"Quote from: longshot338 on November 01, 2023, 04:03:41 PM
Thanks for the info, cookiemonster, but how do we get acme.sh to look there for the file(s)? I tried using the full path in my command line use of acme.sh, but that didn't work either. I would really like to set-up everything in the GUI, and allow the triggers to execute things without me having to manually intervene.
I have a similar problem: acme with dns and dns-alias seems not to work in Proxmox itself, but in OPNsense.
So I tried to deploy from OPNsense to Proxmox, too, and found this thread.
What I have found:
- we need to copy the deploy dir from examples to the acme-client home:
Code Select
cp -a /usr/local/share/examples/acme.sh/deploy /var/etc/acme-client/home/
- since my PVE node has a self signed cert, the automation fails with:
Code Select
=> Send SSL data, 5 bytes (0x5)
0000: .....
== Info: TLSv1.3 (OUT), TLS alert, unknown CA (560):
=> Send SSL data, 2 bytes (0x2)
0000: .0
== Info: SSL certificate problem: unable to get local issuer certificate
== Info: Closing connection
which means: curl must not check the certificate of the node. To achieve this, I found no other way
than edit acme.sh and add:
Code Select
HTTPS_INSECURE=1Now, when starting the automation - the GUI says successful. But ... cert wasn't imported, in the pveproxy/access.log
I only see:
"POST /api2/json/nodes/proxhost/certificates/custom HTTP/1.1" 401 -
My api token has the the sys.modify right ... but maybe this is not sufficient. Tried with both pveversion 7.4 and 8.0.4
Did anyone get this to work?
