How to Secure Proxmox VE with a free Let’s Encrypt SSL certificate
Why replace the self-signed certificate in Proxmox?
A freshly installed Proxmox VE uses a self-signed certificate by default. This causes annoying browser warnings (“Your connection is not private”), provides no real protection against MITM attacks, and has a very long validity period — which increases the risk if the certificate or private key ever gets compromised.
In this tutorial you will learn how to automatically request and renew free Let’s Encrypt SSL certificates using Proxmox’s built-in ACME client, via the DNS-01 challenge (no need to open port 80!). We use ClouDNS as the DNS provider for secure API-based validation — an ideal solution for homelabs and internal networks.