operating systems.
2. use an externally provided certificate (e.g. signed by a commercial CA).
3. use ACME (Let's Encrypt) to get a trusted certificate with automatic
-renewal, this is also integrated in the {pve} API and Webinterface.
+renewal, this is also integrated in the {pve} API and web interface.
For options 2 and 3 the file `/etc/pve/local/pveproxy-ssl.pem` (and
`/etc/pve/local/pveproxy-ssl.key`, which needs to be without password) is used.
renewal-due or similar notifications from the ACME endpoint.
You can register and deactivate ACME accounts over the web interface
-`Datacenter -> ACME` or using the `pvenode` command line tool.
+`Datacenter -> ACME` or using the `pvenode` command-line tool.
----
pvenode acme account register account-name mail@example.com
----
After configuring the desired domain(s) for a node and ensuring that the
desired ACME account is selected, you can order your new certificate over the
-web-interface. On success the interface will reload after 10 seconds.
+web interface. On success the interface will reload after 10 seconds.
Renewal will happen xref:sysadmin_certs_acme_automatic_renewal[automatically].