[pbs-devel] [RFC backup 00/23] Implements ACME suport for PBS

Wolfgang Bumiller w.bumiller at proxmox.com
Tue Apr 20 12:53:11 CEST 2021 

> On 04/20/2021 12:27 PM Dominic Jäger <d.jaeger at proxmox.com> wrote:
> 
>  
> Creating the first account gives missing directory

should be an easy fix

> > TASK ERROR: failed to open "/etc/proxmox-backup/acme/accounts/test" for
> > writing: No such file or directory (os error 2)
> After manually adding it, the HTTP Challenged worked for me.
> 
> In the Window "Add: ACME DNS Plugin" choosing (or writing) something in the
> dropdown menu DNS API is not possible with only the PBS repositories
> configured.  It is necessary to install libproxmox-acme-perl from PVE
> repositories in addition.

Yeah we should turn the proxmox-acme repo into a split package and have the acme.sh
wrapper separate so we can depend/suggest that without pulling in the perl code.

> 
> Deleting a certificate shows a confirmation dialog with a truncated message:
> "Are you sure you want to remove the certificate used for"

That'll need some fixing in the widget toolkit.

> 
> In the window "Register Account" the textfield "Account Name" has the empty
> text "default".  As far as I know, we use empty texts for real default values.
> So this should be removed and get a validator (already in the GUI) instead.

GUI specifics aren't really in scope of this series as this just reuses the existing components.
So this should be handled separately.

> But the API rejects correctly: "parameter verification errors parameter 'name':
> parameter is missing and it is not optional."
> 
> Registering accounts for both staging and production works.  Ordering
> certificates with HTTP challenge generally works for both, too.  A few times
> the HTTP challenge required a manual retry. Maybe we could do something like
> increasing timeouts?

Not sure why that happens, would need to investigate more. But yeah it's possible
that setup/teardown are racing against the request, need to recheck the code.

> I couldn't set up PowerDNS yet & my domains were not fast enough, so finishing
> the DNS challenge testing remains todo.
> 
> Tested-by: Dominic Jäger <d.jaeger at proxmox.com>

More information about the pbs-devel mailing list