References:
- https://www.jdbnet.co.uk/post/ssl-certificates-for-proxmox-through-cloudflare
- https://teknokafe.com/en/installing-acme-lets-encrypt-ssl-certificates-on-proxmox-ve/
- https://forum.proxmox.com/threads/secure-webinterface-change-port-8006-proxmox-4-4.34939/
Prerequisite: own a domain through Cloudflare
Steps:
- Generate Cloudflare Account API Token with DNS edit permissions
- In Proxmox:
- Datacenter → ACME → Add an account
- Name: cloudflare
- Email: whatever you want to register with Let’s Encrypt
- ACME Directory: Let’s Encrypt V2
- Accept TOS
- Datacenter → ACME → Add a challenge plugin
- ID: cloudflare
- DNS API: Cloudflare Managed DNS
- CF_Token= : your API token
- Rest blank
- pve (node) → System → Certificates → Add an ACME Domain
- Challenge Type: DNS
- Plugin: cloudflare (previously created)
- Domain: pve.domain.com
- Use the “Order Certificates Now” button and wait
- Add a DNS record in your LAN that points to the Proxmox server’s IP
- Since Proxmox uses port 8006 for the web interface, we also need to create an
iptablesrule to redirect traffic. In Proxmox’s command line run the following:
- Datacenter → ACME → Add an account
iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-ports 8006
EOF