Autogenerated SSL certs use the wrong domain

peanut · Sep 8, 2020

tl;dr Proxmox is generating SSL certs for hostname.local rather than hostname.lan. How can I change this?

I'm following the instructions here:
https://pve.proxmox.com/wiki/HTTPS_Certificate_Configuration_(Version_4.x,_5.0_and_5.1)

I'm fine with using self-signed certs generated by Proxmox.

Code:

$ cat /etc/hostname
nuc

$ cat /etc/hosts
127.0.0.1 localhost.localdomain localhost
10.0.0.2 nuc.lan nuc

...

I ran:

Code:

$ rm /etc/pve/pve-root-ca.pem /etc/pve/priv/pve-root-ca.key /etc/pve/nodes/<node>/pve-ssl.pem /etc/pve/nodes/<node>/pve-ssl.key
$ pvecm updatecerts -f
$ systemctl restart pveproxy

I get a cert with the following Subject Alternative Names (SANs):

Code:

127.0.0.1
0000:0000:0000:0000:0000:0000:0000:0001
localhost
10.0.0.2
nuc
nuc.local

Why is this generated with nuc.local and not nuc.lan? How can I add nuc.lan?

Thanks!

fabian · Sep 9, 2020

for the self-signed cert, the search domain from /etc/resolv.conf is added to the hostname.

peanut · Sep 9, 2020

Awesome, that's exactly what I needed to fix the cert. Thank you!

Search

Search

Autogenerated SSL certs use the wrong domain

peanut

New Member

fabian

Proxmox Staff Member

peanut

New Member

We value your privacy