[pbs-devel] [PATCH proxmox-backup v5 3/5] acme: drop local AcmeClient

Samuel Rufinatscha s.rufinatscha at proxmox.com
Wed Jan 14 09:56:40 CET 2026 

On 1/13/26 2:44 PM, Fabian Grünbichler wrote:
> On January 8, 2026 12:26 pm, Samuel Rufinatscha wrote:
>> PBS currently uses its own ACME client and API logic, while PDM uses the
>> factored out proxmox-acme and proxmox-acme-api crates. This duplication
>> risks differences in behaviour and requires ACME maintenance in two
>> places. This patch is part of a series to move PBS over to the shared
>> ACME stack.
>>
>> Changes:
>> - Remove the local src/acme/client.rs and switch to
>> proxmox_acme::async_client::AcmeClient where needed.
>> - Use proxmox_acme_api::load_client_with_account to the custom
>> AcmeClient::load() function
>> - Replace the local do_register() logic with
>> proxmox_acme_api::register_account, to further ensure accounts are persisted
>> - Replace the local AcmeAccountName type, required for
>> proxmox_acme_api::register_account
>>
>> Signed-off-by: Samuel Rufinatscha <s.rufinatscha at proxmox.com>
>> ---
>>   src/acme/client.rs                     | 691 -------------------------
>>   src/acme/mod.rs                        |   3 -
>>   src/acme/plugin.rs                     |   2 +-
>>   src/api2/config/acme.rs                |  50 +-
>>   src/api2/node/certificates.rs          |   2 +-
>>   src/api2/types/acme.rs                 |   8 -
>>   src/bin/proxmox_backup_manager/acme.rs |  17 +-
>>   src/config/acme/mod.rs                 |   8 +-
>>   src/config/node.rs                     |   9 +-
>>   9 files changed, 36 insertions(+), 754 deletions(-)
>>   delete mode 100644 src/acme/client.rs
>>
> 
> [..]
> 
>> diff --git a/src/config/acme/mod.rs b/src/config/acme/mod.rs
>> index ac89ae5e..e4639c53 100644
>> --- a/src/config/acme/mod.rs
>> +++ b/src/config/acme/mod.rs
> 
> I think this whole file should probably be replaced entirely by
> proxmox-acme-api , which - AFAICT - would just require adding the
> completion helpers there?
>

Good point, yes I think moving the completion helpers would
allow us to get rid of this file. PDM does not make use of
them / there is atm no 1:1 code in proxmox/ for these helpers.

>> @@ -6,10 +6,11 @@ use anyhow::{bail, format_err, Error};
>>   use serde_json::Value;
>>   
>>   use pbs_api_types::PROXMOX_SAFE_ID_REGEX;
>> +use proxmox_acme_api::AcmeAccountName;
>>   use proxmox_sys::error::SysError;
>>   use proxmox_sys::fs::{file_read_string, CreateOptions};
>>   
>> -use crate::api2::types::{AcmeAccountName, AcmeChallengeSchema, KnownAcmeDirectory};
>> +use crate::api2::types::{AcmeChallengeSchema, KnownAcmeDirectory};
>>   
>>   pub(crate) const ACME_DIR: &str = pbs_buildcfg::configdir!("/acme");
>>   pub(crate) const ACME_ACCOUNT_DIR: &str = pbs_buildcfg::configdir!("/acme/accounts");
>> @@ -34,11 +35,6 @@ pub(crate) fn make_acme_dir() -> Result<(), Error> {
>>       create_acme_subdir(ACME_DIR)
>>   }
>>   
>> -pub(crate) fn make_acme_account_dir() -> Result<(), Error> {
>> -    make_acme_dir()?;
>> -    create_acme_subdir(ACME_ACCOUNT_DIR)
>> -}
>> -
>>   pub const KNOWN_ACME_DIRECTORIES: &[KnownAcmeDirectory] = &[
>>       KnownAcmeDirectory {
>>           name: "Let's Encrypt V2",
>> diff --git a/src/config/node.rs b/src/config/node.rs
>> index 253b2e36..e4b66a20 100644
>> --- a/src/config/node.rs
>> +++ b/src/config/node.rs
>> @@ -8,16 +8,15 @@ use pbs_api_types::{
>>       EMAIL_SCHEMA, MULTI_LINE_COMMENT_SCHEMA, OPENSSL_CIPHERS_TLS_1_2_SCHEMA,
>>       OPENSSL_CIPHERS_TLS_1_3_SCHEMA,
>>   };
>> +use proxmox_acme::async_client::AcmeClient;
>> +use proxmox_acme_api::AcmeAccountName;
>>   use proxmox_http::ProxyConfig;
>>   use proxmox_schema::{api, ApiStringFormat, ApiType, Updater};
>>   
>>   use pbs_buildcfg::configdir;
>>   use pbs_config::{open_backup_lockfile, BackupLockGuard};
>>   
>> -use crate::acme::AcmeClient;
>> -use crate::api2::types::{
>> -    AcmeAccountName, AcmeDomain, ACME_DOMAIN_PROPERTY_SCHEMA, HTTP_PROXY_SCHEMA,
>> -};
>> +use crate::api2::types::{AcmeDomain, ACME_DOMAIN_PROPERTY_SCHEMA, HTTP_PROXY_SCHEMA};
>>   
>>   const CONF_FILE: &str = configdir!("/node.cfg");
>>   const LOCK_FILE: &str = configdir!("/.node.lck");
>> @@ -247,7 +246,7 @@ impl NodeConfig {
>>           } else {
>>               AcmeAccountName::from_string("default".to_string())? // should really not happen
>>           };
>> -        AcmeClient::load(&account).await
>> +        proxmox_acme_api::load_client_with_account(&account).await
>>       }
>>   
>>       pub fn acme_domains(&'_ self) -> AcmeDomainIter<'_> {
>> -- 
>> 2.47.3
>>
>>
>>
>> _______________________________________________
>> pbs-devel mailing list
>> pbs-devel at lists.proxmox.com
>> https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel
>>
>>
>>
> 
> 
> _______________________________________________
> pbs-devel mailing list
> pbs-devel at lists.proxmox.com
> https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel
> 
>

More information about the pbs-devel mailing list