+Alternative HTTPS certificate
+-----------------------------
+
+By default, pveproxy uses the certificate `/etc/pve/local/pve-ssl.pem`
+(and private key `/etc/pve/local/pve-ssl.key`) for HTTPS connections.
+This certificate is signed by the cluster CA certificate, and therefor
+not trusted by browsers and operating systems by default.
+
+In order to use a different certificate and private key for HTTPS,
+store the server certificate and any needed intermediate / CA
+certificates in PEM format in the file `/etc/pve/local/pveproxy-ssl.pem`
+and the associated private key in PEM format without a password in the
+file `/etc/pve/local/pveproxy-ssl.key`.
+
+WARNING: Do not replace the automatically generated node certificate
+files in `/etc/pve/local/pve-ssl.pem` and `etc/pve/local/pve-ssl.key` or
+the cluster CA files in `/etc/pve/pve-root-ca.pem` and
+`/etc/pve/priv/pve-root-ca.key`.
+