Skip to content

markkuleinio/pve-acme-he-ddns

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
LICENSE
LICENSE
 
 
README.md
README.md
 
 
install.sh
install.sh
 
 

Repository files navigation

Proxmox VE Acme.sh DNS API script for Hurricane Electric Dynamic DNS records

Important

Update 2025-04-25: acme.sh version 3.1.1 now includes DNS API script for HE DDNS. Currently proxmox-acme is still waiting for upgrading the plugins. This repository is not needed anymore.

Proxmox Virtual Edition (PVE) uses acme.sh DNS API scripts to interface with various DNS providers in order to automate the use of Let's Encrypt certificates. Currently there is no built-in support for the per-record Dynamic DNS API of Hurricane Electric (HE) DNS service in acme.sh.

This repository provides install script to add the support for he_ddns provider in PVE.

Instructions

  1. Download and copy the install.sh script to the PVE host, for example in /tmp
  2. Inspect the contents of the install script (this is important!)
  3. If you think the script is safe to run, run it as root user, like bash /tmp/install.sh
  4. In the HE DNS portal (assuming you already have an A/AAAA record of pvehostname.example.com for your PVE node):
    1. Add TXT record for _acme-challenge.pvehostname.example.com in your DNS zone, selecting "Enable entry for dynamic dns" option (this record will be dynamically updated by the acme.sh script whenever renewing the certificate)
    2. Click the "Generate a DDNS key" button in the DDNS column, click the "Generate a key" button in the form, copy the key and Submit the form
  5. In PVE, in the Datacenter-level ACME configuration, add new Challenge Plugin:
    • Plugin ID: he-ddns
    • DNS API: select HE DDNS (this was added by the install script)
    • HE_DDNS_KEY: paste the key you generated for the TXT record above
  6. Add an ACME Account in PVE
  7. In the PVE node, in System - Certificates, add ACME domain:
    • Challenge Type: DNS
    • Plugin: he-ddns (the one you created at the Datacenter level above)
    • Domain: pvehostname.example.com
  8. Above the ACME Domain list, select the ACME account to use
  9. Click Order Certificates Now

Notes

Tested with Proxmox VE version 8.2.4 only.

The _acme-challenge TXT record is not deleted automatically by the script as the script is only able to update the record contents, not create or delete the record. If you need the _acme-challenge TXT record to be deleted after renewing the certificate, use some other acme.sh DNS API script.

This work is licensed under the GNU General Public License v3.0, you know, there is no warranty, etc.

About

No description, website, or topics provided.

Resources

Readme

License

GPL-3.0 license
Activity

Stars

2 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages