d-bis/proxmox
4
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
cb47cce074da46f3ce5910b752d435c4a3ee87d0
proxmox/docs/04-configuration/PROXMOX_ACME_QUICK_REFERENCE.md
defiQUG cb47cce074 Complete markdown files cleanup and organization 
- Organized 252 files across project
- Root directory: 187 → 2 files (98.9% reduction)
- Moved configuration guides to docs/04-configuration/
- Moved troubleshooting guides to docs/09-troubleshooting/
- Moved quick start guides to docs/01-getting-started/
- Moved reports to reports/ directory
- Archived temporary files
- Generated comprehensive reports and documentation
- Created maintenance scripts and guides

All files organized according to established standards.
2026-01-06 01:46:25 -08:00

3.5 KiB
Raw Blame History

Proxmox ACME Certificate Management - Quick Reference

Date: 2025-01-20
Status: 📋 Quick Reference Guide
Purpose: Quick commands and steps for ACME certificate management

Quick Setup Checklist

  • Create Cloudflare API token
  • Configure ACME account in Proxmox
  • Configure Cloudflare DNS plugin
  • Test with staging environment
  • Generate production certificates
  • Apply certificates to services
  • Monitor expiration

Cloudflare API Token Creation

  1. Go to: https://dash.cloudflare.com/profile/api-tokens
  2. Click "Create Token"
  3. Use "Edit zone DNS" template
  4. Permissions: Zone → DNS → Edit
  5. Zone Resources: All zones (or specific)
  6. Copy token

Proxmox Web UI Steps

1. Add ACME Account

Location: Datacenter → ACME → Accounts → Add

Configuration:

  • Directory URL: https://acme-v02.api.letsencrypt.org/directory (Production)
  • Email: your-email@example.com
  • Accept Terms of Service

2. Add DNS Plugin

Location: Datacenter → ACME → DNS Plugins → Add

Configuration:

  • Plugin: cloudflare
  • API Token: Your Cloudflare API token

3. Generate Certificate

Location: Node → System → Certificates → ACME → Add

Configuration:

  • Domain: your-domain.com
  • ACME Account: Select your account
  • DNS Plugin: Select cloudflare
  • Challenge Type: DNS-01

CLI Commands

List ACME Accounts

pvesh get /cluster/acme/accounts

List DNS Plugins

pvesh get /cluster/acme/plugins

List Certificates

pvesh get /cluster/acme/certificates

Add ACME Account (CLI)

pvesh create /cluster/acme/account \
  --directory-url https://acme-v02.api.letsencrypt.org/directory \
  --contact email@example.com

Register Account

pvesh create /cluster/acme/account/account-name/register

Generate Certificate (CLI)

pvesh create /cluster/acme/certificate \
  --account account-name \
  --domain example.com \
  --dns cloudflare \
  --plugin cloudflare

Check Certificate Expiration

openssl x509 -in /etc/pve/nodes/<node>/pve-ssl.pem -noout -dates

Certificate File Locations

Node Certificates

  • Certificate: /etc/pve/nodes/<node>/pve-ssl.pem
  • Private Key: /etc/pve/nodes/<node>/pve-ssl.key

ACME Configuration

  • Accounts: /etc/pve/priv/acme/
  • Certificates: /etc/pve/nodes/<node>/

Troubleshooting

Certificate Generation Fails

Check:

  1. API token permissions
  2. DNS resolution
  3. Domain ownership
  4. Rate limits (Let's Encrypt)
  5. Logs: /var/log/pveproxy/access.log

Renewal Fails

Check:

  1. API token validity
  2. DNS plugin configuration
  3. Automatic renewal settings
  4. Certificate expiration date

Service Not Using Certificate

Check:

  1. Certificate applied to node
  2. Service configuration
  3. Service restarted
  4. Certificate file permissions

Security Best Practices

Use API Tokens (not Global API Key)
Limit token permissions
Store tokens securely
Test with staging first
Monitor expiration dates
Use strong key sizes
Enable HSTS where applicable

Useful Links

Last Updated: 2025-01-20
Status: 📋 Quick Reference

Reference in New Issue View Git Blame Copy Permalink