PBS to use existing PVE https certificates?

[alexc]

It is so ordinary question but I can't find a 'official' way to implement it:

I installed PBS on existing PVE server, and would like to use LE's https certificate o PBS web interface. I was quite surprised there is still no web-based certificate acquire interface but I understand this is not the first thing to implement in a newly created product.

But after all, I already have the same certificate (for the same server name) on PVE on the same host, so maybe there is a way to use these certs for PBS as well? I suspect this can be done via some symlinks, and looks like I have to restart PBS web interface so it can use new certificates as it become re-issued?

Please advice, don't want to ruin working install by blindly creating symlinks and cronjobs

THANK YOU!

 

[oguz]

hi,

certificates can be found in /etc/proxmox-backup/proxy.key and proxy.pem

you can follow the instructions here[0]

then restart proxmox-backup.service

EDIT:
make sure the owner of the certificate files is backup:backup since the proxy can't read them otherwise

[0]:https://pve.proxmox.com/wiki/HTTPS_...nd_5.1)#Getting_your_certificate_into_Proxmox

 

[fireon]

I would like to import the default CA-Certificate. But this is not one of proxy.key and proxy.pem. And strange, they are in no configfile, because

grep -R proxy.key /etc/

give me nothing. Also an locate "proxy" did not finde a file like "proxy.ca"... where i can find the default CA from the backupserver. In PVE i'am able to download it via Web.

Very Thanks

 

[fireon]

Ok, found some infomation here: https://pve.proxmox.com/wiki/Storage:_Proxmox_Backup_Server

But how can i convert this sha256 in a CRT/CA file, that i can import it in the webbrowser. The Manpage of openssl is really seltsam and confusing. Tested many commands, but alway syntax error, and other things. So may be this is not convertable?