Acme Proxmox automation

Started by julsssark, February 09, 2025, 06:01:54 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
February 09, 2025, 06:01:54 PM
My Acme automation to Proxmox completes successfully but Proxmox still uses the old certificate. I've tried rebooting Proxmox and the debug.2 log shows the automation completes successfully. I know Acme is updating the certs because I can manually upload them to Proxmox, and the new certs are applied. Is the Acme Proxmox automation working for anyone? I am running OPNsense 25.1 but I noticed this issue with 24.7.12 too.
February 09, 2025, 08:46:22 PM #1
Quote from: julsssark on February 09, 2025, 06:01:54 PMMy Acme automation to Proxmox completes successfully but Proxmox still uses the old certificate. I've tried rebooting Proxmox and the debug.2 log shows the automation completes successfully. I know Acme is updating the certs because I can manually upload them to Proxmox, and the new certs are applied. Is the Acme Proxmox automation working for anyone? I am running OPNsense 25.1 but I noticed this issue with 24.7.12 too.

ACME works very well when correctly configured. You can test the automation/upload: Click "Edit Automation" -> "Test Connection".
You might have to change the "Remote Path" according to your needs.
i want all services to run with wirespeed and therefore run this dedicated hardware configuration:

AMD Ryzen 7 9700x
ASUS Pro B650M-CT-CSM
64GB DDR5 ECC (2x KSM56E46BD8KM-32HA)
Intel XL710-BM1
Intel i350-T4
2x SSD with ZFS mirror
PiKVM for remote maintenance

private user, no business use
February 09, 2025, 10:05:37 PM #2 Last Edit: February 09, 2025, 10:14:04 PM by julsssark
Thanks but I am not seeing "Test Connection" under Edit Automation. The Proxmox automation uses an API so there may not be a test connection (see screenshot). According to the logs, the Proxmox automation is completing successfully but the old certificate continues to be used on Proxmox. My other Acme automations are working correctly.
February 12, 2025, 03:34:52 AM #3
Hello,

  Interested if you find a solution to this issue. I am having the same problem. Getting the cert works fine. The log says the automation completes successfully (return code 0), but I don't see the cert in Proxmox. Very confused. It feel like I am just missing a step.
February 12, 2025, 03:47:44 AM #4
Not sure if this will help but I kept tinkering and I think I got it to work. My cert is now showing up in the list on the node. I had to go into the API key in promxmox and uncheck "Privilege Separation". Then I reran the automation and it showed up. Hope this help you.
February 12, 2025, 05:24:25 AM #5
Thank you @TheCrackedCube. Unchecking privilege separation and rerunning the automation worked correctly.
February 17, 2025, 04:11:52 PM #6
I finally managed to get my cert exported to Proxmox.
I just followed this recent guide:

https://sysadmin102.com/2025/02/proxmox-opnsense-acme-certificate-automation/

It goes on about using a limited new user-token just for the purpose of the acme automation which seemed a good idea.

I had to make sure I have a DNS override setup in my OpnSense Unbound DNS so it would resolve my Proxmox host.

Works a treat :)
February 17, 2025, 04:33:08 PM #7 Last Edit: February 17, 2025, 04:35:02 PM by julsssark
Didn't need to do any command line stuff to get Acme to work. Just create the API Token (not user) and check "Privilege Separation".
Print
Go Up Pages1
User actions