* [PVE-User] Trouble with LetsEncrypt/acme-dns in pve 7.3-4
@ 2023-01-03 12:34 Martin Dziobek
2023-01-03 13:43 ` Martin Dziobek
0 siblings, 1 reply; 4+ messages in thread
From: Martin Dziobek @ 2023-01-03 12:34 UTC (permalink / raw)
To: pve-user
Howdy, list members !
The situation:
I have a proxmox host (say ptest) running pve 7.3-3,
and one (say pprod) running 7.3-4
On ptest, getting Letsencrypt certificates with the acme-dns plugin
and our internal acme-dns server works fine.
Trying the same config on pprod (for the first time with LE) fails with
"invalid response of acme-dns"
Investigation:
/etc/pve/.version:
ptest shows "priv/acme/plugins.cfg": 2,
pprod shows "priv/acme/plugins.cfg": 3,
The handler scripts in
/usr/share/proxmox-acme/dnsapi/dns_acmedns.sh
have lots of differences for that reason.
The GUI dialog at Datacenter->ACME for configuring
Challenge plugins (type acme-dns), however, do show
*exactly the same predefined fields* on pprod and ptest,
namely "ACMEDNS_UPDATE_URL".
Unfortunately, "ACMEDNS_UPDATE_URL" has been
dropped in the latest versions of acme.sh
(and in the handler scripts v.3)
In v.3 , this is now all based on ACMEDNS_BASE_URL,
but the change has obviously not been reflected to
the GUI dialog.
Would you proxmox guys kindly mind to fix this ?
Best regards,
Martin
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PVE-User] Trouble with LetsEncrypt/acme-dns in pve 7.3-4
2023-01-03 12:34 [PVE-User] Trouble with LetsEncrypt/acme-dns in pve 7.3-4 Martin Dziobek
@ 2023-01-03 13:43 ` Martin Dziobek
2023-01-03 14:03 ` [PVE-User] Trouble with LetsEncrypt/acme-dns in pve 7.3-4 - FIXED Martin Dziobek
0 siblings, 1 reply; 4+ messages in thread
From: Martin Dziobek @ 2023-01-03 13:43 UTC (permalink / raw)
To: pve-user
Update:
I've been able to get those certificates on pprod by hard-coding
the ACMEDNS_BASE_URL of our internal acme-dns-Server into
/usr/share/proxmox-acme/dnsapi/dns_acmedns.sh
but needless to say that is only a POC, not a fix.
Best regards,
Martin
On Tue, 3 Jan 2023 13:34:58 +0100
Martin Dziobek <dziobek@hlrs.de> wrote:
> Howdy, list members !
>
> The situation:
> I have a proxmox host (say ptest) running pve 7.3-3,
> and one (say pprod) running 7.3-4
>
> On ptest, getting Letsencrypt certificates with the acme-dns plugin
> and our internal acme-dns server works fine.
>
> Trying the same config on pprod (for the first time with LE) fails with
> "invalid response of acme-dns"
>
> Investigation:
> /etc/pve/.version:
> ptest shows "priv/acme/plugins.cfg": 2,
> pprod shows "priv/acme/plugins.cfg": 3,
>
> The handler scripts in
> /usr/share/proxmox-acme/dnsapi/dns_acmedns.sh
> have lots of differences for that reason.
>
> The GUI dialog at Datacenter->ACME for configuring
> Challenge plugins (type acme-dns), however, do show
> *exactly the same predefined fields* on pprod and ptest,
> namely "ACMEDNS_UPDATE_URL".
>
> Unfortunately, "ACMEDNS_UPDATE_URL" has been
> dropped in the latest versions of acme.sh
> (and in the handler scripts v.3)
> In v.3 , this is now all based on ACMEDNS_BASE_URL,
> but the change has obviously not been reflected to
> the GUI dialog.
>
> Would you proxmox guys kindly mind to fix this ?
>
> Best regards,
> Martin
>
>
> _______________________________________________
> pve-user mailing list
> pve-user@lists.proxmox.com
> https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-user
>
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PVE-User] Trouble with LetsEncrypt/acme-dns in pve 7.3-4 - FIXED
2023-01-03 13:43 ` Martin Dziobek
@ 2023-01-03 14:03 ` Martin Dziobek
2023-01-06 10:15 ` Thomas Lamprecht
0 siblings, 1 reply; 4+ messages in thread
From: Martin Dziobek @ 2023-01-03 14:03 UTC (permalink / raw)
To: pve-user
Ok - here is the fix:
in /usr/share/proxmox-acme/dns-challenge-schema.json:
diff dns-challenge-schema.json dns-challenge-schema.json_save:
13,14c13,14
< "ACMEDNS_BASE_URL" : {
< "description" : "The API base url",
---
> "ACMEDNS_UPDATE_URL" : {
> "description" : "The API update endpoint",
Then restart pveproxy.
