Secure Proxmox With A Proxmox SSL Certificate
When installing Proxmox you must make sure your hostname resolves to your server before the installation. As your networking should already be configured on your Dedicated Server it’s easy to configure and set up a Proxmox SSL Certificate. We’re going to use Certbot to download and install an SSL certificate then set up automatic renewals. To start, login as root to your Proxmox server.
Install Certbot
Install Certbot using apt, issue the following command;
apt install certbot -yIf your server can’t see the certbot packages, then you need to set the backports. Add the below lines to your /etc/apt/sources.list file. Then, run apt update.
nano /etc/apt/sources.list
#Proxmox VE6
deb http://ftp.debian.org/debian stretch-backports main
#Proxmox VE7
deb http://ftp.debian.org/debian bullseye-backports mainNow that Certbot is installed, it’s time to request an SSL certificate. We use the certbot certonly command so, issue the command in your console.
certbot certonlyIn the console, you will now be asked a number of questions. The first option is how you want to validate your domain name. To do this your hostname should be resolving to your Proxmox servers IPv4. Use option 1 to spin up a webserver. Next, enter a valid email address and accept the terms. Decide if you want to share your email address.
Request Proxmox SSL Certificate
So now we need to request the certificate and the next option in the console should be asking for your domain name. This will be the configured hostname on your server. Enter the domain name or hostname and press enter. So now in the console, you should see that a certificate has been requested and downloaded to your server.
Install Proxmox Certificate
Now you have your certificate, let’s configure Proxmox to use it. Copy the certificate to your Proxmox install. The path to your certificate is displayed in the console. You must copy both the fullchain.pem and the privkey.pem files. Restart the pveproxy service once you have copied the certificates files.
cp /etc/letsencrypt/live/sat-uk-f2h-x81.first2host.co.uk/fullchain.pem /etc/pve/local/pveproxy-ssl.pem
cp /etc/letsencrypt/live/sat-uk-f2h-x81.first2host.co.uk/privkey.pem /etc/pve/local/pveproxy-ssl.key
systemctl restart pveproxyYou should now have a working certificate on your Proxmox server. Open a browser tab to double-check.
Configure Automatic SSL Renewals
To automate renewals we can use a cronjob to call the renewal script then run a post-hook to a custom ssh file that copies renewed certificates to Proxmox. First, create a directory to store your renewal script;
# Make a directory
mkdir /F2H
# Create a bash script
nano /F2H/ssl-renewal.shNow just copy the commands you used to copy the certificates files to Proxmox and the restart command. Our file looks like this;
Save and close the file then chmod it to 755.
chmod 755 /F2H/ssl-renewal.shFinally, set up a cron job to run the renewal script.
# Edit crontab
nano /etc/crontab
# Setup Cron
30 6 1,15 * * root /usr/bin/certbot renew --quiet --post-hook /F2H/ssl-renewal.shThe cron job will look something like this
That’s the process completed. You now have a working SSL certificate configured on your Proxmox server and renewals are taken care of every 30 days.
How was this article?
You might also like
More from Proxmox
How to create a ZFS Swap Partition
Swap on Linux will assist if your environment is running short on memory. Usually, during setup, most distributions configure a …
How To Fix Proxmox Detected Hardware Unit Hang On Intel NICs
Proxmox Detected Hardware Unit Hang On Intel NICsIn some cases, Intel NICs can cause a servers network card to freeze. …
How To Configure Bridged Proxmox Networking
How To Configure Bridged Proxmox NetworkingIn a Routed Proxmox setup, you add your IP addresses to your interface then forward …
