How to gracefully handle cert renewal?

[whatishappening]

I use a Let' s Encrypt cert on both my PVE and PBS servers. This morning I woke up to a bunch of email alerts of failed backups and datastore connection failures. After some messing about I found that the cert on my PBS server had renewed so the fingerprints no longer matched. Was an easy fix to update the fingerprint and was back up and going.

But was curious how the best way to handle this gracefully? Even though it's not a huge deal I don't like the idea of my backups being at risk of failure every three months. Maybe my configuration is wrong here? I welcome any thoughts/guidance.

 

[wbk]

Hi whatishappening,

I ran into that as well after configuring LE. The fingerprint is mandatory when lacking 'real' certificates.

Once your nodes have LE certs, you can leave the fingerprint empty.

 

[whatishappening]

Once your nodes have LE certs, you can leave the fingerprint empty.

ohhhh, ok didn't understand that. I actually see the "required for self signed certificates" after clearing the fingerprint. Well that's easy enough then thank you.