Secure Proxmox VE Server With Let’s Encrypt SSL

Posted on 134 views

Proxmox VE is a solution fit for adoption in an enterprise virtualization environment. It has a tight integration with KVM hypervisor and containers (LXC), software-defined storage and networking functionality all bundled in a single platform. The central user interface shipped in Proxmox VE has self-signed certificate, but with it you can run Virtual Machines, Containers, manage Networking and software-defined storage resources without touching command-line interface.

In this article we shall discuss the process of securing your Proxmox server web console with Let’s Encrypt free SSL Certificate. For this guide, Proxmox VE should be on a public network with a valid DNS A record pointing to it. For the purpose of this guide, let’s consider DNS record pve.example.com, with an A record of 88.20.40.50.

Login to your Proxmox web dashboard.

proxmox-letsencrypt-01-1024x513

Add ACME Account

Click on your Datacenter > ACME > Add to add a new account.

proxmox-letsencrypt-02-1-1024x632

The ACME Issuer requires an account registered with the Automated Certificate Management Environment (ACME) Certificate Authority server. Click on Add to proceed.

proxmox-letsencrypt-03-1-1024x211

Input name for the account, valid email address and accept terms of service.

proxmox-letsencrypt-04-1-1024x487

Account registration process output:

Confirm the account is now available for use after being added successfully.

proxmox-letsencrypt-06-1-1024x191

Adding ACME account using command line:

pvenode acme account register   

Request Let’s Encrypt SSL Certificate for Proxmox VE

Click on Proxmox hypervisor node, then navigate to the Certificates section.

proxmox-letsencrypt-07-1-1024x198

Select account you added earlier

proxmox-letsencrypt-08-1-1024x334

Click “Add” to add Proxmox VE domain name as configured in your DNS server.

proxmox-letsencrypt-09-1

This can also be performed from CLI:

pvenode config set --acme domains=

Settings with the domain added and ACME account selected. Proceed to request for Let’s Encrypt SSL certificate using “Order Certificates Now” button.

proxmox-letsencrypt-10-1-2048x421

If everything is in order the process should be successful as seen in screenshot below.

proxmox-letsencrypt-11-1

Confirm your new certificate under “Certificates” section.

proxmox-letsencrypt-12-1-2048x364

If you want to order for SSL certificate from command line instead, then run:

pvenode acme cert order

Reload Proxmox VE Web Console

Reload your web browser for the new certificate to be loaded. If you expand HTTPS, you should get more details about the certificate in use.

proxmox-letsencrypt-14

This validates our setup to be successful. We now have our Proxmox server using Let’s Encrypt SSL. If you encounter any challenges let us know through the comments section.

coffee

Gravatar Image
A systems engineer with excellent skills in systems administration, cloud computing, systems deployment, virtualization, containers, and a certified ethical hacker.