DEV Community

Cover image for Setting up a Homelab: Part 1 Proxmox and LetsEncrypt
Ashwin Belbase
Ashwin Belbase

Posted on

Setting up a Homelab: Part 1 Proxmox and LetsEncrypt

As someone who likes to tinker around with stuff, I tend to break my system quite often. For a long time, I have wanted to allow myself to test applications and operating systems without breaking my ongoing OS install.

One way to test application is by using virtual machines or docker. While I use docker quite a lot for testing and for production workloads, testing an entire operating system on docker is not feasible. For this reason, I wanted to use virtual machines. But I also did not want to run Virtual Machines on my laptop, as I do not like my laptop getting hot everytime I want to test something new. Recently, I got my hands on a used desktop, a decent machine on which I could start building my home lab.

As I wanted to run a bunch of Virtual Machines and containers on the server, Proxmox seemed to be a good fit as it supports both VMs and Containers using KVM and LXC.

P.S. This is not supposed to be a tutorial. I only wrote this piece so that I can look back on it after a year and hopefully remember how I did stuff.

Installation

To install Proxmox VE, I just followed the documentation on the Proxmox website and completed a standard installation. As the installer is straightforward, the installation itself was quite easy.

Configuration

Right after I installed Proxmox, I tried logging into the web console, and I saw this.

Insecure Connection: Invalid Common Name Warning

A self-signed certificate was generated and used by Proxmox which will always generate a warning on the browser. I did not like seeing this when trying to work on my home lab. So, I started looking for ways to put a valid SSL certificate in Proxmox.

During my research, I found that Proxmox could be made to integrate with acme.sh; a free SSL certificate generator powered by ACME(Let's Encrypt).

Generate and Apply SSL Certificate

Docs: https://pve.proxmox.com/wiki/Certificate_Management

After skimming through the documentation, I thought that the integration would be quite easy, and indeed it was, after a couple of failed attempts.

You can register and deactivate ACME accounts over the web interface Datacenter -> ACME or using the pvenode command-line tool.

Following this excerpt from the documentation, I went to Datacenter -> ACME -> Accounts -> Add, and registered an account with Lets Encrypt V2.

Add ACME Account

Since The Proxmox instance was not accessible directly from the public internet, I proceeded to add the plugin for DNS challenge based verification.

To add a Challenge Plugin:

  1. In the challenge plugins section, click on Add.
  2. In the popup that appears, give a name to the plugin that you will create in the Plugin ID section. Remember this value as the PLUGIN_NAME.
  3. Set the DNS API option to DNS provider, and fill in the generated form as required. Then clock on save.

In my case, I am using Cloudflare, so I filled in the CF_Account_ID, CF_Email, CF_Token and CF_Zone_ID fields.

Challenge Plugin

You might only need the CF_TOKEN but the process failed due to some reason when only the CF_TOKEN was used. So I filled in all the applicable fields.

Now, to generate the certificated for a node, you need to go to the Datacenter -> NODE_NAME -> System -> Certificates to generate/setup the certificate.

  1. In the ACME Section, Click on Add.
  2. In the popup that appears, select challenge type as DNS, and the Plugin type as the name that you used when creating the DNS plugin (PLUGIN_NAME).
  3. In the domain field, fill in the domain name that you want to generate the SSL certificate for. Now click on apply.

SSL Certificate Creation

  1. The certificate should be generated and applied. Proxmox will restart the webproxy to apply the new certificate.

SSL Certificate Description

Top comments (0)