Community discussions

MikroTik App
 
mike6715b
newbie
Topic Author
Posts: 34
Joined: Wed Feb 17, 2021 9:07 pm

SSL certificate for Proxmox

Tue Mar 23, 2021 11:10 am

Hy, i've started to use a Proxmox server for homelab testing and learning. I wanted to make a proper SSL certificate with ACME for proxmox using this tutorial https://www.youtube.com/watch?v=9vVKazwO1s4 and i seem to have it working with a problem.
In the video they guy has a PFsense box for his network while i have mikrotik. He is able to input pve01.internal.newbury-park.lamoree.net and access the Proxmox server from within his local network while his Proxmox server is NOT expozed to the internet. Im looking to do the same but with a mikrotik.
For a workaround, I just edited my hosts file to point to localhost so that i can have Proxmox console working in chrome ( chrome doesn't like that the certificate is not valid when connecting to console ) until i can have a proper solution.
Domain that i have for my home is lets say home.domain.com

I dont understand how he is able to access his Proxmox server with that hostname while having the server hostname in the link.

Do I need to setup some sort of loopback rule to do so or? Some portforward route to my LAN? A new route? A static DNS in the Mikrotik's DNS cache?

Export included.
You do not have the required permissions to view the files attached to this post.
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11439
Joined: Thu Mar 03, 2016 10:23 pm

Re: SSL certificate for Proxmox

Tue Mar 23, 2021 2:11 pm

The tutorial author is using DNS-01 challenge (instead of a more often used HTTP-01) which requires you to have DNS server for your (sub)domain under your control. In this case the certificate receiver (Proxmox) doesn't have to be publicly accessible. Doesn't have anything to do with particular type of firewall in use.

Challenge type DNS-01 is not particularly popular also due to the fact it is not suitable for automatic renewals unless your domain is hosted by some DNS service which offers API access to DNS servers which allows you to set up challenge responses automatically.
 
mike6715b
newbie
Topic Author
Posts: 34
Joined: Wed Feb 17, 2021 9:07 pm

Re: SSL certificate for Proxmox

Wed Mar 24, 2021 9:27 am

Hello, I have my domain managed on cloudflare and I am able to get the proper certificate and everything but since the certificate is valid for a specific domain eg. proxmox.home.domain.com i am still getting an ssl error when connecting to my server since i have to connect via the local IP address.
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11439
Joined: Thu Mar 03, 2016 10:23 pm

Re: SSL certificate for Proxmox

Wed Mar 24, 2021 11:03 am

That's perpetual "problem" with certificates. Solution is to add DNS entries (resolvable for LAN hosts only) which link public host name with local IP address.

Who is online

Users browsing this forum: Ahrefs [Bot], tesme33 and 36 guests