Let's Encrypt TLS/SSL for Proxmox VE

This is more of a personal note rather than a blog post for public consumption.
In any case, it might be useful for other people too. It's a simple, straightforward way to get TLS/SSL going for a Proxmox VE node[1].

For starters:

./root/certbot/certbot-auto certonly -d node.domain.tld

Good. Now we have the TLS/SSL certificate for our Proxmox VE node.

This is the contents of le-copy.sh:

rm -rf /etc/pve/local/pve-ssl.pem  
rm -rf /etc/pve/local/pve-ssl.key  
rm -rf /etc/pve/pve-root-ca.pem  
cp /etc/letsencrypt/live/node.domain.tld/fullchain.pem /etc/pve/local/pve-ssl.pem  
cp /etc/letsencrypt/live/node.domain.tld/privkey.pem /etc/pve/local/pve-ssl.key  
cp /etc/letsencrypt/live/node.domain.tld/chain.pem /etc/pve/pve-root-ca.pem  
service pveproxy restart  
service pvedaemon restart  

Yes, incredibly foul, but that's all! You only need to create a cron job now.

Invoke crontab -e and insert the following:

@daily /root/certbot/certbot-auto renew --quiet --no-self-upgrade
@daily /root/le-copy.sh

Wham, bam, thank you, ma'm! 😁


Notes

[1] This method is not the officially recommended method and is mostly suited for only one host node and not a cluster.
You may want to consult the Proxmox VE Wiki for the officially recommended installation of Let's Encrypt TLS/SSL certificates.

Comment: