Let's Encrypt the hypervisor!

IT stuff Sep 5, 2020

With the router web interface now encrypted with Let's Encrypt, it's time for the next "big thing", the Proxmox based hypervisor.  
Most of the steps are very similar to the pfSense machine, since we well be using Cloudflare and an acme client this time again.
I'll only show the steps specific for Proxmox.  

Proxmox also greets me with a warning message, so it's about time to fix this.

Firefox warning for a invaldig SSL certificate
Firefox warning for a invaldig SSL certificate

Open "ACME" in the Datacenter view of the Proxmox web UI, since this part is a cluster option.

ACME menu location
ACME menu location

Add a new account ("Account Key" menu in pfSense), with your Let's Encrypt email address. Accept the Terms of Service.
For the name, I just chose "default" for any of the names.

Let's Encrypt account registration
Let's Encrypt account registration

Next, add a new Challenge Plugin (Acme Certificate menu in pfSense):

  • Plugin ID, I just added "default" as well
  • DNS API "Cloudflare Managed DNS"
  • Cloudflare API data is the same as the pfSense acme client, except for the token. Generate a new one as described in the pfSense post (under My Profile > API Tokens)
Cloudflare Challenge plugin configuration
Cloudflare Challenge plugin configuration

Now switch to the specific Proxmox hosts, and select the Certificates menu.

In the middle of the page the "ACME" offers only one option, "Add". So that's what we're going to do.  
ACME asks for the challenge type and a FQDN (hostname + domain name). Since the web interface can't be reached from outside the home network, Challenge Type DNS is necessary.
A new field pops up, where it asks for a plugin. The plugin just got created, and is carries the name "default" in my case.
Add your whole FQDN to domain, lets say hypervisor1.yourdomain.tech, and create the configuration.  

ACME domain configuration
ACME domain configuration

Only one more step is necessary: "Order Certificates Now".

Proxmox ACME SSL certificate issueing process
Proxmox ACME SSL certificate issueing process

Proxmox will automatically apply the new certificate, and restart any services necessary to apply the new SSL certificate.
The Web UI will also reload itself.

Let's Encrypt SSL certificate got applied and works with Proxmox
Let's Encrypt SSL certificate got applied and works with Proxmox

A proper SSL certificate!

Tags

Great! You've successfully subscribed.
Great! Next, complete checkout for full access.
Welcome back! You've successfully signed in.
Success! Your account is fully activated, you now have access to all content.