From: Samuel Rufinatscha <s.rufinatscha@proxmox.com>
To: pbs-devel@lists.proxmox.com
Subject: [PATCH proxmox-backup 0/1] fix #7311: bin: init proxmox_acme_api in proxmox-daily-update
Date: Thu, 12 Feb 2026 14:58:28 +0100 [thread overview]
Message-ID: <20260212135829.313029-1-s.rufinatscha@proxmox.com> (raw)
This patch adds the missing proxmox_acme_api::init() call in
proxmox-daily-update, fixing the regression introduced in
4.1.2-1 where certificate renewal fails [0].
Tested by running:
/usr/lib/x86_64-linux-gnu/proxmox-backup/proxmox-daily-update
which now completes successfully without panicking or hanging.
The command was tested against Pebble [1] for both
HTTP-01 and DNS-01 challenge types.
HTTP-01 Challenge Test
(1) make deb, deployed package
(2) installed Pebble on the same VM:
cd
apt update
apt install -y golang git
git clone https://github.com/letsencrypt/pebble
cd pebble
go build ./cmd/pebble
(3) downloaded and trusted the Pebble cert:
wget https://raw.githubusercontent.com/letsencrypt/pebble/main/test/certs/pebble.minica.pem
cp pebble.minica.pem /usr/local/share/ca-certificates/pebble.minica.crt
update-ca-certificates
(4) set httpPort to 80 in Pebble's config so PBS's standalone plugin
can handle HTTP-01 validation on port 80:
nano ./test/config/pebble-config.json
(5) started Pebble:
./pebble -config ./test/config/pebble-config.json &
(6) created an ACME account:
proxmox-backup-manager acme account register default admin@example.com \
--directory 'https://127.0.0.1:14000/dir'
(7) Created a domain (used my host domain name from /etc/hosts) and ordered
the certificate via proxmox-daily-update.
DNS-01 Challenge Test
Same VM setup as above, additionally:
(1) build and start the challenge test server:
go build ./cmd/pebble-challtestsrv
./pebble-challtestsrv -http01 "" -https01 "" -tlsalpn01 "" \
-dns01 :8053 -defaultIPv4 127.0.0.1 &
(2) start Pebble with DNS resolver pointing at the challenge test
server:
./pebble -config ./test/config/pebble-config.json \
-dnsserver 127.0.0.1:8053 &
(3) create and registered a custom DNS plugin script at
/usr/share/proxmox-acme/dnsapi/dns_pebble.sh.
(4) created an ACME account, changed challenge type of existing domain
to DNS and order the certificate via proxmox-daily-update.
Note: Pebble does not persist account info across restarts. On reboot,
remove the old account from /etc/proxmox-backup/acme/accounts and
create a new one.
*Maintainer notes*
- this fix requires a version bump
[0] https://bugzilla.proxmox.com/show_bug.cgi?id=7311
[1] https://github.com/letsencrypt/pebble
Samuel Rufinatscha (1):
fix #7311: bin: init proxmox_acme_api in proxmox-daily-update
src/bin/proxmox-daily-update.rs | 3 +++
1 file changed, 3 insertions(+)
--
2.47.3
next reply other threads:[~2026-02-12 13:57 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-02-12 13:58 Samuel Rufinatscha [this message]
2026-02-12 13:58 ` [PATCH proxmox-backup 1/1] " Samuel Rufinatscha
2026-02-12 14:37 ` applied: [PATCH proxmox-backup 0/1] " Fabian Grünbichler
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260212135829.313029-1-s.rufinatscha@proxmox.com \
--to=s.rufinatscha@proxmox.com \
--cc=pbs-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox