Proxmox SSL Error Fixing: Difference between revisions

From Proxmox VE
Jump to navigation Jump to search
(Created page with "== Introduction == Some users see errors like the following when doing ProxMOX upgrades; kvm: -vnc unix:/var/run/qemu-server/NODENAME.vnc,x509,password: Failed to start VNC s...")
 
(add archive category and note about reference documentation)
 
(3 intermediate revisions by 2 users not shown)
Line 1: Line 1:
{{Note|Article about old Proxmox VE releases. From Proxmox VE 5.2 this is part of the reference documentation see: [[Certificate Management]] or http://pve.proxmox.com/pve-docs/}}
== Introduction ==
== Introduction ==
Some users see errors like the following when doing ProxMOX upgrades;
Some users see errors like the following when doing Proxmox VE upgrades;
  kvm: -vnc unix:/var/run/qemu-server/NODENAME.vnc,x509,password: Failed to start VNC server: The server certificate /etc/pve/local/pve-ssl.pem has expired
  kvm: -vnc unix:/var/run/qemu-server/NODENAME.vnc,password: Failed to start VNC server: The server certificate /etc/pve/local/pve-ssl.pem has expired


== Solution ==
== Solution ==
Line 18: Line 20:


For Proxmox:
For Proxmox:
  openssl genrsa -out server.key 2048  
  openssl genrsa -out server.key 2048
openssl req -new -key server.key -out server.csr
  openssl x509 -req -in server.csr -CA ca.pem -CAkey ca.key -CAcreateserial -out server.pem -days 365 -sha256
  openssl x509 -req -in server.csr -CA ca.pem -CAkey ca.key -CAcreateserial -out server.pem -days 365 -sha256


Line 39: Line 42:


'''You can use these certificates for all nodes.'''
'''You can use these certificates for all nodes.'''
[[Category:Archive]]

Latest revision as of 09:22, 2 August 2022

Yellowpin.svg Note: Article about old Proxmox VE releases. From Proxmox VE 5.2 this is part of the reference documentation see: Certificate Management or http://pve.proxmox.com/pve-docs/

Introduction

Some users see errors like the following when doing Proxmox VE upgrades;

kvm: -vnc unix:/var/run/qemu-server/NODENAME.vnc,password: Failed to start VNC server: The server certificate /etc/pve/local/pve-ssl.pem has expired

Solution

Remove old certificates:

rm /etc/pve/pve-root-ca.pem
rm /etc/pve/local/pve-ssl.key
rm /etc/pve/local/pve-ssl.pem 

Generate new CA and Proxmox certificates:

For CA:

openssl genrsa -out ca.key 2048
openssl req -x509 -new -nodes -key ca.key -sha256 -days 365 -out ca.pem

For Proxmox:

openssl genrsa -out server.key 2048
openssl req -new -key server.key -out server.csr 
openssl x509 -req -in server.csr -CA ca.pem -CAkey ca.key -CAcreateserial -out server.pem -days 365 -sha256

Rename certificates to proxmox:

mv ca.pem pve-root-ca.pem
mv server.key pve-ssl.key
mv server.pem pve-ssl.pem


Copy to file Proxmox File System:

cp pve-root-ca.pem /etc/pve/pve-root-ca.pem
cp pve-ssl.key /etc/pve/local/pve-ssl.key
cp pve-ssl.pem /etc/pve/local/pve-ssl.pem

Restart daemon and proxy:

service pveproxy restart
service pvedaemon restart

Info

You can use these certificates for all nodes.