[pbs-devel] [RFC backup 00/23] Implements ACME suport for PBS

Wed Apr 21 14:19:29 CEST 2021

On Wed, Apr 21, 2021 at 01:56:18PM +0200, Dominic Jäger wrote:
> I am not sure how much of what I noticed today is for this series or general
> 
> On Tue, Apr 20, 2021 at 12:53:11PM +0200, Wolfgang Bumiller wrote:
> > > In the window "Register Account" the textfield "Account Name" has the empty
> > > text "default".  As far as I know, we use empty texts for real default values.
> > > So this should be removed and get a validator (already in the GUI) instead.
> > 
> > GUI specifics aren't really in scope of this series as this just reuses the existing components.
> > So this should be handled separately.
> 
> or would be magically solved by the packaging changes
> > 
> > Yeah we should turn the proxmox-acme repo into a split package and have the acme.sh
> > wrapper separate so we can depend/suggest that without pulling in the perl code.
> 
> but a few things looked working to me in PVE but not PBS:
> 
> 1. In the "Create: Domain" window, when attempting to create a duplicate entry:
> PVE shows an error "duplicate domain" while PBS silently replaces the previous
> entry

Sounds like a UI thing, can you also check PMG? PVE stores domains which
use the standalone http challenge differently to PMG and PBS, so the UI
modifies those in a different way which may be inconsistent.

> 2. I installed libproxmox-acme-perl as disucssed. The dropdown list for DNS API
> then did appear.  However, I haven't found a dropdown entry yet that made the
> general API Data field change to the API specific fields. This includes APIs
> like kappernet for which this certainly works in PVE.

The field schema is not available yet. This will come later.

> 3. When trying around I got some error like
> > TASK ERROR: validating challenge 'https://acme-staging-v02.api.letsencrypt.org/acme/...' failed - status: Invalid
> and after editing (=removing a line) the contents of the API Data field the
> error message became less useful
> >Placing ACME order
> >Order URL: https://acme-staging-v02.api.letsencrypt.org/acme/order/....
> >Getting authorization details from 'https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/...'
> >The validation for dominicjaeger.com is pending
> >Setting up validation plugin
> >TASK ERROR: '/usr/share/proxmox-acme/proxmox-acme setup' exited with error (1)
> 
> Would it be possible to show more reasons for the error here?

Ah, via the API the command output probably doesn't make it into the
task log. Should be able to pass that through, but what exactly you'll
get from that is up to the actual plugin you're using.

> 
> 4. The dropdown list is different for PBS and PVE. For example, PVE contains
> "Cloudflare Managed DNS" while PBS contains just "cf"

As with #2, that's just the detailed plugin schema not being available
right now.