Proxmox SSL Error Fixing: Difference between revisions
Jump to navigation
Jump to search
m (drop x509 for preparing comapt with QEMU 4) |
(add archive category and note about reference documentation) |
||
Line 1: | Line 1: | ||
{{Note|Article about old Proxmox VE releases. From Proxmox VE 5.2 this is part of the reference documentation see: [[Certificate Management]] or http://pve.proxmox.com/pve-docs/}} | |||
== Introduction == | == Introduction == | ||
Some users see errors like the following when doing Proxmox VE upgrades; | Some users see errors like the following when doing Proxmox VE upgrades; | ||
Line 40: | Line 42: | ||
'''You can use these certificates for all nodes.''' | '''You can use these certificates for all nodes.''' | ||
[[Category:Archive]] |
Latest revision as of 09:22, 2 August 2022
Note: Article about old Proxmox VE releases. From Proxmox VE 5.2 this is part of the reference documentation see: Certificate Management or http://pve.proxmox.com/pve-docs/ |
Introduction
Some users see errors like the following when doing Proxmox VE upgrades;
kvm: -vnc unix:/var/run/qemu-server/NODENAME.vnc,password: Failed to start VNC server: The server certificate /etc/pve/local/pve-ssl.pem has expired
Solution
Remove old certificates:
rm /etc/pve/pve-root-ca.pem rm /etc/pve/local/pve-ssl.key rm /etc/pve/local/pve-ssl.pem
Generate new CA and Proxmox certificates:
For CA:
openssl genrsa -out ca.key 2048 openssl req -x509 -new -nodes -key ca.key -sha256 -days 365 -out ca.pem
For Proxmox:
openssl genrsa -out server.key 2048 openssl req -new -key server.key -out server.csr openssl x509 -req -in server.csr -CA ca.pem -CAkey ca.key -CAcreateserial -out server.pem -days 365 -sha256
Rename certificates to proxmox:
mv ca.pem pve-root-ca.pem mv server.key pve-ssl.key mv server.pem pve-ssl.pem
Copy to file Proxmox File System:
cp pve-root-ca.pem /etc/pve/pve-root-ca.pem cp pve-ssl.key /etc/pve/local/pve-ssl.key cp pve-ssl.pem /etc/pve/local/pve-ssl.pem
Restart daemon and proxy:
service pveproxy restart service pvedaemon restart
Info
You can use these certificates for all nodes.