The warning to not replace the cluster-certificates in '/etc/pve/local' can be misleading and let users think that '/etc/pve/nodes/NODENAME/pve-ssl.pem' (and .key) are the files they should replace with a LE/externally signed certificate.
Explicitly mentioning that '/etc/pve/local' is a symlink to '/etc/pve/nodes/NODENAME' should make the warning more clear. Signed-off-by: Stoiko Ivanov <s.iva...@proxmox.com> --- reported in: https://forum.proxmox.com/threads/setting-up-cluster-and-certificates-which-order.63955/ I tried explicitly naming both paths for both files, but the result seemed more cluttered than explicitly saying that the directories are linked. certificate-management.adoc | 2 ++ 1 file changed, 2 insertions(+) diff --git a/certificate-management.adoc b/certificate-management.adoc index 81660b2..ff1ca49 100644 --- a/certificate-management.adoc +++ b/certificate-management.adoc @@ -41,6 +41,8 @@ WARNING: Do not replace or manually modify the automatically generated node certificate files in `/etc/pve/local/pve-ssl.pem` and `/etc/pve/local/pve-ssl.key` or the cluster CA files in `/etc/pve/pve-root-ca.pem` and `/etc/pve/priv/pve-root-ca.key`. +Also keep in mind that `/etc/pve/local` is a symlink to +`/etc/pve/nodes/NODENAME`. Getting trusted certificates via ACME ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -- 2.20.1 _______________________________________________ pve-devel mailing list pve-devel@pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
