From: Samuel Rufinatscha <s.rufinatscha@proxmox.com>
To: pbs-devel@lists.proxmox.com
Subject: [PATCH proxmox-backup 0/1] fix #7311: bin: init proxmox_acme_api in proxmox-daily-update
Date: Thu, 12 Feb 2026 14:58:28 +0100 [thread overview]
Message-ID: <20260212135829.313029-1-s.rufinatscha@proxmox.com> (raw)
This patch adds the missing proxmox_acme_api::init() call in
proxmox-daily-update, fixing the regression introduced in
4.1.2-1 where certificate renewal fails [0].
Tested by running:
/usr/lib/x86_64-linux-gnu/proxmox-backup/proxmox-daily-update
which now completes successfully without panicking or hanging.
The command was tested against Pebble [1] for both
HTTP-01 and DNS-01 challenge types.
HTTP-01 Challenge Test
(1) make deb, deployed package
(2) installed Pebble on the same VM:
cd
apt update
apt install -y golang git
git clone https://github.com/letsencrypt/pebble
cd pebble
go build ./cmd/pebble
(3) downloaded and trusted the Pebble cert:
wget https://raw.githubusercontent.com/letsencrypt/pebble/main/test/certs/pebble.minica.pem
cp pebble.minica.pem /usr/local/share/ca-certificates/pebble.minica.crt
update-ca-certificates
(4) set httpPort to 80 in Pebble's config so PBS's standalone plugin
can handle HTTP-01 validation on port 80:
nano ./test/config/pebble-config.json
(5) started Pebble:
./pebble -config ./test/config/pebble-config.json &
(6) created an ACME account:
proxmox-backup-manager acme account register default admin@example.com \
--directory 'https://127.0.0.1:14000/dir'
(7) Created a domain (used my host domain name from /etc/hosts) and ordered
the certificate via proxmox-daily-update.
DNS-01 Challenge Test
Same VM setup as above, additionally:
(1) build and start the challenge test server:
go build ./cmd/pebble-challtestsrv
./pebble-challtestsrv -http01 "" -https01 "" -tlsalpn01 "" \
-dns01 :8053 -defaultIPv4 127.0.0.1 &
(2) start Pebble with DNS resolver pointing at the challenge test
server:
./pebble -config ./test/config/pebble-config.json \
-dnsserver 127.0.0.1:8053 &
(3) create and registered a custom DNS plugin script at
/usr/share/proxmox-acme/dnsapi/dns_pebble.sh.
(4) created an ACME account, changed challenge type of existing domain
to DNS and order the certificate via proxmox-daily-update.
Note: Pebble does not persist account info across restarts. On reboot,
remove the old account from /etc/proxmox-backup/acme/accounts and
create a new one.
*Maintainer notes*
- this fix requires a version bump
[0] https://bugzilla.proxmox.com/show_bug.cgi?id=7311
[1] https://github.com/letsencrypt/pebble
Samuel Rufinatscha (1):
fix #7311: bin: init proxmox_acme_api in proxmox-daily-update
src/bin/proxmox-daily-update.rs | 3 +++
1 file changed, 3 insertions(+)
--
2.47.3
next reply other threads:[~2026-02-12 13:57 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-02-12 13:58 Samuel Rufinatscha [this message]
2026-02-12 13:58 ` [PATCH proxmox-backup 1/1] " Samuel Rufinatscha
2026-02-12 14:37 ` applied: [PATCH proxmox-backup 0/1] " Fabian Grünbichler
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260212135829.313029-1-s.rufinatscha@proxmox.com \
--to=s.rufinatscha@proxmox.com \
--cc=pbs-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.