From 19b04e775fea4645a075fc4263272c3614795eda Mon Sep 17 00:00:00 2001 From: Stoiko Ivanov Date: Tue, 31 Jul 2018 10:45:02 +0200 Subject: [PATCH] certificate-managment.adoc: describe dir change Adds a section with example of how to change the default ACME account from the LE staging to production directory. Signed-off-by: Stoiko Ivanov --- certificate-managment.adoc | 51 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 51 insertions(+) diff --git a/certificate-managment.adoc b/certificate-managment.adoc index 95c84b2..1eb2716 100644 --- a/certificate-managment.adoc +++ b/certificate-managment.adoc @@ -114,6 +114,57 @@ Restarting pveproxy Task OK ----------------- +Switching from the `staging` to the regular ACME directory +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +Changing the ACME directory for an account is unsupported. If you want to switch +an account from the `staging` ACME directory to the regular, trusted, one you +need to deactivate it and recreate it. + +This procedure is also needed to change the default ACME account used in the GUI. + +.Example: Changing the `default` ACME account from the `staging` to the regular directory + +----------------- + +root@proxmox:~# pvenode acme account info default +Directory URL: https://acme-staging-v02.api.letsencrypt.org/directory +Account URL: https://acme-staging-v02.api.letsencrypt.org/acme/acct/6332194 +Terms Of Service: https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf + +Account information: +ID: xxxxxxx +Contact: + - mailto:example@proxmox.com +Creation date: 2018-07-31T08:41:44.54196435Z +Initial IP: 192.0.2.1 +Status: valid + +root@proxmox:~# pvenode acme account deactivate default +Renaming account file from '/etc/pve/priv/acme/default' to '/etc/pve/priv/acme/_deactivated_default_4' +Task OK +root@proxmox:~# +root@proxmox:~# pvenode acme account register default example@proxmox.com +Directory endpoints: +0) Let's Encrypt V2 (https://acme-v02.api.letsencrypt.org/directory) +1) Let's Encrypt V2 Staging (https://acme-staging-v02.api.letsencrypt.org/directory) +2) Custom +Enter selection: +0 + +Attempting to fetch Terms of Service from 'https://acme-v02.api.letsencrypt.org/directory'.. +Terms of Service: https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf +Do you agree to the above terms? [y|N]y + +Attempting to register account with 'https://acme-v02.api.letsencrypt.org/directory'.. +Generating ACME account key.. +Registering ACME account.. +Registration successful, account URL: 'https://acme-v02.api.letsencrypt.org/acme/acct/39335247' +Task OK +root@proxmox:~# + +----------------- + Automatic renewal of ACME certificates ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -- 2.39.2