[pve-devel] RFC for ACME DNS Challenge V2

Wolfgang Link w.link at proxmox.com
Tue Mar 31 12:08:27 CEST 2020


The acme_sh project is used as a DNS API plugin system.
So we can reuse the already defiend plugins.
I add it as a submodule.

The acme.sh script is replaced by proxmox-acme,
which contains the function required to operate the DNSAPI plug-ins.

The login information is saved in the file plugin.cfg
and passt directly on the proxmox-acme.

The DNSAPI plugin credentials are not standardized, so each plugin expects different parameters.

These patches are only tested against the OVH API because of missing alternative possibilities.

This implementation uses the design that we discuss at the pve-devel list.
It doesn't have much to do with V1.

Build conflicts arise due to the code movements.
The prerequisite for this series is the installation of Curl.
For this series you have to create the deb packages pve-common, pve-cluster and proxmox-acme.
Then apply these packages and you can now build and install the pve-manager package.

The GUI is broken at the moment.
Fixes will follow shortly.
Old configurations are converted and can be used without any problems.
The new configuration must be defined via the CLI.

For the alias mode a CNAME record is needed
_acme-challenge.<host>.<domain>.<TLD> 	CNAME 	_acme-challenge.<Alias Target>

Steps to test.

1.) pvenode acme account register default <mail at example.invalid>
2.) pvenode acme plugin add <dns|standalone> <plugin_id> --data <login information> 
3.) pvenode config set --acme domain=<Domain>,plugin=<plugin_id>[,alias=<alias_domain>]
4.) pvenode acme cert order






More information about the pve-devel mailing list