Server certificate verification failed when updating

From Proxmox VE
Revision as of 09:03, 18 July 2017 by Emmanuel Kasper (talk | contribs) (Initial Version)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

If you're running PVE 4.2 or older, and get the following error 

Err https://enterprise.proxmox.com jessie/pve-enterprise amd64 Packages
server certificate verification failed. CAfile: /etc/apt/pve-repo-ca-certifica tes.crt CRLfile: none
W: Failed to fetch https://enterprise.proxmox.com/debian/dists/jessie/pve-enterp rise/binary-amd64/Packages server certificate verification failed. CAfile: /etc /apt/pve-repo-ca-certificates.crt CRLfile: none

you need to remove the lines 

Acquire::https::enterprise.proxmox.com::CaInfo "/etc/apt/pve-repo-ca-certificates.crt";
Acquire::https::enterprise.proxmox.com::Verify-Peer "true";

in /etc/apt/apt.conf.d/75pveconf

Background:

The SSL certificate for the host enterprise.proxmox.com has changed.

  • Before PVE 4.2.18 the SSL certificate used to access enterprise.proxmox.com was hardcoded to expected a SSL certificate signed by StartCom.
  • In PVE 4.2.18, released in August 2016 this limitation was removed.
  • In July 2017, after waiting one year to let people on the PVE 4.x branch upgrade, we changed the SSL certificate on enterprise.proxmox.com to use a let's encrypt certificate.

Hence people running old versions who did not upgrade in the one year time slot expect a StartCom signed SSL certificate, and get the error when receving the new let's encrypt cert.

Retrieved from "https://pve.proxmox.com/mediawiki/index.php?title=Server_certificate_verification_failed_when_updating&oldid=9922"