Google Domains and Lets Encrypt Certificates using DNS validation for local Proxmox servers
-
Open Proxmox gui and click on "Datacenter->ACME" and add new account using Let's Encrypt V2 (if you want test it then I recommend that you choose Let's Encrypt V2 Staging).
-
At same screen click on "Add" button of "Challenge Plugins" and type: Plugin ID: gcloud DNS API: gcloud API Data: HOME=/home/nobody
-
Now edit your plugin and set the validation delay to 120
-
Go to Proxmox shell and install Google Cloud SDK:
-
Add the Cloud SDK distribution URI as a package source
echo "deb [signed-by=/usr/share/keyrings/cloud.google.gpg] http://packages.cloud.google.com/apt cloud-sdk main" | tee -a /etc/apt/sources.list.d/google-cloud-sdk.list
-
Import the Google Cloud Platform public key
curl https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key --keyring /usr/share/keyrings/cloud.google.gpg add -
-
Update the package list and install the Cloud SDK
apt-get update && apt-get install google-cloud-sdk
-
Init Google Cloud (gcloud) access and select project
gcloud init
-
Replicate configuration for nobody user
-
Create /home/nobody directory
mkdir /home/nobody
-
Create /home/.config directory
cd /home/nobody
mkdir .config
-
Copy Google Cloud settings
cd .config
cp -pr /root/.config/gcloud/ .
-
Set nobody user and nogroup group to /home/nobody recursively
chown -R nobody:nogroup /home/nobody
-
now goto the node, system, certificates
- set the
Using Account
to your ACME account - click add, set the Challenge to DNS, set the plugin, set the full domain.
- set the
-
now click the Order certificates now button
Published:
by Matt Horwood