As announced in the title, I am trying for the first time to deploy a SSL certificate. I have a home machine with Proxmox installed and would like simply want to access it through a public domain.
I understood that this is nothing extraordinary to do... but that is just about the only thing I have understood and I apologize in advance if none of this makes sense.
My domain was purchased through GoDaddy. There is no website hosted by GoDaddy.
I have understood that GoDaddy was not working with the ACME protocol and thus automated renewal can't be done through them (?).
I gathered that some manage to use SSL certificates purchased elsewhere through cPanel which is the admin interface for their hosted website (?). Does this mean that the certificate must be located on the hosted website/webserver?
If yes, isn't my Proxmox box to be considered as the website/webserver then? Does it mean I could put my private IP on GoDaddy's DNS and deal with the Let's Encrypt certificate on my Proxmox box?
Or is there something that must be done with the DNS to validate the certificate even though GoDaddy doesn't provide ACME?
Could I subscribe to a different DNS service while the domain would still be registered with GoDaddy?
Could I deploy a local DNS (unbound?) on my Proxmox box and configure it some how?
As you can see, I am quite lost and not sure where to start because I don't really understand how the pieces interact.
Unless your proxmox UI is exposed to the internet (which you shouldn't do, likely), you will need to use DNS to authenticate control of your domain. Just having a DNS server on your proxmox host won't really help - you need authoritative DNS that can be updated by Proxmox, which is usually run by a provider of some sort.
Proxmox and acme.sh will automatically upload a TXT record to your DNS each renewal to prove control.
Where your DNS is hosted can be different from where you bought your domain from. Godaddy only lets you use their API if you have 10 or more certs, according to the above acme.sh docs.
I think Cloudflare's free tier DNS hosting is enough, for example. You would update your nameservers in Godaddy's domain registrar view to use Cloudflare, and you'd have to set up all your DNS records in Cloudflare. Then give Proxmox a cloudflare API token so it can request certs.
Thanks a lot for all this.
I signed up for CloudFlare and their service seems quite straight forward. They instruct to add their name servers to the registrar and remove any others. Adding is easy but it seems that GoDaddy doesn't allow to remove their name servers from the records of the domain.
Can it still work with two sets of name servers? Does the order in which they appear in the record matter?
It does seem like Godaddy is "playing on hard mode" here. There may be options to make it work, but one of the easiest options may be to just transfer your domain name to a registrar with less restrictions.
Hi, thanks for your help.
That's totally my bad, I didn't know this entry existed. I only saw the list of records with the NS grayed out with an indication that they couldn't be changed or removed.
But now I have followed the menu you showed and I am waiting to see if the update works as it is now "processing".
Thank you all for your support. As far as I can tell. The setup is now working as expected.
It was crucial to know that registrar and DNS provider could be different and how to execute the separation.
Thanks to you, I can keep learning a little more on this topic.