What's wrong about replacing /etc/pve/local/pve-ssl.* ?

harvie

Member
Apr 5, 2017
87
14
8
30
man pveproxy says this:

Warning
Do not replace the automatically generated node certificate files in /etc/pve/local/pve-ssl.pem and etc/pve/local/pve-ssl.key


What's so wrong about replacing original snakeoil key+cert with eg. letsencrypt one? It seemed to work for me. I modified my setup so it now goes into /etc/pve/local/pveproxy-ssl.pem and .key, but i don't see reason not to overwrite original pve-ssl.key. Is that somehow related to cluster nodes identifiing each other using these certs?
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE and Proxmox Mail Gateway. We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get your own in 60 seconds.

Buy now!