With the router web interface now encrypted with Let's Encrypt, it's time for the next "big thing", the Proxmox based hypervisor.
Most of the steps are very similar to the pfSense machine, since we well be using Cloudflare and an acme client this time again.
I'll only show the steps specific for Proxmox.
Proxmox also greets me with a warning message, so it's about time to fix this.
Open "ACME" in the Datacenter view of the Proxmox web UI, since this part is a cluster option.
Add a new account ("Account Key" menu in pfSense), with your Let's Encrypt email address. Accept the Terms of Service.
For the name, I just chose "default" for any of the names.
Next, add a new Challenge Plugin (Acme Certificate menu in pfSense):
- Plugin ID, I just added "default" as well
- DNS API "Cloudflare Managed DNS"
- Cloudflare API data is the same as the pfSense acme client, except for the token. Generate a new one as described in the pfSense post (under My Profile > API Tokens)
Now switch to the specific Proxmox hosts, and select the Certificates menu.
In the middle of the page the "ACME" offers only one option, "Add". So that's what we're going to do.
ACME asks for the challenge type and a FQDN (hostname + domain name). Since the web interface can't be reached from outside the home network, Challenge Type DNS is necessary.
A new field pops up, where it asks for a plugin. The plugin just got created, and is carries the name "default" in my case.
Add your whole FQDN to domain, lets say hypervisor1.yourdomain.tech, and create the configuration.
Only one more step is necessary: "Order Certificates Now".
Proxmox will automatically apply the new certificate, and restart any services necessary to apply the new SSL certificate.
The Web UI will also reload itself.
A proper SSL certificate!