Resource: proxmox_virtual_environment_acme_certificate¶
Warning
Deprecated: Use proxmox_acme_certificate instead. This resource will be removed in v1.0.
Manages ACME SSL certificates for Proxmox VE nodes.
This resource orders and renews certificates from an ACME Certificate Authority (like Let's Encrypt) for a specific node. Before using this resource, ensure that:
- An ACME account is configured (using proxmox_acme_account)
- DNS plugins are configured if using DNS-01 challenge (using proxmox_acme_dns_plugin)
Example Usage¶
# Example: Basic ACME certificate with HTTP-01 challenge (standalone)
resource "proxmox_virtual_environment_acme_account" "example" {
name = "production"
contact = "admin@example.com"
directory = "https://acme-v02.api.letsencrypt.org/directory"
tos = "https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf"
}
resource "proxmox_virtual_environment_acme_certificate" "http_example" {
node_name = "pve-node-01"
account = proxmox_virtual_environment_acme_account.example.name
domains = [
{
domain = "pve.example.com"
# No plugin specified = HTTP-01 challenge
}
]
}
# Example: ACME certificate with DNS-01 challenge using Cloudflare
resource "proxmox_virtual_environment_acme_dns_plugin" "cloudflare" {
plugin = "cloudflare"
api = "cf"
# Wait 2 minutes for DNS propagation
validation_delay = 120
data = {
CF_Account_ID = "your-cloudflare-account-id"
CF_Token = "your-cloudflare-api-token"
CF_Zone_ID = "your-cloudflare-zone-id"
}
}
resource "proxmox_virtual_environment_acme_certificate" "dns_example" {
node_name = "pve-node-01"
account = proxmox_virtual_environment_acme_account.example.name
domains = [
{
domain = "pve.example.com"
plugin = proxmox_virtual_environment_acme_dns_plugin.cloudflare.plugin
}
]
depends_on = [
proxmox_virtual_environment_acme_account.example,
proxmox_virtual_environment_acme_dns_plugin.cloudflare
]
}
# Example: Force certificate renewal
resource "proxmox_virtual_environment_acme_certificate" "force_renew" {
node_name = "pve-node-01"
account = proxmox_virtual_environment_acme_account.example.name
force = true
domains = [
{
domain = "pve.example.com"
plugin = proxmox_virtual_environment_acme_dns_plugin.cloudflare.plugin
}
]
depends_on = [
proxmox_virtual_environment_acme_account.example,
proxmox_virtual_environment_acme_dns_plugin.cloudflare
]
}
Schema¶
Required¶
account(String) The ACME account name to use for ordering the certificate.domains(Attributes List) The list of domains to include in the certificate. At least one domain is required. (see below for nested schema)node_name(String) The name of the Proxmox VE node for which to order/manage the ACME certificate.
Optional¶
force(Boolean) Force certificate renewal even if the certificate is not due for renewal yet. Setting this to true will trigger a new certificate order on every apply.
Read-Only¶
certificate(String) The PEM-encoded certificate data.fingerprint(String) The certificate fingerprint.id(String) The unique identifier of this resource.issuer(String) The certificate issuer.not_after(String) The certificate expiration timestamp.not_before(String) The certificate start timestamp.subject(String) The certificate subject.subject_alternative_names(List of String) The certificate subject alternative names (SANs).
Nested Schema for domains¶
Required:
domain(String) The domain name to include in the certificate.
Optional:
alias(String) An optional alias domain for DNS validation. This allows you to validate the domain using a different domain's DNS records.plugin(String) The DNS plugin to use for DNS-01 challenge validation. If not specified, the standalone HTTP-01 challenge will be used.
Import¶
Import is supported using the following syntax: