Proxmox VE is a solution fit for adoption in an enterprise virtualization environment. It has a tight integration with KVM hypervisor and containers (LXC), software-defined storage and networking functionality all bundled in a single platform. The central user interface shipped in Proxmox VE has self-signed certificate, but with it you can run Virtual Machines, Containers, manage Networking and software-defined storage resources without touching command-line interface.
In this article we shall discuss the process of securing your Proxmox server web console with Let’s Encrypt free SSL Certificate. For this guide, Proxmox VE should be on a public network with a valid DNS A record pointing to it. For the purpose of this guide, let’s consider DNS record pve.example.com, with an A record of 88.20.40.50.
Login to your Proxmox web dashboard.
Add ACME Account on Proxmox VE
Click on your Datacenter > ACME > Add to add a new account.
The ACME Issuer requires an account registered with the Automated Certificate Management Environment (ACME) Certificate Authority server. Click on Add to proceed.
Input name for the account, valid email address and accept terms of service.
Account registration process output:
Confirm the account is now available for use after being added successfully.
Adding ACME account using command line:
pvenode acme account register <account-name> <email-address>Request Let’s Encrypt SSL Certificate for Proxmox VE
Click on Proxmox hypervisor node, then navigate to the Certificates section.
Select account you added earlier
Click “Add” to add Proxmox VE domain name as configured in your DNS server.
This can also be performed from CLI:
pvenode config set --acme domains=<proxmox-domain>Settings with the domain added and ACME account selected. Proceed to request for Let’s Encrypt SSL certificate using “Order Certificates Now” button.
If everything is in order the process should be successful as seen in screenshot below.
Confirm your new certificate under “Certificates” section.
If you want to order for SSL certificate from command line instead, then run:
pvenode acme cert orderReload Proxmox VE Web Console
Reload your web browser for the new certificate to be loaded. If you expand HTTPS, you should get more details about the certificate in use.
This validates our setup to be successful. We now have our Proxmox server using Let’s Encrypt SSL. If you encounter any challenges let us know through the comments section.
Other guides available on Proxmox VE management:
