X-Git-Url: https://git.proxmox.com/?p=pve-docs.git;a=blobdiff_plain;f=pveproxy.adoc;h=fbb739483b425ea368f28b0f6e3d4c1c6235bb84;hp=86a92f5d090103787798c76d2e4676bd74846a25;hb=5da3d723c173aa4f767240a3da923e0861152e3a;hpb=9b75a03adb4dd08255080d6823a863df8d37d25d

diff --git a/pveproxy.adoc b/pveproxy.adoc
index 86a92f5..fbb7394 100644
--- a/pveproxy.adoc
+++ b/pveproxy.adoc
@@ -1,7 +1,7 @@
 ifdef::manvolnum[]
-PVE({manvolnum})
-================
-include::attributes.txt[]
+pveproxy(8)
+===========
+:pve-toplevel:
 
 NAME
 ----
@@ -19,9 +19,8 @@ DESCRIPTION
 endif::manvolnum[]
 
 ifndef::manvolnum[]
-{pve} API Proxy Daemon
-======================
-include::attributes.txt[]
+pveproxy - Proxmox VE API Proxy Daemon
+======================================
 endif::manvolnum[]
 
 This daemon exposes the whole {pve} API on TCP port 8006 using
@@ -89,26 +88,15 @@ exchange algorithm is negotiated.
 Alternative HTTPS certificate
 -----------------------------
 
-By default, pveproxy uses the certificate `/etc/pve/local/pve-ssl.pem`
-(and private key `/etc/pve/local/pve-ssl.key`) for HTTPS connections.
-This certificate is signed by the cluster CA certificate, and therefor
-not trusted by browsers and operating systems by default.
-
-In order to use a different certificate and private key for HTTPS,
-store the server certificate and any needed intermediate / CA
-certificates in PEM format in the file `/etc/pve/local/pveproxy-ssl.pem`
-and the associated private key in PEM format without a password in the
-file `/etc/pve/local/pveproxy-ssl.key`.
-
-WARNING: Do not replace the automatically generated node certificate
-files in `/etc/pve/local/pve-ssl.pem` and `etc/pve/local/pve-ssl.key` or
-the cluster CA files in `/etc/pve/pve-root-ca.pem` and
-`/etc/pve/priv/pve-root-ca.key`.
-
-NOTE: There is a detailed HOWTO for configuring commercial HTTPS certificates
-on the {webwiki-url}HTTPS_Certificate_Configuration_(Version_4.x_and_newer)[wiki],
-including setup instructions for obtaining certificates from the popular free
-Let's Encrypt certificate authority.
+You can change the certificate used to an external one or to one obtained via
+ACME.
+
+pveproxy uses `/etc/pve/local/pveproxy-ssl.pem` and
+`/etc/pve/local/pveproxy-ssl.key`, if present, and falls back to
+`/etc/pve/local/pve-ssl.pem` and `/etc/pve/local/pve-ssl.key`.
+The private key may not use a passphrase.
+
+See the Host System Administration chapter of the documentation for details.
 
 ifdef::manvolnum[]
 include::pve-copyright.adoc[]