Solved. Install SSL for Proxmox VE 6.3 using Certbot by Let's Encrypt (LE)

 Install certbot with apt:

#apt install certbot
Rub the following command and follow the instructions on the  screen to obtain the certificate.

#certbot certonly

Copy the certificate from the Let's Encrypt  directory to the PVE directory

#cp /etc/letsencrypt/live/proxmox.jnec.edu.bt/fullchain.pem /etc/pve/local/pve-ssl.pem

#cp /etc/letsencrypt/live/proxmox.jnec.edu.bt/privkey.pem /etc/pve/local/pve-ssl.key

#systemctl restart pveproxy

Cronjob to renew the certificate:

Lets Encrypt SSL expire every 90 days, so we will renew it every month with a cronjob. For this, create a file

vim /usr/local/bin/renew-pve-certs.sh with the following code :

cp /etc/letsencrypt/live/proxmox.jnec.edu.bt/fullchain.pem /etc/pve/local/pve-ssl.pem cp /etc/letsencrypt/live/proxmox.jnec.edu.bt/privkey.pem /etc/pve/local/pve-ssl.key service pveproxy restart

Make it executable :

#chmod 755 /usr/local/bin/renew-pve-certs.sh

Run this command every 30 days, add the following in the cronjob :

#vim /etc/crontab

30 6 1,15 * * root /usr/bin/certbot renew --quiet --post-hook /usr/local/bin/renew-pve-certs.sh



Comments

  1. Good to do this outside of proxmox tools.

    But be aware of some typos here.

    In my case the ssl renew command is:

    /usr/local/bin/certbot renew >> /var/log/le-renew.log

    ReplyDelete

Post a Comment

Popular posts from this blog

Solution to Moodle Error: Coding error detected, it must be fixed by a programmer: Failed to unserialise data from file. Either failed to read, or failed to write.

ACTION_FAILED:OU_INVALID: Solution for GoogleApps bulk user upload issue, username@domainname.com:ACTION_FAILED:OU_INVALID. This error is because you have not specified the Org Unit Path properly.

(Solved) (Fixed )MariaDB Unmet Dependencies on Ubuntu 20.04.