proxmox-mirrors/pve-docs
1
0
Fork 0
mirror of https://git.proxmox.com/git/pve-docs synced 2025-04-30 08:16:10 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

fix #5665: add note about short-lived cert renewal

Browse Source 
not that obvious behaviour on the systemd side, and missing cert renewal can
have wide-reaching consequences.

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
This commit is contained in:
Fabian Grünbichler 2024-09-09 14:39:50 +02:00 committed by Fiona Ebner
parent 4d318fb1cd
commit 5a42e20dba
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
certificate-management.adoc
View File

@ -223,6 +223,9 @@ If a node has been successfully configured with an ACME-provided certificate
renewed by the `pve-daily-update.service`. Currently, renewal will be attempted renewed by the `pve-daily-update.service`. Currently, renewal will be attempted
if the certificate has expired already, or will expire in the next 30 days. if the certificate has expired already, or will expire in the next 30 days.
NOTE: If you are using a custom directory that issues short-lived certificates,
disabling the random delay for the `pve-daily-update.timer` unit might be
advisable to avoid missing a certificate renewal after a reboot.
ACME Examples with `pvenode` ACME Examples with `pvenode`
~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~