acme为IP地址获取证书并应用于PVE

caddy接管80端口并设置https跳转

http://[YOURIP], :80 {
	@acme path_regexp acme ^/\.well-known/(acme-challenge|pki-validation)/.*
	handle @acme {
		root * /home/letsencrypt
		header Content-Type text/plain
		file_server
	}
	handle {
		redir https://{host}{uri}
	}
}

设置443转发,安装acme并签发证书

iptables -t nat -A PREROUTING -p tcp -d [宿主机内网/网卡IP] --dport 443 -j REDIRECT --to-port 8006
curl https://get.acme.sh | sh -s email=10001@qq.com
acme.sh --issue --server letsencrypt -d [YOURIP] -w /home/letsencrypt --certificate-profile shortlived --days 4 --stateless
acme.sh --install-cert -d [YOURIP] --key-file /etc/pve/local/pveproxy-ssl.key --fullchain-file /etc/pve/local/pveproxy-ssl.pem --reloadcmd "systemctl restart pveproxy"

Q.E.D.