pve_node_cert_upload
Upload a custom TLS certificate to a Proxmox VE node to replace the default self-signed certificate.
Instructions
MUTATION: upload a custom TLS certificate to a PVE node.
RISK_HIGH, NO UNDO. A malformed cert/key can lock you out of the PVE web UI and API. restart=True reloads pveproxy after upload (brief service interruption).
PRIVATE KEY REDACTION: the 'key' param is a TLS private key (secret). It is UNCONDITIONALLY redacted — it NEVER appears in the plan, change, current state, detail, or ledger (regardless of redact_ledger setting). Only {"key": "[redacted]"} is recorded. The cert body (certificates) is public and may appear in plans/logs.
Revert: re-upload a correct cert, or use pve_node_cert_delete to revert to self-signed. confirm=True to execute.
POST /nodes/{node}/certificates/custom Smoke-confirm: endpoint and body shape not live-verified.
Input Schema
| Name | Required | Description | Default |
|---|---|---|---|
| key | No | ||
| node | No | ||
| force | No | ||
| confirm | No | ||
| restart | No | ||
| certificates | Yes | ||
| proximo_target | No | Which configured Proxmox target to run this call against — a target name from your multi-target config (a specific PVE/PBS/PMG/PDM box). Omit to use the single/default target from the environment; the selection applies only to this call. |
Output Schema
| Name | Required | Description | Default |
|---|---|---|---|
| result | Yes |