Jan 1, 0001

Setup Proxmox ACME when Datacenter > ACME doesn’t show up

Proxmox offers a command line interface that exposes the same options as the webui. This is how we will get around the lack of an ACME option in the UI. Below is a command that will use the Cloudflare plugin to add an ACME provider using a DNS challenge for a domain using the Cloudflare API. There doesn’t seem to be much documentation out there for proxmox’s integration of acme.sh, the tool that proxmox uses under the hood to manage it’s certificates.

1. Configure Cloudflare

  1. Login to your account
  2. Select the root domain you want to use from the list.
  3. Select Overview
  4. Scroll down on the right side look for Get your API token.
  5. Create an access token for the DNS zone you want proxmox to configure. Make sure it has permissions to Zone:Read and DNS:Edit

First we have to create a secrets file to store our credentials to authenticate with Cloudflare. If you want more details. Documentation

cat >> acme_data.txt << EOF
CF_Token=XXXXXXXXXXXXXXXXXXXXXXXXXXX
EOF

pvenode acme plugin add dns cloudflare --api cf --data acme_data.txt
  1. cloudflare is the name we are giving our dns entry
  2. --api cf specifies the API we want acme.sh to use.
  3. --data acme_data.txt tells acme.sh where to look for the secret data it needs.

Here is a list of all the supported APIs. https://github.com/acmesh-official/acme.sh/wiki/dnsapi

The acme plugin config command shows you your configured ACME accounts.

root@pve1:/# pvenode acme plugin config cloudflare
┌────────┬───────────────────────────────────────────────────┐
│ key    │ value                                             │
╞════════╪═══════════════════════════════════════════════════╡
│ api    │ cf                                                │
├────────┼───────────────────────────────────────────────────┤
│ data   │ CF_Token=XXXXXXXXXXXXXXXXXXXXXXXXXXX              │
├────────┼───────────────────────────────────────────────────┤
│ digest │ YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY          │
├────────┼───────────────────────────────────────────────────┤
│ plugin │ cloudflare                                        │
├────────┼───────────────────────────────────────────────────┤
│ type   │ dns                                               │
└────────┴───────────────────────────────────────────────────┘

Don’t forget to delete your secrets file or secure it so nobody can see it.

rm acme_data.txt

How that we have put our api credentials onto our proxmox node we can go back to the webUI to finish configuring our cert and Order our cert.

Click on your proxmox node. System > Certificates than under the acme banner add. Change Challenge Type to DNS. Select our cloudflare plugin and type in the domain you want to use for this proxmox node. Than hit OK Than Order Certificates Now. If all went well your web browser should have reloaded and https should now work.

Remember to add the trailing . to your domain name.