Proxmox SSL Setup: Nginx Proxy Manager + Cloudflare DNS Challenge

Learn how to set up free SSL certificates for your homelab using Nginx Proxy Manager, Cloudflare DNS challenge, and Proxmox. Secure all services with HTTPS — no public IP needed.

4 min read
Easy SSL Certificates For Your Homelab Services Tutorial

Introduction

Are you still using numbers and dots to navigate through the WWW? I’m pretty sure you’re not, so why should use it then to navigate through your homelab services? That’s right, your homelab deserves better, so let me show you how you can easily attach a domain name to each of your homelab service.

💡 Quick answers: Jump to frequently asked questions about SSL in homelabs.

Install Nginx Proxy Manager on Proxmox for SSL

We’re gonna be using our beloved Proxmox Scripts to get started with Nginx Proxy Manager. Simply copy the script into your Proxmox Node shell and go on with the default settings, cause they’re pretty much enough for any number of services you’re going to be running. When the script is done and you see a new LXC appear in your left side bar, you’ll be pointed to an IP address of your Nginx Proxy Manager and that’s where the fun begins.

Set Up SSL Certificates in Nginx Proxy Manager

Default Credentials Email address - [email protected] > Password - changeme

Once you log in to your proxy manager, you’ll be greeted by the screen similar to this and will be offered to change the default credentials.

Nginx Proxy Manager dashboard for SSL setup in Proxmox

Keep in mind, you need to put in a real email address for certificates to generate successfully.

Once done, you should head out to SSL Certificates tab and press Add SSL Certificate and choose Let’s Encrypt.

Nginx Proxy Manager Certificate Generation Modal

Let’s say your domain is example.com, in this case you’d fill Domain Names with

*.example.com

So that all the subdomains are managed by our Nginx Proxy Manager.

Next part is, make sure you switch Use a DNS Challenge and choose your DNS Provider, I’m going to be covering Cloudflare case.

Configure Cloudflare for Free SSL with Nginx Proxy Manager

Once you’re logged in to your Cloudflare dashboard, head to your profile and API Tokens.

Cloudflare User API Tokens Interface

Here you want to create a custom API token with any name you’d like and configure it the same way as shown.

Token required permissions screenshot

After creating the token, save it somewhere, you’ll need it in a bit, now go to DNS configuration of your domain and set an A record the same way as shown.

Cloudflare DNS A record setup for Nginx Proxy Manager SSL

And do the same for the domain root.

Cloudflare DNS A record setup for Nginx Proxy Manager SSL

Now you can go back to Nginx Proxy Manager and add the token you created instead of the placeholder one.

Configuring Nginx Proxy Manager To Use Cloudflare As DNS Provider

Make sure to have propagation seconds of 120 or more.

At this moment, you have almost finished setting up the proxy manager. One last thing you need to do is adding your hosts.

Add Homelab Services to Nginx Proxy Manager with SSL

At this moment, you can add some service from your homelab to the Nginx Proxy Manager. Let’s suppose you want to access Proxmox via domain name.

Adding a new host to Nginx Proxy Manager

One major thing to consider is whether your service is running via HTTP or HTTPS initially.

If your service generates it’s own certificate and runs on HTTPS, select HTTPS in the dropdown, otherwise leave HTTP

After this, go to SSL tab and select your SSL certificate that you’ve generated and switch the Force SSL and HTTP/2 Support switches, so that it looks like this.

Configuring SSL for the new host

At this point, you can already use your domain name to access the service and no more SSL warnings. Voila!

💡 Frequently Asked Questions

How do I get free SSL certificates for my homelab services?
You can get free SSL certificates using Nginx Proxy Manager with Let's Encrypt. By enabling DNS Challenge and integrating it with Cloudflare, you can secure all your services with HTTPS — even on private networks.
Do I need a public IP to use SSL in my homelab?
No, with the DNS challenge method and a domain managed by Cloudflare, you can issue SSL certificates for your local services without exposing them to the public internet.
What do I need to set up Nginx Proxy Manager on Proxmox?
You’ll need a Proxmox LXC container, a registered domain name, and a Cloudflare account with a custom API token. The setup can be fully automated using Proxmox community scripts.

Thank you for taking the time to read :)

If you enjoyed the article, you’re welcome to join the Discord community.