Hackeriet

User Tools

Site Tools

You are here: start » infra » operations » proxmox-acme-dns
infra:operations:proxmox-acme-dns

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
infra:operations:proxmox-acme-dns [2026/05/24 18:52] atluxity_idp.hackeriet.noinfra:operations:proxmox-acme-dns [2026/05/24 18:59] (current) atluxity_idp.hackeriet.no
Line 79: Line 79:
  
 This should be preferred over exposing Proxmox management publicly or giving host006/host007 broad DNS write access. This should be preferred over exposing Proxmox management publicly or giving host006/host007 broad DNS write access.
- 
-===== Suggested rollout ===== 
- 
-  - Pick or deploy the validation backend. [[https://github.com/acme-dns/acme-dns|acme-dns]] is a common small service for this purpose. 
-  - Create per-host validation names and credentials. 
-  - Add CNAME records in hackeriet.no for host006 and host007 _acme-challenge names. 
-  - Bump SOA serial, check the zone, reload NSD, and verify secondaries. 
-  - Configure Proxmox ACME DNS validation for host006 first. 
-  - Issue or renew the host006 certificate. 
-  - Verify pveproxy serves the new certificate. 
-  - Test Hacker-ID login against host006 after TLS is fixed. 
-  - Repeat for host007. 
- 
- 
-===== Risks and constraints ===== 
- 
-  * Do not expose Proxmox port 8006 publicly just to make HTTP-01 work. 
-  * Do not put broad hackeriet.no DNS credentials on Proxmox hosts. 
- 
-===== References ===== 
- 
-  * [[infra:operations:proxmox-maintenance|Proxmox maintenance]] 
-  * [[infra:clusters:klynge001|klynge001]] 
-  * [[infra:hosts:blade|blade]] 
-  * [[infra:services:hacker-id|Hacker-ID]] 
- 
/srv/hackeriet-wiki/dokuwiki/data/pages/infra/operations/proxmox-acme-dns.txt · Last modified: by atluxity_idp.hackeriet.no