Skip to content

User contributed contents

This guide is a contribution from our user community. The acme4netvs team can’t provide support for Proxmox integration.

Proxmox

Warning

You don’t need a netvs-config file for the proxmox installation. The API token is provided via web interface.

Using the acme.sh wrapper script, it is also possible to automatically generate certificates on your Proxmox hosts (tested for Proxmox Virtual Environment). Proxmox Backup Server and Proxmox Mail Gateway might also work but have not been tested.

Installation

Info

Please be aware that if you have a proxmox cluster, you need to repeat the installation instructions for each host of your cluster.

The following methods are redundant. The Package method should always be the preferred method. The Manual method exists for documentation reasons. The acme4netvs-proxmox package performs all the steps outlined in the Manual method automatically during package installation.

Package 🚀

  1. Install the KIT-CA Debian repository as described in the Installation article.
  2. Install the package acme4netvs-proxmox on your proxmox host(s): 
    apt-get install -y acme4netvs-proxmox
  3. Setup ACME via the Proxmox web interface and provide the NETVS API token at the plugin setup. For an example see the Configuration section

Manual ⚠️

Danger

This is a documentation of the steps that the package acme4netvs-proxmox runs automatically during installation. We do not offer support for this installation method.

Proceed at your own risk!

The following actions are required after installing the acme4netvs package on your proxmox host:

  1. Install the CA-Repository for Debian as described in the Installation article.
  2. Install the package acme4netvs on your proxmox host(s): 
    apt-get install -y acme4netvs
  3. Proxmox file modifications:
    • create a symlink from /usr/libexec/acme4netvs/dns_acme4netvs.sh to /usr/share/proxmox-acme/dnsapi/dns_acme4netvs.sh: 
      ln -s /usr/libexec/acme4netvs/dns_acme4netvs.sh \
      /usr/share/proxmox-acme/dnsapi/dns_acme4netvs.sh
    • insert the following into /usr/share/proxmox-acme/dns-challenge-schema.json: 
      "acme4netvs": {
    "fields": {
        "NETDB_API_TOKEN": {
            "description": "The netdb API key",
            "type": "string"
        }
    }
},

Warning

Pay attention to the file syntax so the result is still valid JSON.

  1. Restart pveproxy and pvedaemon: 
    systemctl restart pveprox pvedaemon
  2. Setup ACME via the Proxmox web interface and provide the NETVS API token at the plugin setup. For an example see the Configuration section.

Configuration

  1. Create NETVS API token as described in the Setup NETVS article.
  2. In the Proxmox web interface, select Server View and navigate to the ACME section on the Datacenter screen.

  1. Create a Challenge Plugin. Choose a name for the plugin (e.g. netvs), select acme4netvs as the DNS API and paste your NETVS API token.

  1. The remaining configuration is documented at the official Proxmox Wiki article. Just select DNS as Challenge Type and your selected plugin name (netvs in this example) from the previous step as Plugin for each Node Domain.