SSL trusted certificates doesn't show up on GUI


Oct 7, 2019
Good morning,

I requested SSL certificates through ACME for non staging environment but the GUI still display the "non trusted certificates".

I used the documentation in

There are some outputs below to give you an overview :

oot@ns300000:~# pvenode acme account deactivate default
Renaming account file from '/etc/pve/priv/acme/default' to '/etc/pve/priv/acme/_deactivated_default_1'
Task OK
root@ns300000:~# cd /etc/pve/priv/acme/
total 2.0K
-rw------- 1 root www-data 4.5K Oct 14 09:04 _deactivated_default_0
-rw------- 1 root www-data 4.5K Oct 15 07:12 _deactivated_default_1
root@ns300000:/etc/pve/priv/acme# rm _deactivated_default_0 _deactivated_default_1
rm: remove regular file '_deactivated_default_0'? y
rm: remove regular file '_deactivated_default_1'? y
root@ns300000:/etc/pve/priv/acme# ll
total 0
root@ns300000:/etc/pve/priv/acme# pvenode acme account register default
Directory endpoints:
0) Let's Encrypt V2 (
1) Let's Encrypt V2 Staging (
2) Custom
Enter selection:

Attempting to fetch Terms of Service from ''..
Terms of Service:
Do you agree to the above terms? [y|N]y

Attempting to register account with ''..
Generating ACME account key..
Registering ACME account..
Registration successful, account URL: ''
Task OK
root@ns300000:/etc/pve/priv/acme# systemctl restart pveproxy

root@300000:~# pvenode acme account list
root@300000:~# systemctl restart pveproxy

Thank you
you still need to create a new certificate after registering with the production endpoint..
So,I have to proceed again the process in in the part called "Example: Sample pvenode invocation for using Let’s Encrypt certificates " ?

root@proxmox:~# pvenode acme account register default mail@example.invalid
Directory endpoints:
0) Let's Encrypt V2 (
1) Let's Encrypt V2 Staging (
2) Custom
Enter selection:

Attempting to fetch Terms of Service from ''..
Terms of Service:
Do you agree to the above terms? [y|N]y

Attempting to register account with ''..
Generating ACME account key..
Registering ACME account..
Registration successful, account URL: ''
Task OK
root@proxmox:~# pvenode acme account list
root@proxmox:~# pvenode config set --acme domains=example.invalid
root@proxmox:~# pvenode acme cert order
Loading ACME account details
Placing ACME order
Order URL:

Getting authorization details from
... pending!
Setting up webserver
Triggering validation
Sleeping for 5 seconds
Status is 'valid'!

All domains validated!

Creating CSR
Finalizing order
Checking order status

Downloading certificate
Setting pveproxy certificate and key
Restarting pveproxy
Task OK
no. you just registered with the staging endpoint again, and then requested a certificate. if you want a certificate from the production endpoint, you need to have and use an account there, and then request a certificate.
When you say "you need to have and use an account there, " which account are you referring to?
an account with Let's Encrypt? just do the steps to switch to the trusted/production directory as given in the documentation, and then order a certificate (using the GUI, or using 'pvenode') without switching back to the untrusted/staging directory.