Skip to main content
Glama

pbs_acme_cert_order

Order a new ACME TLS certificate for a Proxmox Backup Server node. Dry-run by default; use confirm=True to execute the order and overwrite existing files with force.

Instructions

MUTATION: order a NEW ACME TLS certificate for a PBS node. Dry-run by default.

MEDIUM (mirrors pve_acme_cert_order's rating): the cert is CA-validated and installed ONLY on a successful challenge — a failed challenge leaves the existing cert untouched. PBS's schema declares a null return (unlike PVE's task UPID) — this does NOT mean issuance is synchronous; the ACME challenge round-trip with the CA still happens on the PBS side after this call returns, and there is nothing to poll here (no UPID exists to wait on). PBS has NO ACME cert revoke (unlike PVE). force=overwrite existing files. confirm=True executes (POST /nodes/{node}/certificates/acme/certificate) and returns {"status": "ok", "result": None}. Needs PROXIMO_PBS_* config.

Input Schema

TableJSON Schema
NameRequiredDescriptionDefault
nodeNoPBS node name (or 'localhost').localhost
forceNoOverwrite existing certificate files on the node if already present.
confirmNoFalse (default) returns a dry-run PLAN only; True submits the ACME order.
proximo_targetNoWhich configured Proxmox target to run this call against — a target name from your multi-target config (a specific PVE/PBS/PMG/PDM box). Omit to use the single/default target from the environment; the selection applies only to this call.

Output Schema

TableJSON Schema
NameRequiredDescriptionDefault
resultYes
Behavior5/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

With no annotations provided, the description carries full burden and excels. It discloses mutation side effects (dry-run by default, existing cert untouched on failure, async challenge round-trip despite null return, no revoke, effect of force and confirm parameters, exact API endpoint and response format for confirm=True). This level of detail is exemplary for behavioral transparency.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness5/5

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is compact yet comprehensive, front-loaded with the core purpose and action type ('MUTATION'). Every sentence adds necessary information: dry-run, async behavior, comparison to PVE, parameter effects, and configuration requirement. No redundancy or filler.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness4/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Given that an output schema exists (not shown but indicated) and the schema covers all parameters, the description provides sufficient behavioral context. It could elaborate slightly on post-conditions (e.g., where the certificate is stored after successful issuance), but overall it covers mutation, async behavior, prerequisites, and side effects adequately for an agent to use correctly.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters4/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Input schema has 100% coverage with descriptions, so baseline is 3. The description adds value by explaining behavioral semantics of 'force' (overwrite existing files) and 'confirm' (triggers actual execution with exact URL and response), and ties 'confirm=False' to dry-run. This goes beyond the schema descriptions, justifying a higher score.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose5/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states 'order a NEW ACME TLS certificate for a PBS node' with a specific verb and resource. It distinguishes from sibling tools like pbs_acme_cert_renew (renewal) and pve_acme_cert_order (different system), and explicitly notes 'Dry-run by default' which is a critical behavioral differentiator.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines5/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description provides explicit guidance: dry-run vs confirm behavior, async nature (no UPID to poll), no revocation capability compared to PVE, and prerequisite config ('Needs PROXIMO_PBS_* config'). It also contrasts with PVE's cert order to set expectations. This helps the agent decide when to use this tool and when not to.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Other Tools

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/john-broadway/proximo'

If you have feedback or need assistance with the MCP directory API, please join our Discord server