man pveproxy says this:
Warning
Do not replace the automatically generated node certificate files in /etc/pve/local/pve-ssl.pem and etc/pve/local/pve-ssl.key
What's so wrong about replacing original snakeoil key+cert with eg. letsencrypt one? It seemed to work for me. I modified my setup so it now goes into /etc/pve/local/pveproxy-ssl.pem and .key, but i don't see reason not to overwrite original pve-ssl.key. Is that somehow related to cluster nodes identifiing each other using these certs?
Warning
Do not replace the automatically generated node certificate files in /etc/pve/local/pve-ssl.pem and etc/pve/local/pve-ssl.key
What's so wrong about replacing original snakeoil key+cert with eg. letsencrypt one? It seemed to work for me. I modified my setup so it now goes into /etc/pve/local/pveproxy-ssl.pem and .key, but i don't see reason not to overwrite original pve-ssl.key. Is that somehow related to cluster nodes identifiing each other using these certs?
