Proxmox SSL Certificates with Let's Encrypt

What is Let's Encrypt?

Let’s Encrypt is a free, automated, and open certificate authority (CA), run for the public’s benefit. It is a service provided by the Internet Security Research Group (ISRG).

We give people the digital certificates they need in order to enable HTTPS (SSL/TLS) for websites, for free, in the most user-friendly way we can. We do this because we want to create a more secure and privacy-respecting Web. -https://letsencrypt.org/about/

Enabling SSL Using Let's Encrypt

NOTE: In order for Let's Encrypt to verify ownership of the DNS name, the host certbot is running from must be accessible via port 80 (http) or port 443 (https). For homelab users, this will normally involve port forwarding from the router to the certbot host, which is beyond the scope of this tutorial. Just note, I have forwarded port 80 on my router to the host running certbot for this handshake to complete successfully.

  1. Log into the Proxmox VE web UI
  2. Expand the Proxmox node > Click Certificates
  3. Under the ACME heading click the Add ACME Account button
  4. Enter an E-mail address and check the Accept TOS box > Click Register
  5. Click the Add button
  6. Enter the Domain to be used for the certificate > Click Create
  7. Click the Domain in the list to select it > Click Order Certificates Now
  8. If DNS and port forwarding are setup correctly, ACME will order the new certificates, apply them and restart the pveproxy service
  9. Close out of the Proxmox web UI and relaunch it
  10. Verify the Let's Encrypt SSL certificates are being used