PVE Exporter with a custom CA - prometheus-pve/prometheus-pve-exporter GitHub Wiki

Proxmoxer relies on the Python requests library to query the Proxmox PVE API. The requests library uses its own CA bundle by default in order to verify TLS hosts. If it is necessary to specify a custom CA bundle, the path to this bundle can be specified using the REQUESTS_CA_BUNDLE environment variable (see the request docs)

When operating PVE with certificates signed by a custom Certificate Authority (or a public CA certificate that is not yet included in the Docker image), and the easiest way is to import the certificate into the local trust store of the host (see this SE answer for Debian/Ubuntu) then bind mount the host's ca-certificates.crt file, and set the REQUESTS_CA_BUNDLE enviroment variable in Docker to use the CA bundle (otherwise the exporter will ignore it).

Docker Compose snippet:

volumes:
  - '/etc/ssl/certs/ca-certificates.crt:/etc/ssl/certs/ca-certificates.crt:ro'
environment:
  - REQUESTS_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt