fix wiki-special link to "USB installation"

[pve-docs.git] / certificate-management.adoc

diff --git a/certificate-management.adoc b/certificate-management.adoc
index 81660b27aac671838611536ed74cf3a6b2460d33..db76062675769c073212dfe690e4edb08caab2fb 100644 (file)
--- a/certificate-management.adoc
+++ b/certificate-management.adoc
@@ -29,11 +29,15 @@ You have the following options for the certificate used by `pveproxy`:
 the cluster CA and therefore not trusted by browsers and operating systems by
 default.
 2. use an externally provided certificate (e.g. signed by a commercial CA).
-3. use ACME (e.g., Let's Encrypt) to get a trusted certificate with automatic renewal.
+3. use ACME (e.g., Let's Encrypt) to get a trusted certificate with automatic
+renewal, this is also integrated in the {pve} API and Webinterface.
 
 For options 2 and 3 the file `/etc/pve/local/pveproxy-ssl.pem` (and
 `/etc/pve/local/pveproxy-ssl.key`, which needs to be without password) is used.
 
+NOTE: Keep in mind that `/etc/pve/local` is a node specific symlink to
+`/etc/pve/nodes/NODENAME`.
+
 Certificates are managed with the {PVE} Node management command
 (see the `pvenode(1)` manpage).
 
@@ -168,4 +172,4 @@ Automatic renewal of ACME certificates
 If a node has been successfully configured with an ACME-provided certificate
 (either via pvenode or via the GUI), the certificate will be automatically
 renewed by the pve-daily-update.service. Currently, renewal will be attempted
-if the certificate has expired or will expire in the next 30 days.
+if the certificate has expired already, or will expire in the next 30 days.