Re: [pbs-devel] [PATCH proxmox-backup v5 3/5] acme: drop local AcmeClient

From: "Fabian Grünbichler" <f.gruenbichler@proxmox.com>
To: Proxmox Backup Server development discussion
	<pbs-devel@lists.proxmox.com>
Subject: Re: [pbs-devel] [PATCH proxmox-backup v5 3/5] acme: drop local AcmeClient
Date: Tue, 13 Jan 2026 14:45:28 +0100	[thread overview]
Message-ID: <1768309690.hexc19ahy5.astroid@yuna.none> (raw)
In-Reply-To: <20260108112629.189670-8-s.rufinatscha@proxmox.com>

On January 8, 2026 12:26 pm, Samuel Rufinatscha wrote:
> PBS currently uses its own ACME client and API logic, while PDM uses the
> factored out proxmox-acme and proxmox-acme-api crates. This duplication
> risks differences in behaviour and requires ACME maintenance in two
> places. This patch is part of a series to move PBS over to the shared
> ACME stack.
> 
> Changes:
> - Remove the local src/acme/client.rs and switch to
> proxmox_acme::async_client::AcmeClient where needed.
> - Use proxmox_acme_api::load_client_with_account to the custom
> AcmeClient::load() function
> - Replace the local do_register() logic with
> proxmox_acme_api::register_account, to further ensure accounts are persisted
> - Replace the local AcmeAccountName type, required for
> proxmox_acme_api::register_account
> 
> Signed-off-by: Samuel Rufinatscha <s.rufinatscha@proxmox.com>
> ---
>  src/acme/client.rs                     | 691 -------------------------
>  src/acme/mod.rs                        |   3 -
>  src/acme/plugin.rs                     |   2 +-
>  src/api2/config/acme.rs                |  50 +-
>  src/api2/node/certificates.rs          |   2 +-
>  src/api2/types/acme.rs                 |   8 -
>  src/bin/proxmox_backup_manager/acme.rs |  17 +-
>  src/config/acme/mod.rs                 |   8 +-
>  src/config/node.rs                     |   9 +-
>  9 files changed, 36 insertions(+), 754 deletions(-)
>  delete mode 100644 src/acme/client.rs
> 

[..]

> diff --git a/src/config/acme/mod.rs b/src/config/acme/mod.rs
> index ac89ae5e..e4639c53 100644
> --- a/src/config/acme/mod.rs
> +++ b/src/config/acme/mod.rs

I think this whole file should probably be replaced entirely by
proxmox-acme-api , which - AFAICT - would just require adding the
completion helpers there?

> @@ -6,10 +6,11 @@ use anyhow::{bail, format_err, Error};
>  use serde_json::Value;
>  
>  use pbs_api_types::PROXMOX_SAFE_ID_REGEX;
> +use proxmox_acme_api::AcmeAccountName;
>  use proxmox_sys::error::SysError;
>  use proxmox_sys::fs::{file_read_string, CreateOptions};
>  
> -use crate::api2::types::{AcmeAccountName, AcmeChallengeSchema, KnownAcmeDirectory};
> +use crate::api2::types::{AcmeChallengeSchema, KnownAcmeDirectory};
>  
>  pub(crate) const ACME_DIR: &str = pbs_buildcfg::configdir!("/acme");
>  pub(crate) const ACME_ACCOUNT_DIR: &str = pbs_buildcfg::configdir!("/acme/accounts");
> @@ -34,11 +35,6 @@ pub(crate) fn make_acme_dir() -> Result<(), Error> {
>      create_acme_subdir(ACME_DIR)
>  }
>  
> -pub(crate) fn make_acme_account_dir() -> Result<(), Error> {
> -    make_acme_dir()?;
> -    create_acme_subdir(ACME_ACCOUNT_DIR)
> -}
> -
>  pub const KNOWN_ACME_DIRECTORIES: &[KnownAcmeDirectory] = &[
>      KnownAcmeDirectory {
>          name: "Let's Encrypt V2",
> diff --git a/src/config/node.rs b/src/config/node.rs
> index 253b2e36..e4b66a20 100644
> --- a/src/config/node.rs
> +++ b/src/config/node.rs
> @@ -8,16 +8,15 @@ use pbs_api_types::{
>      EMAIL_SCHEMA, MULTI_LINE_COMMENT_SCHEMA, OPENSSL_CIPHERS_TLS_1_2_SCHEMA,
>      OPENSSL_CIPHERS_TLS_1_3_SCHEMA,
>  };
> +use proxmox_acme::async_client::AcmeClient;
> +use proxmox_acme_api::AcmeAccountName;
>  use proxmox_http::ProxyConfig;
>  use proxmox_schema::{api, ApiStringFormat, ApiType, Updater};
>  
>  use pbs_buildcfg::configdir;
>  use pbs_config::{open_backup_lockfile, BackupLockGuard};
>  
> -use crate::acme::AcmeClient;
> -use crate::api2::types::{
> -    AcmeAccountName, AcmeDomain, ACME_DOMAIN_PROPERTY_SCHEMA, HTTP_PROXY_SCHEMA,
> -};
> +use crate::api2::types::{AcmeDomain, ACME_DOMAIN_PROPERTY_SCHEMA, HTTP_PROXY_SCHEMA};
>  
>  const CONF_FILE: &str = configdir!("/node.cfg");
>  const LOCK_FILE: &str = configdir!("/.node.lck");
> @@ -247,7 +246,7 @@ impl NodeConfig {
>          } else {
>              AcmeAccountName::from_string("default".to_string())? // should really not happen
>          };
> -        AcmeClient::load(&account).await
> +        proxmox_acme_api::load_client_with_account(&account).await
>      }
>  
>      pub fn acme_domains(&'_ self) -> AcmeDomainIter<'_> {
> -- 
> 2.47.3
> 
> 
> 
> _______________________________________________
> pbs-devel mailing list
> pbs-devel@lists.proxmox.com
> https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel
> 
> 
> 

_______________________________________________
pbs-devel mailing list
pbs-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel