X-Git-Url: https://git.proxmox.com/?p=pve-docs.git;a=blobdiff_plain;f=pveproxy.adoc;h=fbb739483b425ea368f28b0f6e3d4c1c6235bb84;hp=705b9fe5468aa24180ea61b70c38158f7a8e81f0;hb=508a8bd7f8b8925766b3a074241fde09c8fb35d8;hpb=7e2fdb3dfdd79fb37449fd4e69f8e4c605e67361

diff --git a/pveproxy.adoc b/pveproxy.adoc
index 705b9fe..fbb7394 100644
--- a/pveproxy.adoc
+++ b/pveproxy.adoc
@@ -1,7 +1,7 @@
 ifdef::manvolnum[]
-PVE(8)
-======
-include::attributes.txt[]
+pveproxy(8)
+===========
+:pve-toplevel:
 
 NAME
 ----
@@ -21,7 +21,6 @@ endif::manvolnum[]
 ifndef::manvolnum[]
 pveproxy - Proxmox VE API Proxy Daemon
 ======================================
-include::attributes.txt[]
 endif::manvolnum[]
 
 This daemon exposes the whole {pve} API on TCP port 8006 using
@@ -89,26 +88,15 @@ exchange algorithm is negotiated.
 Alternative HTTPS certificate
 -----------------------------
 
-By default, pveproxy uses the certificate `/etc/pve/local/pve-ssl.pem`
-(and private key `/etc/pve/local/pve-ssl.key`) for HTTPS connections.
-This certificate is signed by the cluster CA certificate, and therefor
-not trusted by browsers and operating systems by default.
-
-In order to use a different certificate and private key for HTTPS,
-store the server certificate and any needed intermediate / CA
-certificates in PEM format in the file `/etc/pve/local/pveproxy-ssl.pem`
-and the associated private key in PEM format without a password in the
-file `/etc/pve/local/pveproxy-ssl.key`.
-
-WARNING: Do not replace the automatically generated node certificate
-files in `/etc/pve/local/pve-ssl.pem` and `etc/pve/local/pve-ssl.key` or
-the cluster CA files in `/etc/pve/pve-root-ca.pem` and
-`/etc/pve/priv/pve-root-ca.key`.
-
-NOTE: There is a detailed HOWTO for configuring commercial HTTPS certificates
-on the {webwiki-url}HTTPS_Certificate_Configuration_(Version_4.x_and_newer)[wiki],
-including setup instructions for obtaining certificates from the popular free
-Let's Encrypt certificate authority.
+You can change the certificate used to an external one or to one obtained via
+ACME.
+
+pveproxy uses `/etc/pve/local/pveproxy-ssl.pem` and
+`/etc/pve/local/pveproxy-ssl.key`, if present, and falls back to
+`/etc/pve/local/pve-ssl.pem` and `/etc/pve/local/pve-ssl.key`.
+The private key may not use a passphrase.
+
+See the Host System Administration chapter of the documentation for details.
 
 ifdef::manvolnum[]
 include::pve-copyright.adoc[]