Add Automatic Certificate Management Environment (ACME) to ProxmoxVE (Let’sEncrypt) via DNS.
Most of the time, http authentication for the ACME protocol is perfect. But since PVE is an infrastructure device, you might not have the option nor want to expose its port 80 on Internet, voiding the http validation.
Remains the DNS validation. I write those lines because I struggled with the (lack of) documentation, but it’s probably very easy.
First, ensure you’re DNS provider is supported by listing plugins:
Plain text
Copy to clipboard
Open code in new window
EnlighterJS 3 Syntax Highlighter
ls -lh /usr/share/proxmox-acme/dnsapi
# ls -lh /usr/share/proxmox-acme/dnsapi |grep gandi
Loading ACME account details
Placing ACME order
Order URL: https://acme-v02.api.letsencrypt.org/acme/order/xxx/xxx
Getting authorization details from 'https://acme-v02.api.letsencrypt.org/acme/authz-v3/xx'
The validation for pve2.pivert.org is pending!
[Tue Oct 22 23:21:07 CEST 2024] Adding record success
Add TXT record: _acme-challenge.pve2.pivert.org
Sleeping 30 seconds to wait for TXT record propagation
Triggering validation
Sleeping for 5 seconds
Status is 'valid', domain 'pve2.pivert.org' OK!
[Tue Oct 22 23:21:50 CEST 2024] Removing record success
Remove TXT record: _acme-challenge.pve2.pivert.org
All domains validated!
Creating CSR
Checking order status
Order is ready, finalizing order
valid!
Downloading certificate
Setting pveproxy certificate and key
Restarting pveproxy
TASK OK
Loading ACME account details
Placing ACME order
Order URL: https://acme-v02.api.letsencrypt.org/acme/order/xxx/xxx
Getting authorization details from 'https://acme-v02.api.letsencrypt.org/acme/authz-v3/xx'
The validation for pve2.pivert.org is pending!
[Tue Oct 22 23:21:07 CEST 2024] Adding record success
Add TXT record: _acme-challenge.pve2.pivert.org
Sleeping 30 seconds to wait for TXT record propagation
Triggering validation
Sleeping for 5 seconds
Status is 'valid', domain 'pve2.pivert.org' OK!
[Tue Oct 22 23:21:50 CEST 2024] Removing record success
Remove TXT record: _acme-challenge.pve2.pivert.org
All domains validated!
Creating CSR
Checking order status
Order is ready, finalizing order
valid!
Downloading certificate
Setting pveproxy certificate and key
Restarting pveproxy
TASK OK
Then proceed for each host in the cluster.
Like it ?
Get notified on new posts (max 1 / month) Soyez informés lors des prochains articles