Best practices for Digital Certificate Management in VMs and LXC

ihr

Member
Dec 25, 2022
32
2
8
Hello,

I already have a cluster set-up and running with 7 nodes and about 200 virtual computers (some VMs and some LXC) they are all part of our company development platform. it is a good environment for testing things…

The problem we have is that we install services on each one of the virtual computer and they require TLS certificates. Most of the time, the certificates are the same for a group of servers because they fall down into a wildcard certificate for a domain.

The problem comes when we need to renew the certificate. We have to go one by one to all the computers and update two files (certificate and privaste key) and we are looking for best practices in reducing the burden of doing that manual tasks.

One of them would be to have an NFS share where we put the two files and configure access so all computers mount that share but I don’t know if that will work at all

Are there any other options?

Thanks in advance
Ignacio
 
Last edited:
i'd take a look at ansible, puppet, chef etc...
we are using ansible for all deployments.


as you are speaking of a development environment, maybe there are other deployment mechanisms (github actions and such things) to distribute your certs too.

if you use letsencrypt you can automate the process too (acme server, dns)
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!