From: Wolfgang Bumiller <w.bumiller@proxmox.com>
To: "Dominic Jäger" <d.jaeger@proxmox.com>,
"Proxmox Backup Server development discussion"
<pbs-devel@lists.proxmox.com>
Subject: Re: [pbs-devel] [RFC backup 00/23] Implements ACME suport for PBS
Date: Tue, 20 Apr 2021 12:53:11 +0200 (CEST) [thread overview]
Message-ID: <137355824.4295.1618915991154@webmail.proxmox.com> (raw)
> On 04/20/2021 12:27 PM Dominic Jäger <d.jaeger@proxmox.com> wrote:
>
>
> Creating the first account gives missing directory
should be an easy fix
> > TASK ERROR: failed to open "/etc/proxmox-backup/acme/accounts/test" for
> > writing: No such file or directory (os error 2)
> After manually adding it, the HTTP Challenged worked for me.
>
> In the Window "Add: ACME DNS Plugin" choosing (or writing) something in the
> dropdown menu DNS API is not possible with only the PBS repositories
> configured. It is necessary to install libproxmox-acme-perl from PVE
> repositories in addition.
Yeah we should turn the proxmox-acme repo into a split package and have the acme.sh
wrapper separate so we can depend/suggest that without pulling in the perl code.
>
> Deleting a certificate shows a confirmation dialog with a truncated message:
> "Are you sure you want to remove the certificate used for"
That'll need some fixing in the widget toolkit.
>
> In the window "Register Account" the textfield "Account Name" has the empty
> text "default". As far as I know, we use empty texts for real default values.
> So this should be removed and get a validator (already in the GUI) instead.
GUI specifics aren't really in scope of this series as this just reuses the existing components.
So this should be handled separately.
> But the API rejects correctly: "parameter verification errors parameter 'name':
> parameter is missing and it is not optional."
>
> Registering accounts for both staging and production works. Ordering
> certificates with HTTP challenge generally works for both, too. A few times
> the HTTP challenge required a manual retry. Maybe we could do something like
> increasing timeouts?
Not sure why that happens, would need to investigate more. But yeah it's possible
that setup/teardown are racing against the request, need to recheck the code.
> I couldn't set up PowerDNS yet & my domains were not fast enough, so finishing
> the DNS challenge testing remains todo.
>
> Tested-by: Dominic Jäger <d.jaeger@proxmox.com>
next reply other threads:[~2021-04-20 10:54 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-04-20 10:53 Wolfgang Bumiller [this message]
2021-04-21 11:56 ` Dominic Jäger
2021-04-21 12:19 ` Wolfgang Bumiller
-- strict thread matches above, loose matches on Subject: below --
2021-04-16 13:34 Wolfgang Bumiller
2021-04-20 10:27 ` Dominic Jäger
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=137355824.4295.1618915991154@webmail.proxmox.com \
--to=w.bumiller@proxmox.com \
--cc=d.jaeger@proxmox.com \
--cc=pbs-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox