fbda1b4beb
Some checks failed
Deploy to Phoenix / deploy (push) Has been cancelled
- ADD_CHAIN138_TO_LEDGER_LIVE: Ledger form done; public code review repo bis-innovations/LedgerLive; init/push commands - CONTRACT_DEPLOYMENT_RUNBOOK: Chain 138 gas price 1 gwei, 36-addr check, TransactionMirror workaround - CONTRACT_*: AddressMapper, MirrorManager deployed 2026-02-12; 36-address on-chain check - NEXT_STEPS_FOR_YOU: Ledger done; steps completable now (no LAN); run-completable-tasks-from-anywhere - MASTER_INDEX, OPERATOR_OPTIONAL, SMART_CONTRACTS_INVENTORY_SIMPLE: updates - LEDGER_BLOCKCHAIN_INTEGRATION_COMPLETE: bis-innovations/LedgerLive reference Co-authored-by: Cursor <cursoragent@cursor.com>
3.7 KiB
3.7 KiB
Proxmox ACME Certificate Management - Quick Reference
Last Updated: 2026-01-31
Document Version: 1.0
Status: Active Documentation
Date: 2025-01-20
Status: 📋 Quick Reference Guide
Purpose: Quick commands and steps for ACME certificate management
Quick Setup Checklist
- Create Cloudflare API token
- Configure ACME account in Proxmox
- Configure Cloudflare DNS plugin
- Test with staging environment
- Generate production certificates
- Apply certificates to services
- Monitor expiration
Cloudflare API Token Creation
- Go to: https://dash.cloudflare.com/profile/api-tokens
- Click "Create Token"
- Use "Edit zone DNS" template
- Permissions: Zone → DNS → Edit
- Zone Resources: All zones (or specific)
- Copy token
Proxmox Web UI Steps
1. Add ACME Account
Location: Datacenter → ACME → Accounts → Add
Configuration:
- Directory URL:
https://acme-v02.api.letsencrypt.org/directory(Production) - Email: your-email@example.com
- Accept Terms of Service
2. Add DNS Plugin
Location: Datacenter → ACME → DNS Plugins → Add
Configuration:
- Plugin:
cloudflare - API Token: Your Cloudflare API token
3. Generate Certificate
Location: Node → System → Certificates → ACME → Add
Configuration:
- Domain: your-domain.com
- ACME Account: Select your account
- DNS Plugin: Select cloudflare
- Challenge Type: DNS-01
CLI Commands
List ACME Accounts
pvesh get /cluster/acme/accounts
List DNS Plugins
pvesh get /cluster/acme/plugins
List Certificates
pvesh get /cluster/acme/certificates
Add ACME Account (CLI)
pvesh create /cluster/acme/account \
--directory-url https://acme-v02.api.letsencrypt.org/directory \
--contact email@example.com
Register Account
pvesh create /cluster/acme/account/account-name/register
Generate Certificate (CLI)
pvesh create /cluster/acme/certificate \
--account account-name \
--domain example.com \
--dns cloudflare \
--plugin cloudflare
Check Certificate Expiration
openssl x509 -in /etc/pve/nodes/<node>/pve-ssl.pem -noout -dates
Certificate File Locations
Node Certificates
- Certificate:
/etc/pve/nodes/<node>/pve-ssl.pem - Private Key:
/etc/pve/nodes/<node>/pve-ssl.key
ACME Configuration
- Accounts:
/etc/pve/priv/acme/ - Certificates:
/etc/pve/nodes/<node>/
Troubleshooting
Certificate Generation Fails
Check:
- API token permissions
- DNS resolution
- Domain ownership
- Rate limits (Let's Encrypt)
- Logs:
/var/log/pveproxy/access.log
Renewal Fails
Check:
- API token validity
- DNS plugin configuration
- Automatic renewal settings
- Certificate expiration date
Service Not Using Certificate
Check:
- Certificate applied to node
- Service configuration
- Service restarted
- Certificate file permissions
Security Best Practices
✅ Use API Tokens (not Global API Key)
✅ Limit token permissions
✅ Store tokens securely
✅ Test with staging first
✅ Monitor expiration dates
✅ Use strong key sizes
✅ Enable HSTS where applicable
Useful Links
- Full Plan Document
- CONFIGURATION_TEMPLATES.md - Configuration templates
- Proxmox ACME Docs
- Cloudflare API Docs
- Let's Encrypt Docs
Last Updated: 2025-01-20
Status: 📋 Quick Reference