Proxmox VE's integration with ACME works well, is easy to use, and is flexible. It would be great if you could add a disk to VM/CT containing ACME certificates generated by Proxmox VE. I imagine this working similar to adding a CloudInit or TPM to a VM where the certificates are put into a virtual disk which is then attached to the VM and regenerated whenever the certificate is renewed. This would make it trivial to make ACME certificates available to VMs and CTs as well as minimizing where credentials for DNS providers need to be copied.
Feature Request: Add ACME certificate as disk to VM/CT
- Thread starter iamwillbar
- Start date
We solved this problem with an ingrees proxy VM that does all the ACME stuff and acts as the ONLY ingress via http/https into your cluster. With this, you will have Traefik, NPM, <name-your-thing-here> that handels everything and you will only have one endpoint (better firewalling etc.).
Agreed, and I like both of these approaches for HTTP/HTTPS, but sometimes I need to get certificates to other services (such as databases) and being able to mount them directly (like you can in Kubernetes) would be a handy feature. With the ACME support in Proxmox, and the being able to mount other things (CloudInit, EFI, TPM, VirtRNG, ...) it seemed like this could be a natural extension of the functionality there today.
Alternatively, is the ACME functionality available via an API? If so, I might be able to script this and have a container coordinate ordering certificates, generating disk images, and then attaching them to VMs/CTs.
Before you invest too much into it, be aware that the Proxmox VE ACME integration is really only intended for the hosts themselves. It is not meant as a general ACME tool that can be integrated into a certificate supply chain. There is a limit of max 5 certs per node.
This has been discussed in the past.
This has been discussed in the past.