From: Wolfgang Bumiller <w.bumiller@proxmox.com>
To: "Dominic Jäger" <d.jaeger@proxmox.com>,
"Proxmox Backup Server development discussion"
<pbs-devel@lists.proxmox.com>
Subject: Re: [pbs-devel] [RFC backup 00/23] Implements ACME suport for PBS
Date: Tue, 20 Apr 2021 12:53:11 +0200 (CEST) [thread overview]
Message-ID: <137355824.4295.1618915991154@webmail.proxmox.com> (raw)
> On 04/20/2021 12:27 PM Dominic Jäger <d.jaeger@proxmox.com> wrote:
>
>
> Creating the first account gives missing directory
should be an easy fix
> > TASK ERROR: failed to open "/etc/proxmox-backup/acme/accounts/test" for
> > writing: No such file or directory (os error 2)
> After manually adding it, the HTTP Challenged worked for me.
>
> In the Window "Add: ACME DNS Plugin" choosing (or writing) something in the
> dropdown menu DNS API is not possible with only the PBS repositories
> configured. It is necessary to install libproxmox-acme-perl from PVE
> repositories in addition.
Yeah we should turn the proxmox-acme repo into a split package and have the acme.sh
wrapper separate so we can depend/suggest that without pulling in the perl code.
>
> Deleting a certificate shows a confirmation dialog with a truncated message:
> "Are you sure you want to remove the certificate used for"
That'll need some fixing in the widget toolkit.
>
> In the window "Register Account" the textfield "Account Name" has the empty
> text "default". As far as I know, we use empty texts for real default values.
> So this should be removed and get a validator (already in the GUI) instead.
GUI specifics aren't really in scope of this series as this just reuses the existing components.
So this should be handled separately.
> But the API rejects correctly: "parameter verification errors parameter 'name':
> parameter is missing and it is not optional."
>
> Registering accounts for both staging and production works. Ordering
> certificates with HTTP challenge generally works for both, too. A few times
> the HTTP challenge required a manual retry. Maybe we could do something like
> increasing timeouts?
Not sure why that happens, would need to investigate more. But yeah it's possible
that setup/teardown are racing against the request, need to recheck the code.
> I couldn't set up PowerDNS yet & my domains were not fast enough, so finishing
> the DNS challenge testing remains todo.
>
> Tested-by: Dominic Jäger <d.jaeger@proxmox.com>
next reply other threads:[~2021-04-20 10:54 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-04-20 10:53 Wolfgang Bumiller [this message]
2021-04-21 11:56 ` Dominic Jäger
2021-04-21 12:19 ` Wolfgang Bumiller
-- strict thread matches above, loose matches on Subject: below --
2021-04-16 13:34 Wolfgang Bumiller
2021-04-20 10:27 ` Dominic Jäger
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=137355824.4295.1618915991154@webmail.proxmox.com \
--to=w.bumiller@proxmox.com \
--cc=d.jaeger@proxmox.com \
--cc=pbs-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.