So Proxmox is awsome! I have been using it for about 3 years now. I have to say it has been wonderful as it runs on almost anything. Also, it supports clusting and ceph. Heck, I may even start selling some VPS(Virtual Private Servers)'s on a separate fiber connection at my home utilizing Proxmox as the hypervisor. Anyway, that would really test it for me, but I have no time for that at this point.
Major Flaw Is Certs
Now, for 90 percent of use cases the default Proxmox will work. The difficulty is in DNS mode with Alias's.
That is, where a DNS server has a CNAME that is setup to redirect to a sub domain. See this post for more on this process. So, for now I am going to show a workaround that I am using. Suposidly, there is a fix for this on Proxmox. See this article for info on that workaround. At of now, I have not got this to work. So, enough, let get certs loaded that work for me.
Get the Certs Using SCP
Push or Pull, two ways to do this option. Any way that works in your position.
pfSense Settings Example
Turn on "Write Certificates" in pfSense Acme Settings
ssh into Proxmox server
cp /etc/pve/nodes/pve5/pve-ssl.pem /etc/pve/nodes/pve5/pve-ssl.pem.bck
cp /etc/pve/nodes/pve5/pve-ssl.key /etc/pve/nodes/pve5/pve-ssl.key.bck
SSH into pfSense
change to /conf/acme directory
cd to /conf/acme
Since I am working in ad.alshowto.com; then, I need the key and fullchain from this dir.
scp real-ad.alshowto.com.fullchain firstname.lastname@example.org:/etc/pve/nodes/pve5/pve-ssl.pem
scp real-ad.alshowto.com.key email@example.com:/etc/pve/nodes/pve5/pve-ssl.key