Solved. Install SSL for Proxmox VE 6.3 using Certbot by Let's Encrypt (LE)

-

 Install certbot with apt:

#apt install certbot
Rub the following command and follow the instructions on the  screen to obtain the certificate.

#certbot certonly

Copy the certificate from the Let's Encrypt  directory to the PVE directory

#cp /etc/letsencrypt/live/proxmox.jnec.edu.bt/fullchain.pem /etc/pve/local/pve-ssl.pem

#cp /etc/letsencrypt/live/proxmox.jnec.edu.bt/privkey.pem /etc/pve/local/pve-ssl.key

#systemctl restart pveproxy

Cronjob to renew the certificate:

Lets Encrypt SSL expire every 90 days, so we will renew it every month with a cronjob. For this, create a file

vim /usr/local/bin/renew-pve-certs.sh with the following code :

cp /etc/letsencrypt/live/proxmox.jnec.edu.bt/fullchain.pem /etc/pve/local/pve-ssl.pem cp /etc/letsencrypt/live/proxmox.jnec.edu.bt/privkey.pem /etc/pve/local/pve-ssl.key service pveproxy restart

Make it executable :

#chmod 755 /usr/local/bin/renew-pve-certs.sh

Run this command every 30 days, add the following in the cronjob :

#vim /etc/crontab

30 6 1,15 * * root /usr/bin/certbot renew --quiet --post-hook /usr/local/bin/renew-pve-certs.sh



Comments

  1. 99percentApril 2, 2021 at 5:20 AM

    Good to do this outside of proxmox tools.

    But be aware of some typos here.

    In my case the ssl renew command is:

    /usr/local/bin/certbot renew >> /var/log/le-renew.log

    ReplyDelete

Post a Comment