From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id 43F4392FD6 for ; Tue, 3 Jan 2023 14:43:24 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 2C625B51B for ; Tue, 3 Jan 2023 14:43:24 +0100 (CET) Received: from mail.hlrs.de (mail.hlrs.de [141.58.2.50]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS for ; Tue, 3 Jan 2023 14:43:23 +0100 (CET) Received: from localhost (localhost.localdomain [127.0.0.1]) by mail.hlrs.de (Postfix) with ESMTP id B517E5EA02F7 for ; Tue, 3 Jan 2023 14:43:22 +0100 (CET) Received: from mail.hlrs.de ([127.0.0.1]) by localhost (mail.hlrs.de [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id xXnIpUXF-wPX for ; Tue, 3 Jan 2023 14:43:22 +0100 (CET) X-Virus-Scanned: amavisd-new at mail.hlrs.de DKIM-Filter: OpenDKIM Filter v2.10.3 mail.hlrs.de 8DF225EA030F DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hlrs.de; s=1806FB76-797D-11E5-BCE5-7B280A126CD4; t=1672753402; bh=loMySv+6Vp7018/VRXGeWm1L0CbwSrQJWcoeayGS57s=; h=Date:From:To:Message-ID:MIME-Version; b=OBmxL/De6E7vTrqbrzYHcnGKAglWmp8EFeHrqH3t+KkeEMmm23atB5HLh95pCHdcG /V2XPGyeYfMmiWStNG/mqzFkzuh8QWH9pQ2gJT26qUDHct/IqYJA8nq6YvoNmECHUY Y8NOtaXpTh+DxqAGSO56w6Ie3/9kn377fkZZNQvQ= Received: from schleppmd.hlrs.de (hpcn-vpnip-141-58-15-240.hlrs.de [141.58.15.240]) by mail.hlrs.de (Postfix) with ESMTPSA id 6AA1A5EA02F7 for ; Tue, 3 Jan 2023 14:43:22 +0100 (CET) Date: Tue, 3 Jan 2023 14:43:08 +0100 From: Martin Dziobek To: pve-user@lists.proxmox.com Message-ID: <20230103144308.491d9e63@schleppmd.hlrs.de> In-Reply-To: <20230103133458.378a56b3@schleppmd.hlrs.de> References: <20230103133458.378a56b3@schleppmd.hlrs.de> Organization: HLRS Uni Stuttgart X-Mailer: Claws Mail 3.17.8 (GTK+ 2.24.33; x86_64-pc-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-SPAM-LEVEL: Spam detection results: 0 AWL -0.190 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DKIM_SIGNED 0.1 Message has a DKIM or DK signature, not necessarily valid DKIM_VALID -0.1 Message has at least one valid DKIM or DK signature DKIM_VALID_AU -0.1 Message has a valid DKIM or DK signature from author's domain DKIM_VALID_EF -0.1 Message has a valid DKIM or DK signature from envelope-from domain KAM_NUMSUBJECT 0.5 Subject ends in numbers excluding current years RCVD_IN_DNSWL_MED -2.3 Sender listed at https://www.dnswl.org/, medium trust RCVD_IN_MSPIKE_H2 -0.001 Average reputation (+2) SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_NONE 0.001 SPF: sender does not publish an SPF Record URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [proxmox.com, acme.sh, hlrs.de] Subject: Re: [PVE-User] Trouble with LetsEncrypt/acme-dns in pve 7.3-4 X-BeenThere: pve-user@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE user list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Jan 2023 13:43:24 -0000 Update: I've been able to get those certificates on pprod by hard-coding the ACMEDNS_BASE_URL of our internal acme-dns-Server into /usr/share/proxmox-acme/dnsapi/dns_acmedns.sh but needless to say that is only a POC, not a fix. Best regards, Martin On Tue, 3 Jan 2023 13:34:58 +0100 Martin Dziobek wrote: > Howdy, list members ! > > The situation: > I have a proxmox host (say ptest) running pve 7.3-3, > and one (say pprod) running 7.3-4 > > On ptest, getting Letsencrypt certificates with the acme-dns plugin > and our internal acme-dns server works fine. > > Trying the same config on pprod (for the first time with LE) fails with > "invalid response of acme-dns" > > Investigation: > /etc/pve/.version: > ptest shows "priv/acme/plugins.cfg": 2, > pprod shows "priv/acme/plugins.cfg": 3, > > The handler scripts in > /usr/share/proxmox-acme/dnsapi/dns_acmedns.sh > have lots of differences for that reason. > > The GUI dialog at Datacenter->ACME for configuring > Challenge plugins (type acme-dns), however, do show > *exactly the same predefined fields* on pprod and ptest, > namely "ACMEDNS_UPDATE_URL". > > Unfortunately, "ACMEDNS_UPDATE_URL" has been > dropped in the latest versions of acme.sh > (and in the handler scripts v.3) > In v.3 , this is now all based on ACMEDNS_BASE_URL, > but the change has obviously not been reflected to > the GUI dialog. > > Would you proxmox guys kindly mind to fix this ? > > Best regards, > Martin > > > _______________________________________________ > pve-user mailing list > pve-user@lists.proxmox.com > https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-user >