Solved. Install SSL for Proxmox VE 6.3 using Certbot by Let's Encrypt (LE)

 Install certbot with apt:

#apt install certbot
Rub the following command and follow the instructions on the  screen to obtain the certificate.

#certbot certonly

Copy the certificate from the Let's Encrypt  directory to the PVE directory

#cp /etc/letsencrypt/live/proxmox.jnec.edu.bt/fullchain.pem /etc/pve/local/pve-ssl.pem

#cp /etc/letsencrypt/live/proxmox.jnec.edu.bt/privkey.pem /etc/pve/local/pve-ssl.key

#systemctl restart pveproxy

Cronjob to renew the certificate:

Lets Encrypt SSL expire every 90 days, so we will renew it every month with a cronjob. For this, create a file

vim /usr/local/bin/renew-pve-certs.sh with the following code :

cp /etc/letsencrypt/live/proxmox.jnec.edu.bt/fullchain.pem /etc/pve/local/pve-ssl.pem cp /etc/letsencrypt/live/proxmox.jnec.edu.bt/privkey.pem /etc/pve/local/pve-ssl.key service pveproxy restart

Make it executable :

#chmod 755 /usr/local/bin/renew-pve-certs.sh

Run this command every 30 days, add the following in the cronjob :

#vim /etc/crontab

30 6 1,15 * * root /usr/bin/certbot renew --quiet --post-hook /usr/local/bin/renew-pve-certs.sh



Comments

  1. Good to do this outside of proxmox tools.

    But be aware of some typos here.

    In my case the ssl renew command is:

    /usr/local/bin/certbot renew >> /var/log/le-renew.log

    ReplyDelete

Post a Comment

Popular posts from this blog

ACTION_FAILED:OU_INVALID: Solution for GoogleApps bulk user upload issue, username@domainname.com:ACTION_FAILED:OU_INVALID. This error is because you have not specified the Org Unit Path properly.

Email Notification in Koha! How to configure Email Notification in Koha 20.11 with postfix?

Solution to Moodle Error: Coding error detected, it must be fixed by a programmer: Failed to unserialise data from file. Either failed to read, or failed to write.