Programster's Blog

Tutorials focusing on Linux, programming, and open-source

Proxmox - Update SSL/TLS Certificates

This tutorial will show you how to manually update your Proxmox server's TLS certificates manually, rather than using the built-in Let's Encrypt plugins. This is because this will work no matter what setup you have, and I also want to have a central automated service (Ansible) manage and update all my Let's Encrypt TLS certificates. This way I have one place that has API access to whichever DNS provider I am using, and can have any number of scrict security checks in place.

Steps

Acquire your TLS certificates in whichever manner is appropriate to you. For this you just want the "combined" or "fullchain" certificate (site certificate and certificate-authority certificate one file), and the private key.

SSH into your proxmox server and replace the contents of these files:

  • /etc/pve/nodes/{NODE NAME}/pve-ssl.pem - your combined certificate file.
  • /etc/pve/nodes/{NODE NAME}/pve-ssl.key - your private key.

After having done that, you need to restart the proxy service for the certificates to be put into use. You can do this by running:

sudo pveproxy restart

That's it! Your new certificates should now be in place and being used.

Last updated: 26th March 2024
First published: 26th March 2024