On 1/23/20 6:07 PM, Stoiko Ivanov wrote: > The warning to not replace the cluster-certificates in '/etc/pve/local' can > be misleading and let users think that '/etc/pve/nodes/NODENAME/pve-ssl.pem' > (and .key) are the files they should replace with a LE/externally signed > certificate. > > Explicitly mentioning that '/etc/pve/local' is a symlink to > '/etc/pve/nodes/NODENAME' should make the warning more clear. > > Signed-off-by: Stoiko Ivanov <s.iva...@proxmox.com> > --- > reported in: > https://forum.proxmox.com/threads/setting-up-cluster-and-certificates-which-order.63955/ > > I tried explicitly naming both paths for both files, but the result seemed > more > cluttered than explicitly saying that the directories are linked. > > certificate-management.adoc | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/certificate-management.adoc b/certificate-management.adoc > index 81660b2..ff1ca49 100644 > --- a/certificate-management.adoc > +++ b/certificate-management.adoc > @@ -41,6 +41,8 @@ WARNING: Do not replace or manually modify the > automatically generated node > certificate files in `/etc/pve/local/pve-ssl.pem` and > `/etc/pve/local/pve-ssl.key` or the cluster CA files in > `/etc/pve/pve-root-ca.pem` and `/etc/pve/priv/pve-root-ca.key`. > +Also keep in mind that `/etc/pve/local` is a symlink to > +`/etc/pve/nodes/NODENAME`. > > Getting trusted certificates via ACME > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ >
applied, thanks! Moved the sentence to it's own hint a bit higher up to make it stand more out, though. _______________________________________________ pve-devel mailing list pve-devel@pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
