Proxmox Install – Set up ACME

An SSL certificate displays important information for verifying the owner of a website and encrypting web traffic with SSL/TLS, including the public key, the issuer of the certificate, and the associated subdomains. HTTPS relies on certs.

Proxmox Install – Set up ACME
Photo by Asael Peña / Unsplash

Transport Layer Security 

TLS is a cryptographic protocol designed to provide communications security over a computer network. The protocol is widely used in applications such as email, instant messaging, and voice over IP, but its use in securing HTTPS remains the most publicly visible.

How do SSL certificates work?

SSL, more commonly called TLS, certificates include the following information in a single data file:

  • The domain name that the certificate was issued for
  • Which person, organization, or device it was issued to
  • Which certificate authority issued it
  • The certificate authority's digital signature
  • Associated subdomains
  • Issue date of the certificate
  • Expiration date of the certificate
  • The public key (the private key is kept secret)

The public and private keys used for SSL are essentially long strings of characters used for encrypting and signing data. Data encrypted with the public key can only be decrypted with the private key.

The certificate is hosted on a website's origin server, and is sent to any devices that request to load the website. Most browsers enable users to view the SSL certificate: in Chrome, this can be done by clicking on the padlock icon on the left side of the URL bar.

Proxmox – ACME – Set up from the GUI

Currently, renewal will be attempted if the certificate has expired already,
or will expire in the next 30 days.

  • Datacenter → ACME – create the Accounts
    • Staging for testing – ACME Directory: Let's Encrypt V2 Staging
    • After successfully tested with Staging, create a Production Account
      • Production – ACME Directory: Let's Encrypt V2
  • Datacenter → ACME – create a Challenge Plugin
    • Plugin ID Lab
    • DNS API: Cloudflare Managed DNS
      • CF_Account_ID: <Your Account ID>
      • CF_Token: <What you created in your account>
  • Node → System → Certificates → ACME – order the Certificates
    • Hit [Add] to open the window Edit: Domain.
      • Select Challenge Type DNS
      • Plugin: the Plugin ID you created
      • Domain: add the domain pve-47.lab.example.com
    • Using Account: select the Account and hit [✔️ Apply]
      • Fist the Staging one! Hit [Order Certificates Now]
      • Check for success
        • hit [Edit] and change to Production and hit [✔️ Apply]
        • hit [Order Certificates Now]
  • Test with Staging, if you receive a certificate, and it's Verified by: (STAGING) Let's Encrypt, and all tests are successful use Production
  • Add other node names (For a PVE/PBS Hybrid, add pbs-43.lab.example.com)

References

Internet protocol suite [1] TLS/SSL [2] [3]


  1. Internet protocol suite Wikipedia ↩︎

  2. TLS Wikipedia ↩︎

  3. SSL Cloudflare ↩︎