[pbs-devel] [PATCH proxmox-backup v5 3/5] acme: drop local AcmeClient
Fabian Grünbichler
f.gruenbichler at proxmox.com
Tue Jan 13 14:45:28 CET 2026
On January 8, 2026 12:26 pm, Samuel Rufinatscha wrote:
> PBS currently uses its own ACME client and API logic, while PDM uses the
> factored out proxmox-acme and proxmox-acme-api crates. This duplication
> risks differences in behaviour and requires ACME maintenance in two
> places. This patch is part of a series to move PBS over to the shared
> ACME stack.
>
> Changes:
> - Remove the local src/acme/client.rs and switch to
> proxmox_acme::async_client::AcmeClient where needed.
> - Use proxmox_acme_api::load_client_with_account to the custom
> AcmeClient::load() function
> - Replace the local do_register() logic with
> proxmox_acme_api::register_account, to further ensure accounts are persisted
> - Replace the local AcmeAccountName type, required for
> proxmox_acme_api::register_account
>
> Signed-off-by: Samuel Rufinatscha <s.rufinatscha at proxmox.com>
> ---
> src/acme/client.rs | 691 -------------------------
> src/acme/mod.rs | 3 -
> src/acme/plugin.rs | 2 +-
> src/api2/config/acme.rs | 50 +-
> src/api2/node/certificates.rs | 2 +-
> src/api2/types/acme.rs | 8 -
> src/bin/proxmox_backup_manager/acme.rs | 17 +-
> src/config/acme/mod.rs | 8 +-
> src/config/node.rs | 9 +-
> 9 files changed, 36 insertions(+), 754 deletions(-)
> delete mode 100644 src/acme/client.rs
>
[..]
> diff --git a/src/config/acme/mod.rs b/src/config/acme/mod.rs
> index ac89ae5e..e4639c53 100644
> --- a/src/config/acme/mod.rs
> +++ b/src/config/acme/mod.rs
I think this whole file should probably be replaced entirely by
proxmox-acme-api , which - AFAICT - would just require adding the
completion helpers there?
> @@ -6,10 +6,11 @@ use anyhow::{bail, format_err, Error};
> use serde_json::Value;
>
> use pbs_api_types::PROXMOX_SAFE_ID_REGEX;
> +use proxmox_acme_api::AcmeAccountName;
> use proxmox_sys::error::SysError;
> use proxmox_sys::fs::{file_read_string, CreateOptions};
>
> -use crate::api2::types::{AcmeAccountName, AcmeChallengeSchema, KnownAcmeDirectory};
> +use crate::api2::types::{AcmeChallengeSchema, KnownAcmeDirectory};
>
> pub(crate) const ACME_DIR: &str = pbs_buildcfg::configdir!("/acme");
> pub(crate) const ACME_ACCOUNT_DIR: &str = pbs_buildcfg::configdir!("/acme/accounts");
> @@ -34,11 +35,6 @@ pub(crate) fn make_acme_dir() -> Result<(), Error> {
> create_acme_subdir(ACME_DIR)
> }
>
> -pub(crate) fn make_acme_account_dir() -> Result<(), Error> {
> - make_acme_dir()?;
> - create_acme_subdir(ACME_ACCOUNT_DIR)
> -}
> -
> pub const KNOWN_ACME_DIRECTORIES: &[KnownAcmeDirectory] = &[
> KnownAcmeDirectory {
> name: "Let's Encrypt V2",
> diff --git a/src/config/node.rs b/src/config/node.rs
> index 253b2e36..e4b66a20 100644
> --- a/src/config/node.rs
> +++ b/src/config/node.rs
> @@ -8,16 +8,15 @@ use pbs_api_types::{
> EMAIL_SCHEMA, MULTI_LINE_COMMENT_SCHEMA, OPENSSL_CIPHERS_TLS_1_2_SCHEMA,
> OPENSSL_CIPHERS_TLS_1_3_SCHEMA,
> };
> +use proxmox_acme::async_client::AcmeClient;
> +use proxmox_acme_api::AcmeAccountName;
> use proxmox_http::ProxyConfig;
> use proxmox_schema::{api, ApiStringFormat, ApiType, Updater};
>
> use pbs_buildcfg::configdir;
> use pbs_config::{open_backup_lockfile, BackupLockGuard};
>
> -use crate::acme::AcmeClient;
> -use crate::api2::types::{
> - AcmeAccountName, AcmeDomain, ACME_DOMAIN_PROPERTY_SCHEMA, HTTP_PROXY_SCHEMA,
> -};
> +use crate::api2::types::{AcmeDomain, ACME_DOMAIN_PROPERTY_SCHEMA, HTTP_PROXY_SCHEMA};
>
> const CONF_FILE: &str = configdir!("/node.cfg");
> const LOCK_FILE: &str = configdir!("/.node.lck");
> @@ -247,7 +246,7 @@ impl NodeConfig {
> } else {
> AcmeAccountName::from_string("default".to_string())? // should really not happen
> };
> - AcmeClient::load(&account).await
> + proxmox_acme_api::load_client_with_account(&account).await
> }
>
> pub fn acme_domains(&'_ self) -> AcmeDomainIter<'_> {
> --
> 2.47.3
>
>
>
> _______________________________________________
> pbs-devel mailing list
> pbs-devel at lists.proxmox.com
> https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel
>
>
>
More information about the pbs-devel
mailing list