From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id 79F3474DDE for ; Tue, 20 Apr 2021 12:54:04 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 62DA221ED7 for ; Tue, 20 Apr 2021 12:53:34 +0200 (CEST) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [212.186.127.180]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS id 3823721ECD for ; Tue, 20 Apr 2021 12:53:33 +0200 (CEST) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id EF646425CC for ; Tue, 20 Apr 2021 12:53:32 +0200 (CEST) Date: Tue, 20 Apr 2021 12:53:11 +0200 (CEST) From: Wolfgang Bumiller To: =?UTF-8?Q?Dominic_J=C3=A4ger?= , Proxmox Backup Server development discussion Message-ID: <137355824.4295.1618915991154@webmail.proxmox.com> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Priority: 3 Importance: Normal X-Mailer: Open-Xchange Mailer v7.10.5-Rev5 X-Originating-Client: open-xchange-appsuite X-SPAM-LEVEL: Spam detection results: 0 AWL 0.032 Adjusted score from AWL reputation of From: address KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment RCVD_IN_DNSWL_MED -2.3 Sender listed at https://www.dnswl.org/, medium trust SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [acme.sh] Subject: Re: [pbs-devel] [RFC backup 00/23] Implements ACME suport for PBS X-BeenThere: pbs-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox Backup Server development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Apr 2021 10:54:04 -0000 > On 04/20/2021 12:27 PM Dominic J=C3=A4ger wrote: >=20 > =20 > Creating the first account gives missing directory should be an easy fix > > TASK ERROR: failed to open "/etc/proxmox-backup/acme/accounts/test" for > > writing: No such file or directory (os error 2) > After manually adding it, the HTTP Challenged worked for me. >=20 > In the Window "Add: ACME DNS Plugin" choosing (or writing) something in t= he > dropdown menu DNS API is not possible with only the PBS repositories > configured. It is necessary to install libproxmox-acme-perl from PVE > repositories in addition. Yeah we should turn the proxmox-acme repo into a split package and have the= acme.sh wrapper separate so we can depend/suggest that without pulling in the perl = code. >=20 > Deleting a certificate shows a confirmation dialog with a truncated messa= ge: > "Are you sure you want to remove the certificate used for" That'll need some fixing in the widget toolkit. >=20 > In the window "Register Account" the textfield "Account Name" has the emp= ty > text "default". As far as I know, we use empty texts for real default va= lues. > So this should be removed and get a validator (already in the GUI) instea= d. GUI specifics aren't really in scope of this series as this just reuses the= existing components. So this should be handled separately. > But the API rejects correctly: "parameter verification errors parameter '= name': > parameter is missing and it is not optional." >=20 > Registering accounts for both staging and production works. Ordering > certificates with HTTP challenge generally works for both, too. A few ti= mes > the HTTP challenge required a manual retry. Maybe we could do something l= ike > increasing timeouts? Not sure why that happens, would need to investigate more. But yeah it's po= ssible that setup/teardown are racing against the request, need to recheck the cod= e. > I couldn't set up PowerDNS yet & my domains were not fast enough, so fini= shing > the DNS challenge testing remains todo. >=20 > Tested-by: Dominic J=C3=A4ger