ARCHIVED: NOW USING TRAEFIK REVERSE PROXY WITH
CLOUDFLARE DNS AND LET’S ENCRYPT FOR SSL CERTIFICATION
On first install Proxmox uses a self-signed certificate for SSL, which is great in that it gives security from the start, but results in “untrusted website” / “connection not private” messages in browsers until overridden. This page permits generation of acceptable SSL certificates using Let’s Encrypt, using this YouTube guide by i12breto, which stops the annoying warnings.
Let’s Encrypt is a free, automated, and open certificate authority (CA), run for the public’s benefit. It is a service provided by the Internet Security Research Group (ISRG).
After setting Proxmox Let’s Encrypt certificates for the first time, renewal happens automatically in the background every few days.
Setup for Let’s Encrypt SSL Certificates
- This process assumes that Port Forwarding has already been setup to the Proxmox host
- Login to Proxmox
- Go to Proxmox node (pve) -> Certificates
- Under the ACME heading
- Click the Add ACME Account button
- Add E-mail address, tick Accept TOS, click Register
- Wait for account to be created then close the window
- Click the Add button
- Leave Challenge Type as HTTP
- Enter Domain: bsquared.webredirect.org
- Click Create
- Select the domain in the list, click Order Certificates Now
- If DNS and port forwarding are setup correctly, ACME will order the new certificates, apply them and restart the pveproxy service
- Click the Add ACME Account button
- Close the Proxmox web UI and relaunch it, the window should open without the certificate validity warning
- Verify the Let’s Encrypt SSL certificates are being used by clicking on the padlock in the URL box and look at the certificate details