pvenode: add WOL section to doc

[pve-docs.git] / certificate-managment.adoc
diff --git a/certificate-managment.adoc b/certificate-managment.adoc

index a219adb4c1f711fdb823855731144a86ef470ef0..3eabee83a5bd067a8cb5dec013e622d41d0afabb 100644 (file)
--- a/certificate-managment.adoc
+++ b/certificate-managment.adoc
@@ -14,8 +14,7 @@ generates a self-signed certificate for each node. These certificates are used
  for encrypted communication with the cluster's pveproxy service and the
  Shell/Console feature if SPICE is used.
  
-The CA certificate and key are stored in the `pmxcfs` (see the `pmxcfs(8)`
-manpage).
+The CA certificate and key are stored in the xref:chapter_pmxcfs[Proxmox Cluster File System (pmxcfs)].
  
  Certificates for API and web GUI
  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
@@ -68,7 +67,7 @@ At the moment the GUI uses only the default ACME account.
  
  .Example: Sample `pvenode` invocation for using Let's Encrypt certificates
  
------------------
+----
  root@proxmox:~# pvenode acme account register default mail@example.invalid
  Directory endpoints:
  0) Let's Encrypt V2 (https://acme-v02.api.letsencrypt.org/directory)
@@ -113,7 +112,55 @@ Downloading certificate
  Setting pveproxy certificate and key
  Restarting pveproxy
  Task OK
------------------
+----
+
+Switching from the `staging` to the regular ACME directory
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+Changing the ACME directory for an account is unsupported. If you want to switch
+an account from the `staging` ACME directory to the regular, trusted, one you
+need to deactivate it and recreate it.
+
+This procedure is also needed to change the default ACME account used in the GUI.
+
+.Example: Changing the `default` ACME account from the `staging` to the regular directory
+
+----
+root@proxmox:~# pvenode acme account info default
+Directory URL: https://acme-staging-v02.api.letsencrypt.org/directory
+Account URL: https://acme-staging-v02.api.letsencrypt.org/acme/acct/6332194
+Terms Of Service: https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf
+
+Account information:
+ID: xxxxxxx
+Contact:
+        - mailto:example@proxmox.com
+Creation date: 2018-07-31T08:41:44.54196435Z
+Initial IP: 192.0.2.1
+Status: valid
+
+root@proxmox:~# pvenode acme account deactivate default
+Renaming account file from '/etc/pve/priv/acme/default' to '/etc/pve/priv/acme/_deactivated_default_4'
+Task OK
+
+root@proxmox:~# pvenode acme account register default example@proxmox.com
+Directory endpoints:
+0) Let's Encrypt V2 (https://acme-v02.api.letsencrypt.org/directory)
+1) Let's Encrypt V2 Staging (https://acme-staging-v02.api.letsencrypt.org/directory)
+2) Custom
+Enter selection:
+0
+
+Attempting to fetch Terms of Service from 'https://acme-v02.api.letsencrypt.org/directory'..
+Terms of Service: https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf
+Do you agree to the above terms? [y|N]y
+
+Attempting to register account with 'https://acme-v02.api.letsencrypt.org/directory'..
+Generating ACME account key..
+Registering ACME account..
+Registration successful, account URL: 'https://acme-v02.api.letsencrypt.org/acme/acct/39335247'
+Task OK
+----
  
  Automatic renewal of ACME certificates
  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^