Hi Ian, Yes. In this case, the ACS management server doesn’t need any additional configuration but you’ll have to take care of CPVM and SSVM (optionally) like Ruben suggested. Also see [1] where you should have a CA signed one instead.
[1] https://github.com/apache/cloudstack/discussions/9013 Regards, Jayanth Reddy From: Ian Tobin <ito...@tidyhosts.com.INVALID> Date: Tuesday, 21 May 2024 at 5:40 AM To: users@cloudstack.apache.org <users@cloudstack.apache.org> Subject: RE: Let's Encrypt Hi Ruben, Thanks for the info, do you mean running ACME on the reverse proxy? Anything needing to be configured on the ACS management server? Thanks Ian -----Original Message----- From: Ruben Bosch <ruben.bo...@cldin.eu> Sent: 20 May 2024 23:38 To: users@cloudstack.apache.org Subject: Re: Let's Encrypt Ian, this is easily achievable by means of an ACME client (Certbot) and running ACS management behind a reverse proxy. You can write a hook to upload a certificate to the CPVM as well. ( https://checkpoint.url-protection.com/v1/url?o=https%3A//cloudstack.apache.org/api/apidocs-4.16/apis/uploadCustomCertificate.html&g=NTI4NzIzY2NiZTM4YzE1Yw==&h=N2JiM2Q5ZTFmY2NiZDUwYTkxM2U0ODY5MmM2MjhlNjNkMWY4ZjlhNTQ0MWFjMDQwNTAwYWU1YzI4NDEwNjllMQ==&p=Y3AxZTpueHRnZW5pbmZpbml0ZWRhdGFjZW50ZXI6YzpvOmU1YWQ3MDZjNDAzYjhiMGQzNTM0MmZhMjcyZGIyODFhOnYxOnA6VA==) Just be mindful that the CPVM requires a wildcard certificate. On Mon, May 20, 2024 at 2:50 PM Ian Tobin <ito...@tidyhosts.com.invalid> wrote: > Hi, > > Are there any plans to implement Let's Encrypt with CS? More so > securing the Management console and Proxy. > > Thanks > > Ian > > > Disclaimer *** This e-mail contains PRIVILEGED AND CONFIDENTIAL INFORMATION intended solely for the use of the addressee(s). If you are not the intended recipient, please notify the sender by e-mail and delete the original message. Further, you are not authorised to copy, disclose, or distribute this e-mail or its contents to any other person and any such actions are unlawful and strictly prohibited. This e-mail may contain viruses. NxtGen Datacenter & Cloud Technologies Private Ltd (“NxtGen”) has taken every reasonable precaution to minimize this risk but is not liable for any damage you may sustain as a result of any virus in this e-mail. You should carry out your own virus checks before opening the e-mail or attachment. NxtGen reserves the right to monitor and review the content of all messages sent to or from this e-mail address. Messages sent to or from this e-mail address may be stored on the NxtGen e-mail system. *** End of Disclaimer ***NXTGEN***
