

My approach was to install the Step CLI on the PVE node:

cd /tmp
wget https://dl.smallstep.com/cli/docs-cli-install/latest/step-cli_amd64.deb
dpkg -I /tmp/step-cli_amd64.deb

Then you can run:

# Bootstrap the Root and Intermediate
step ca bootstrap --ca-url https://step-ca.yourdomain.local --fingerprint {insert your CA Cert fingerprint here} --install

 

[LnxBil]

How did you install Step CA‘s root certificate on the PVE host? Otherwise it refuses to connect to the ACME service using HTTPS.

The Debian (and also RHEL, Alpine, probably more) way is to drop the root ca into /usr/local/share/ca-certificates and run update-certificates