What's wrong about replacing /etc/pve/local/pve-ssl.* ?


Apr 5, 2017
man pveproxy says this:

Do not replace the automatically generated node certificate files in /etc/pve/local/pve-ssl.pem and etc/pve/local/pve-ssl.key

What's so wrong about replacing original snakeoil key+cert with eg. letsencrypt one? It seemed to work for me. I modified my setup so it now goes into /etc/pve/local/pveproxy-ssl.pem and .key, but i don't see reason not to overwrite original pve-ssl.key. Is that somehow related to cluster nodes identifiing each other using these certs?


The Proxmox community has been around for many years and offers help and support for Proxmox VE and Proxmox Mail Gateway. We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get your own in 60 seconds.

Buy now!