How do I install a certificate on proxmox

how do I install a certificate on proxmox in the internal network so that instead of http://192.168.0.107:8006 I have https://192.168.0.107:8006?

I looked for information on the Internet, but did not find a simple instruction. I have basic administration skills, so I need help.

no public CA will issue a certificate for private IP, it's forbidden by CA/B baseline requirement
a domain name pointed to private ip is different story though

4 Likes

Agree with orangepizza. Also,

Could you create a self-signed cert and follow proxmox "Upload Custom Cert" docs?

4 Likes

You have a hole in your life that can only be filled by DNS. You will need to access your server using https://proxmox.example.net:8006 if you want to use a publicly trusted Let's Encrypt certificate. You will also need to use a DNS-01 challenge and possibly split-horizon DNS. Explain how to do ost of that is beyond the scope of the Let's Encrypt Community.

5 Likes

Note that there are free domains available out there, e.g. freenom.

3 Likes

I wouldn't wish a freenom domain on an enemy. There are simply too many drawbacks associated with that outfit. Any inexpensive domain from a reputable registrar is preferable and likely will make up the fee by being less encumbered.

4 Likes

I know. But I'd like to give people options :slight_smile: For some people even a few dollars a month can be a deal-breaker.

3 Likes

Such as being on the edge of a cliff and asking "wouldn't it be nice to jump?" :laughing:

2 Likes

Something like that. Maybe more like:

"You can pay a few dollars to take the bus down, but you could also jump over the edge and tumble down into the ravine and maybe or maybe not break some bones."

4 Likes

But you should be able to help mend those broken bones. :slightly_smiling_face:

1 Like

Sorry, not my specialty :wink: But we're getting off topic :slight_smile:

OP needs a domain before getting a cert from Let's Encrypt and Freenom offers free domain names for a number of TLDs, but seems to be non-functional for me at the moment, so there's that.

5 Likes

yes, I installed the domain, everything is clear. I installed nginx and certbot, generated certificates, but I can't configure nginx for proxmox

Have you tried asking at either of these locations?

4 Likes

Why on earth would you do that? Proxmox is perfectly capable of creating its own certs. You've looked at its docs, right?
https://pve.proxmox.com/wiki/Certificate_Management

4 Likes

that's right, I read it. however, I have a different situation. my white ip belongs to the router, my proxmox has the address 192.168.0.107, and I use port forwarding for access from the outside. and so I can't setup a secure connection with standard proxmox means so I want to use nginx and certbot

I have no idea what a "white ip" is, nor why you think any of the rest of this affects the ability to get the cert using Proxmox itself. If you're just forwarding ports to the PVE installation, forward port 80 as well and use the standalone authenticator--no need for nginx or certbot at all.

But if you've decided you want to use nginx for some reason, I'm sure the nginx docs explain how to configure it to use the cert you say you've already obtained.

4 Likes

Autocorrupt probably had its way with "WAN IP".

4 Likes

You use "Autocorrupt"?
I use "SpellWrecker", it's much faster!

5 Likes

my server has a local ip address of 192.168...
the white ip is a global ip address from the provider, which I can use from the outside. in order to contact my server from the outside, I use port forwarding, because the white ip address belongs to the router

It seems Google has some hits when searching for "white ip address", but I don't think it's that common of a term.

Usually one simply uses the term "external IP address" or "public IP address" as opposed to the "internal IP address" or "private IP address".

3 Likes