[pve-devel] [PATCH docs] cert-management: mention symlinks in /etc/pve
Stoiko Ivanov
s.ivanov at proxmox.com
Thu Jan 23 18:07:33 CET 2020
The warning to not replace the cluster-certificates in '/etc/pve/local' can
be misleading and let users think that '/etc/pve/nodes/NODENAME/pve-ssl.pem'
(and .key) are the files they should replace with a LE/externally signed
certificate.
Explicitly mentioning that '/etc/pve/local' is a symlink to
'/etc/pve/nodes/NODENAME' should make the warning more clear.
Signed-off-by: Stoiko Ivanov <s.ivanov at proxmox.com>
---
reported in:
https://forum.proxmox.com/threads/setting-up-cluster-and-certificates-which-order.63955/
I tried explicitly naming both paths for both files, but the result seemed more
cluttered than explicitly saying that the directories are linked.
certificate-management.adoc | 2 ++
1 file changed, 2 insertions(+)
diff --git a/certificate-management.adoc b/certificate-management.adoc
index 81660b2..ff1ca49 100644
--- a/certificate-management.adoc
+++ b/certificate-management.adoc
@@ -41,6 +41,8 @@ WARNING: Do not replace or manually modify the automatically generated node
certificate files in `/etc/pve/local/pve-ssl.pem` and
`/etc/pve/local/pve-ssl.key` or the cluster CA files in
`/etc/pve/pve-root-ca.pem` and `/etc/pve/priv/pve-root-ca.key`.
+Also keep in mind that `/etc/pve/local` is a symlink to
+`/etc/pve/nodes/NODENAME`.
Getting trusted certificates via ACME
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
--
2.20.1
More information about the pve-devel
mailing list