Our cluster looks like this:
a.proxmox.example
b.proxmox.example
c.proxmox.example
They are behind a firewall so http-01 challenge won't work.
We're running nginx as a web proxy on each server.
We have round-robin DNS configured so users can just browse to proxmox.example.
The goal is to get a SAN key for each that resolves to both the actual hostname and proxmox.example, there are no self-signed warnings, all inter-server communication works properly.
I've tried the docs here: https://proxmox.dfw1.sonic.net/pve-docs/chapter-sysadmin.html#sysadmin_certificate_management
The DNS challenge portions didn't seem to support SAN keys, or perhaps I misread it.
Has anyone solved this?
a.proxmox.example
b.proxmox.example
c.proxmox.example
They are behind a firewall so http-01 challenge won't work.
We're running nginx as a web proxy on each server.
We have round-robin DNS configured so users can just browse to proxmox.example.
The goal is to get a SAN key for each that resolves to both the actual hostname and proxmox.example, there are no self-signed warnings, all inter-server communication works properly.
I've tried the docs here: https://proxmox.dfw1.sonic.net/pve-docs/chapter-sysadmin.html#sysadmin_certificate_management
The DNS challenge portions didn't seem to support SAN keys, or perhaps I misread it.
Has anyone solved this?
