Difference between revisions of "Proxmox SSL Error Fixing"

Note: Article about old Proxmox VE releases. From Proxmox VE 5.2 this is part of the reference documentation see: Certificate Management or http://pve.proxmox.com/pve-docs/

Introduction

Some users see errors like the following when doing Proxmox VE upgrades;

kvm: -vnc unix:/var/run/qemu-server/NODENAME.vnc,password: Failed to start VNC server: The server certificate /etc/pve/local/pve-ssl.pem has expired

Solution

Remove old certificates:

rm /etc/pve/pve-root-ca.pem
rm /etc/pve/local/pve-ssl.key
rm /etc/pve/local/pve-ssl.pem 

Generate new CA and Proxmox certificates:

For CA:

openssl genrsa -out ca.key 2048
openssl req -x509 -new -nodes -key ca.key -sha256 -days 365 -out ca.pem

For Proxmox:

openssl genrsa -out server.key 2048
openssl req -new -key server.key -out server.csr 
openssl x509 -req -in server.csr -CA ca.pem -CAkey ca.key -CAcreateserial -out server.pem -days 365 -sha256

Rename certificates to proxmox:

mv ca.pem pve-root-ca.pem
mv server.key pve-ssl.key
mv server.pem pve-ssl.pem

Copy to file Proxmox File System:

cp pve-root-ca.pem /etc/pve/pve-root-ca.pem
cp pve-ssl.key /etc/pve/local/pve-ssl.key
cp pve-ssl.pem /etc/pve/local/pve-ssl.pem

Restart daemon and proxy:

service pveproxy restart
service pvedaemon restart

Info

You can use these certificates for all nodes.