bind self-signed certificate to a specific NIC

[prxtester]

My nodes use the backup server with an internal IP. This IP (on a 2nd NIC) uses the same certificate as the 1st (external) IP:
This works well until every 3 months the LE certificate is renewed. Then I have to copy over the new fingerprint.
So one solution would be to automatically copy the new fingerprint via a small script.
However a more robust solution would be to create a long living self-signed certificate and use that one but just on the internal IP.
The external IP should keep the regular LE certificate.
Befor I start to hack around via CLI: is there an official way how to do that via the WebGUI?

 

[SteveITS]

See if this thread helps.

 

[prxtester]

Thanks. Yes, it brought a new idea and it seems to work.
So I have 2 NICs:
NIC1 which is public, lets say IP 1.2.3.4
NIC2 is private, IP 10.10.1.10

NIC1 is the management NIC and NIC2 is for the backup data
So on the proxmox cluster I had until now
"Storage, Proxmox Backup Server, Server: 10.10.1.10"
which gave the known problems with the expiring fingerprints

Now I added a second hostname into the DNS to the already existing
pbs.mydomain.example 1.2.3.4
add:
pbsintern.mydomain.example 1.2.3.4

Then at the PBS certificate page you simply add another certificate for
pbsintern.mydomain.example
What you get is a SAN certificate with both hostnames.

With the hint from that other thread: I changed the hostfile on all PVE nodes and added:
pbsintern.mydomain.example 10.10.1.10

Then you change the Storage/PBS entry on the proxmox cluster side to:
"Storage, Proxmox Backup Server, Server: pbsintern.mydomain.example"
(no fingerprint necessary)

Not exactly my initial plan, but hopefully this will now be a permanent solution