So Proxmox is awsome! I have been using it for about 3 years now. I have to say it has been wonderful as it runs on almost anything. Also, it supports clusting and ceph. Heck, I may even start selling some VPS(Virtual Private Servers)'s on a separate fiber connection at my home utilizing Proxmox as the hypervisor. Anyway, that would really test it for me, but I have no time for that at this point.

Major Flaw Is Certs

Now, for 90 percent of use cases the default Proxmox will work. The difficulty is in DNS mode with Alias's.

That is, where a DNS server has a CNAME that is setup to redirect to a sub domain. See this post for more on this process. So, for now I am going to show a workaround that I am using. Suposidly, there is a fix for this on Proxmox. See this article for info on that workaround. At of now, I have not got this to work. So, enough, let get certs loaded that work for me.

Get the Certs Using SCP

Push or Pull, two ways to do this option. Any way that works in your position.

Push Example

pfSense Settings Example

Turn on "Write Certificates" in pfSense Acme Settings

Write Certificates in pfSense Acme Plugin

ssh into Proxmox server

ssh root@pve5.ad.alshowto.com
cp /etc/pve/nodes/pve5/pve-ssl.pem /etc/pve/nodes/pve5/pve-ssl.pem.bck
cp /etc/pve/nodes/pve5/pve-ssl.key /etc/pve/nodes/pve5/pve-ssl.key.bck

SSH into pfSense

change to /conf/acme directory

cd to /conf/acme

Example of /conf/acme Directory

Since I am working in ad.alshowto.com; then, I need the key and fullchain from this dir.

scp real-ad.alshowto.com.fullchain root@pve5.ad.alshowto.com:/etc/pve/nodes/pve5/pve-ssl.pem
scp real-ad.alshowto.com.key root@pve5.ad.alshowto.com:/etc/pve/nodes/pve5/pve-ssl.key

Leave a Reply

Your email address will not be published. Required fields are marked *