Re: [PATCH datacenter-manager v2 0/4] fix #7179: expose ACME commands inside admin CLI

["Lukas Wagner" <l.wagner@proxmox.com>]

On Tue Feb 3, 2026 at 6:50 PM CET, Shan Shaji wrote:
> Previously, ACME commands were not exposed through the admin CLI.
> Added the necessary functionality to manage ACME settings directly
> via the command line. The changes are done by taking reference from 
> the proxmox-backup codebase. 
>
> The `tasklog_pbs` function in the `proxmox-log` crate has been renamed 
> in the following patch [1]. To test the changes introduced by 
> this series, it must be applied.

I mentioned it in the patch as well, but actually it would be best to
keep it as `tasklog_pbs` for now, so that we can apply these changes
without awaiting the proxmox-log version bump. See the patch for a more
detailed explanation.

>
> **note**: The completions were not working in general. Investigating it
> seperately. 
>
> changes since v1: Thanks @Lukas
> - fixed formating.
> - refactor the input prompt into a seperate method - `read_input`. 
> - defined a new struct ``AcmeRegistrationParams` and update the API
>   method signature to accept only one parameter.
> - used the API `register_account` method instead of using the
>   `proxmox-acme-api::register_account` function. 
> - added `tasklog` layer to capture worker task logs. 
> - added `context` method to preserve the error messages. 
>
> Testing 
> =======
>
> In general i have verified the following commands ie:
> - account (deactivate, info, list, update)
> - certificate (order, revoke)
> - plugin (add, config, list, remove, set)
> - Verified external account binding using google's ACME directory 
>   url and public CA (GTS). 
>
> ### Certifcate Creation 
>
> http-01 challenge:
> -----------------
>
> I have tested the http-01 challenge verification using a test
> pebble server. 
>     
> Steps followed to test the changes:
>
> 1. Installed the changes inside a PDM VM. 
> 2. install Pebble from Let's Encrypt [2] on the same VM:
>
>     cd
>     apt update
>     apt install -y golang git
>     git clone https://github.com/letsencrypt/pebble
>     cd pebble
>     go build ./cmd/pebble
>
>     then, download and trust the Pebble cert:
>
>     wget https://raw.githubusercontent.com/letsencrypt/pebble/main/test/certs/pebble.minica.pem
>     cp pebble.minica.pem /usr/local/share/ca-certificates/pebble.minica.crt
>     update-ca-certificates
>
> 3. We want Pebble to perform HTTP-01 validation against port 80, because
>    PDM's standalone plugin will bind port 80. Set httpPort to 80.
>
>     nano ./test/config/pebble-config.json
>
> 4. Start the Pebble server in the background:
>
>     ./pebble -config ./test/config/pebble-config.json &
>
> 5. Created a Pebble ACME account:
>
>     proxmox-datacenter-manager-admin acme account register default admin@example.com --directory 'https://127.0.0.1:14000/dir'
>
> 6. Added a new ACME domain pdm.proxmox.com with HTTP challenge type. Then
>    ran the following command.

Seems like there is no way to set ACME domains via the CLI? This could
be a good future addition IMO.


Reviewed and (partially) tested these changes, using the HTTP challenge
using pebble. I did not test anything DNS-related.

Most of my suggestions for v3 are rather trivial, so feel free to
include these trailers:

Reviewed-by: Lukas Wagner <l.wagner@proxmox.com>
Tested-by: Lukas Wagner <l.wagner@proxmox.com>