* [PATCH proxmox-backup 0/1] fix #7311: bin: init proxmox_acme_api in proxmox-daily-update
@ 2026-02-12 13:58 Samuel Rufinatscha
2026-02-12 13:58 ` [PATCH proxmox-backup 1/1] " Samuel Rufinatscha
2026-02-12 14:37 ` applied: [PATCH proxmox-backup 0/1] " Fabian Grünbichler
0 siblings, 2 replies; 3+ messages in thread
From: Samuel Rufinatscha @ 2026-02-12 13:58 UTC (permalink / raw)
To: pbs-devel
This patch adds the missing proxmox_acme_api::init() call in
proxmox-daily-update, fixing the regression introduced in
4.1.2-1 where certificate renewal fails [0].
Tested by running:
/usr/lib/x86_64-linux-gnu/proxmox-backup/proxmox-daily-update
which now completes successfully without panicking or hanging.
The command was tested against Pebble [1] for both
HTTP-01 and DNS-01 challenge types.
HTTP-01 Challenge Test
(1) make deb, deployed package
(2) installed Pebble on the same VM:
cd
apt update
apt install -y golang git
git clone https://github.com/letsencrypt/pebble
cd pebble
go build ./cmd/pebble
(3) downloaded and trusted the Pebble cert:
wget https://raw.githubusercontent.com/letsencrypt/pebble/main/test/certs/pebble.minica.pem
cp pebble.minica.pem /usr/local/share/ca-certificates/pebble.minica.crt
update-ca-certificates
(4) set httpPort to 80 in Pebble's config so PBS's standalone plugin
can handle HTTP-01 validation on port 80:
nano ./test/config/pebble-config.json
(5) started Pebble:
./pebble -config ./test/config/pebble-config.json &
(6) created an ACME account:
proxmox-backup-manager acme account register default admin@example.com \
--directory 'https://127.0.0.1:14000/dir'
(7) Created a domain (used my host domain name from /etc/hosts) and ordered
the certificate via proxmox-daily-update.
DNS-01 Challenge Test
Same VM setup as above, additionally:
(1) build and start the challenge test server:
go build ./cmd/pebble-challtestsrv
./pebble-challtestsrv -http01 "" -https01 "" -tlsalpn01 "" \
-dns01 :8053 -defaultIPv4 127.0.0.1 &
(2) start Pebble with DNS resolver pointing at the challenge test
server:
./pebble -config ./test/config/pebble-config.json \
-dnsserver 127.0.0.1:8053 &
(3) create and registered a custom DNS plugin script at
/usr/share/proxmox-acme/dnsapi/dns_pebble.sh.
(4) created an ACME account, changed challenge type of existing domain
to DNS and order the certificate via proxmox-daily-update.
Note: Pebble does not persist account info across restarts. On reboot,
remove the old account from /etc/proxmox-backup/acme/accounts and
create a new one.
*Maintainer notes*
- this fix requires a version bump
[0] https://bugzilla.proxmox.com/show_bug.cgi?id=7311
[1] https://github.com/letsencrypt/pebble
Samuel Rufinatscha (1):
fix #7311: bin: init proxmox_acme_api in proxmox-daily-update
src/bin/proxmox-daily-update.rs | 3 +++
1 file changed, 3 insertions(+)
--
2.47.3
^ permalink raw reply [flat|nested] 3+ messages in thread
* [PATCH proxmox-backup 1/1] fix #7311: bin: init proxmox_acme_api in proxmox-daily-update
2026-02-12 13:58 [PATCH proxmox-backup 0/1] fix #7311: bin: init proxmox_acme_api in proxmox-daily-update Samuel Rufinatscha
@ 2026-02-12 13:58 ` Samuel Rufinatscha
2026-02-12 14:37 ` applied: [PATCH proxmox-backup 0/1] " Fabian Grünbichler
1 sibling, 0 replies; 3+ messages in thread
From: Samuel Rufinatscha @ 2026-02-12 13:58 UTC (permalink / raw)
To: pbs-devel
The daily-update binary was missing initialization of the ACME config directory,
causing certificate renewal to panic.
Fixes: https://bugzilla.proxmox.com/show_bug.cgi?id=7311
Signed-off-by: Samuel Rufinatscha <s.rufinatscha@proxmox.com>
---
src/bin/proxmox-daily-update.rs | 3 +++
1 file changed, 3 insertions(+)
diff --git a/src/bin/proxmox-daily-update.rs b/src/bin/proxmox-daily-update.rs
index 224103cc..025eb47f 100644
--- a/src/bin/proxmox-daily-update.rs
+++ b/src/bin/proxmox-daily-update.rs
@@ -6,6 +6,7 @@ use proxmox_router::{cli::*, ApiHandler, RpcEnvironment};
use proxmox_subscription::SubscriptionStatus;
use proxmox_sys::fs::CreateOptions;
+use pbs_buildcfg::configdir;
use proxmox_backup::api2;
async fn wait_for_local_worker(upid_str: &str) -> Result<(), Error> {
@@ -104,6 +105,8 @@ async fn run(rpcenv: &mut dyn RpcEnvironment) -> Result<(), Error> {
proxmox_notify::context::set_context(&PBS_CONTEXT);
+ proxmox_acme_api::init(configdir!("/acme"), false)?;
+
do_update(rpcenv).await
}
--
2.47.3
^ permalink raw reply [flat|nested] 3+ messages in thread
* applied: [PATCH proxmox-backup 0/1] fix #7311: bin: init proxmox_acme_api in proxmox-daily-update
2026-02-12 13:58 [PATCH proxmox-backup 0/1] fix #7311: bin: init proxmox_acme_api in proxmox-daily-update Samuel Rufinatscha
2026-02-12 13:58 ` [PATCH proxmox-backup 1/1] " Samuel Rufinatscha
@ 2026-02-12 14:37 ` Fabian Grünbichler
1 sibling, 0 replies; 3+ messages in thread
From: Fabian Grünbichler @ 2026-02-12 14:37 UTC (permalink / raw)
To: pbs-devel, Samuel Rufinatscha
On Thu, 12 Feb 2026 14:58:28 +0100, Samuel Rufinatscha wrote:
> This patch adds the missing proxmox_acme_api::init() call in
> proxmox-daily-update, fixing the regression introduced in
> 4.1.2-1 where certificate renewal fails [0].
>
> Tested by running:
>
> /usr/lib/x86_64-linux-gnu/proxmox-backup/proxmox-daily-update
>
> [...]
Applied, thanks!
[1/1] fix #7311: bin: init proxmox_acme_api in proxmox-daily-update
commit: ec54e5cd87f7c41c3776deb3164dea0d5347e153
Best regards,
--
Fabian Grünbichler <f.gruenbichler@proxmox.com>
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2026-02-12 14:36 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2026-02-12 13:58 [PATCH proxmox-backup 0/1] fix #7311: bin: init proxmox_acme_api in proxmox-daily-update Samuel Rufinatscha
2026-02-12 13:58 ` [PATCH proxmox-backup 1/1] " Samuel Rufinatscha
2026-02-12 14:37 ` applied: [PATCH proxmox-backup 0/1] " Fabian Grünbichler
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox