Upload custom cert via Proxmox API?

jforman

New Member
May 25, 2020
14
0
1
41
I have pre-existing infrastructure which registers and updates TLS certificates for organization's sites via Lets Encrypt. I'd like to use this infrastructure to automatically push a new certificate to my various Proxmox VE nodes via the Proxmox API (https://pve.proxmox.com/pve-docs/api-viewer/index.html).

I would rather not set up ACME registration on each Proxmox VE node to handle their own certs.

Is it possible to push new custom certs to each Proxmox node as opposed to having to copy certificates to each machine manually and running various shell commands like in https://pve.proxmox.com/wiki/Certificate_Management? Is this possible? Any help greatly appreciated. Thanks!
 

t.lamprecht

Proxmox Staff Member
Staff member
Jul 28, 2015
5,281
1,567
164
South Tyrol/Italy
shop.proxmox.com

jforman

New Member
May 25, 2020
14
0
1
41
Hi,

You could use the API path that's also used by the Proxmox VE web-interface (Node -> Certificates -> Upload Custom Certificate):
/nodes/${nodename}/certificates/custom

https://pve.proxmox.com/pve-docs/api-viewer/index.html#/nodes/{node}/certificates/custom
Youre absolutely right, and I hadn't noticed that API endpoint until now.

I've made some rudimentary Python code to post TLS certificates to Proxmox VE nodes that I've posted at https://github.com/jforman/proxmox_certupdater. I'll be adding more to it to make it a bit more useful, but if others find it, happy to accept PRs and make it more useful.

Thanks!
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get your own in 60 seconds.

Buy now!