Works.
Best regards,
Martin
On Tue, 3 Jan 2023 14:43:08 +0100
Martin Dziobek <dziobek@hlrs.de> wrote:
> Update:
>
> I've been able to get those certificates on pprod by hard-coding
> the ACMEDNS_BASE_URL of our internal acme-dns-Server into
> /usr/share/proxmox-acme/dnsapi/dns_acmedns.sh
>
> but needless to say that is only a POC, not a fix.
>
> Best regards,
> Martin
>
>
> On Tue, 3 Jan 2023 13:34:58 +0100
> Martin Dziobek <dziobek@hlrs.de> wrote:
>
> > Howdy, list members !
> >
> > The situation:
> > I have a proxmox host (say ptest) running pve 7.3-3,
> > and one (say pprod) running 7.3-4
> >
> > On ptest, getting Letsencrypt certificates with the acme-dns plugin
> > and our internal acme-dns server works fine.
> >
> > Trying the same config on pprod (for the first time with LE) fails with
> > "invalid response of acme-dns"
> >
> > Investigation:
> > /etc/pve/.version:
> > ptest shows "priv/acme/plugins.cfg": 2,
> > pprod shows "priv/acme/plugins.cfg": 3,
> >
> > The handler scripts in
> > /usr/share/proxmox-acme/dnsapi/dns_acmedns.sh
> > have lots of differences for that reason.
> >
> > The GUI dialog at Datacenter->ACME for configuring
> > Challenge plugins (type acme-dns), however, do show
> > *exactly the same predefined fields* on pprod and ptest,
> > namely "ACMEDNS_UPDATE_URL".
> >
> > Unfortunately, "ACMEDNS_UPDATE_URL" has been
> > dropped in the latest versions of acme.sh
> > (and in the handler scripts v.3)
> > In v.3 , this is now all based on ACMEDNS_BASE_URL,
> > but the change has obviously not been reflected to
> > the GUI dialog.
> >
> > Would you proxmox guys kindly mind to fix this ?
> >
> > Best regards,
> > Martin
> >
> >
> > _______________________________________________
> > pve-user mailing list
> > pve-user@lists.proxmox.com
> > https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-user
> >
>
> _______________________________________________
> pve-user mailing list
> pve-user@lists.proxmox.com
> https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-user
>
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PVE-User] Trouble with LetsEncrypt/acme-dns in pve 7.3-4 - FIXED
2023-01-03 14:03 ` [PVE-User] Trouble with LetsEncrypt/acme-dns in pve 7.3-4 - FIXED Martin Dziobek
@ 2023-01-06 10:15 ` Thomas Lamprecht
0 siblings, 0 replies; 4+ messages in thread
From: Thomas Lamprecht @ 2023-01-06 10:15 UTC (permalink / raw)
To: Proxmox VE user list, Martin Dziobek
Hi!
Am 03/01/2023 um 15:03 schrieb Martin Dziobek:
> Ok - here is the fix:
much thanks for your report and even proposing a fix, appreciated!
>
> in /usr/share/proxmox-acme/dns-challenge-schema.json:
>
> diff dns-challenge-schema.json dns-challenge-schema.json_save:
fyi, using the -u and -p param (can be combined as -up) makes the diff output more
like the git default, also putting original file first and the modified second is
more common and thus a bit easier to understand.
> 13,14c13,14
> < "ACMEDNS_BASE_URL" : {
> < "description" : "The API base url",
> ---
>> "ACMEDNS_UPDATE_URL" : {
>> "description" : "The API update endpoint",
>
> Then restart pveproxy.
> Works.
Applied the change to git so that its fixed again with the next proxmox-acme package
version bump:
https://git.proxmox.com/?p=proxmox-acme.git;a=commitdiff;h=963319d031d43bbdc5dd78414852989eb9e9e40f
- Thomas
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2023-01-06 10:15 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-01-03 12:34 [PVE-User] Trouble with LetsEncrypt/acme-dns in pve 7.3-4 Martin Dziobek
2023-01-03 13:43 ` Martin Dziobek
2023-01-03 14:03 ` [PVE-User] Trouble with LetsEncrypt/acme-dns in pve 7.3-4 - FIXED Martin Dziobek
2023-01-06 10:15 ` Thomas Lamprecht
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.
Service provided by Proxmox Server Solutions GmbH | Privacy | Legal