#!/bin/bash # Deploy certificate to Proxmox host # Usage: ./deploy-proxmox.sh set -e TARGET_HOST="$1" CERT_FILE="$2" KEY_FILE="$3" SHORT_NAME="$4" if [ $# -lt 4 ]; then echo "Usage: $0 " exit 1 fi echo "==========================================" echo "Proxmox Certificate Deployment" echo "==========================================" echo "Target: $TARGET_HOST" echo "Certificate: $CERT_FILE" echo "Key file: $KEY_FILE" echo "==========================================" echo "" # Backup existing certificates echo "[1/5] Backing up existing Proxmox certificates..." ssh root@${TARGET_HOST} "cp /etc/pve/local/pveproxy-ssl.pem /etc/pve/local/pveproxy-ssl.pem.bak.$(date +%Y%m%d-%H%M%S) 2>/dev/null || true" ssh root@${TARGET_HOST} "cp /etc/pve/local/pveproxy-ssl.key /etc/pve/local/pveproxy-ssl.key.bak.$(date +%Y%m%d-%H%M%S) 2>/dev/null || true" # Copy certificate to target echo "[2/5] Copying certificate to Proxmox..." scp "$CERT_FILE" root@${TARGET_HOST}:/tmp/${SHORT_NAME}.crt # Copy or retrieve key echo "[3/5] Copying private key to Proxmox..." if [ -f "$KEY_FILE" ]; then scp "$KEY_FILE" root@${TARGET_HOST}:/tmp/${SHORT_NAME}.key else echo "Note: Key file should already be on target at /tmp/${SHORT_NAME}.key" fi # Install certificate echo "[4/5] Installing certificate for Proxmox web interface..." ssh root@${TARGET_HOST} "cat /tmp/${SHORT_NAME}.crt > /etc/pve/local/pveproxy-ssl.pem && \ cat /tmp/${SHORT_NAME}.key > /etc/pve/local/pveproxy-ssl.key && \ chmod 640 /etc/pve/local/pveproxy-ssl.pem && \ chmod 640 /etc/pve/local/pveproxy-ssl.key" # Restart Proxmox web service echo "[5/5] Restarting Proxmox web interface..." ssh root@${TARGET_HOST} "systemctl restart pveproxy.service" echo "" echo "==========================================" echo "✓ Proxmox certificate deployed!" echo "==========================================" echo "" echo "Certificate installed at:" echo " /etc/pve/local/pveproxy-ssl.pem" echo " /etc/pve/local/pveproxy-ssl.key" echo "" echo "Backup created at:" echo " /etc/pve/local/pveproxy-ssl.pem.bak.*" echo " /etc/pve/local/pveproxy-ssl.key.bak.*" echo "" echo "Access Proxmox at: https://${TARGET_HOST}:8006" echo "=========================================="