[SOLVED] rebuild ssl certificate for updated domain name?

[aPollO]

Hello Together,

i playing around with Proxmox VE. It's a great tool. I love it!

I started to test in a own environment with standard domain pve.domain.lan. Now i switched the environment and changed the hostname. Everything works fine except the Web Interface. This is because it is signed for just 1 Domain "pve.domain.lan". How can i rebuild it for the new hostname "proxmox.my.lan" and add alternate Names like "test1.my.lan" or something like else?

I found the key "pve-www.key" in /etc/pve/ and the CA Cert "pve-root-ca.pem". But i have no idea where the private key of the ca i located and how to sign an new certificate from a self-build csr?

Just asking for it cause i'm not an ssl pro and i don't want to build an own CA.

 

[Jopa]

Hi,

I've just builded a new certificate for my PVE.

Private and public key are both stored in /etc/pve/nodes/[your node name]/

- private key : pve-ssl.key
- public key : pve-ssl.pem

You can found some documentation in the Wiki : https://pve.proxmox.com/wiki/HTTPSCertificateConfiguration

Otherwise, you can simply use the pvecm command line to update your certificate :

pvecm updatecerts --force


Personally, I used Let's Encrypt for building my certificate. It's a new, free and open certificate Authority : https://letsencrypt.org but I think it's not usable if you PVE is in your lan only.

I hope that will help you.

Regards

 

[aPollO]

Thanks a lot! I tried this earlier but i forgot to restart pveproxy (service pveproxy restart) so i had no effect.

Now it works for me!