Proxmox SSL Error Fixing
Revision as of 07:06, 14 June 2019 by Thomas Lamprecht (talk | contribs) (drop x509 for preparing comapt with QEMU 4)
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.
Introduction
Some users see errors like the following when doing Proxmox VE upgrades;
kvm: -vnc unix:/var/run/qemu-server/NODENAME.vnc,password: Failed to start VNC server: The server certificate /etc/pve/local/pve-ssl.pem has expired
Solution
Remove old certificates:
rm /etc/pve/pve-root-ca.pem rm /etc/pve/local/pve-ssl.key rm /etc/pve/local/pve-ssl.pem
Generate new CA and Proxmox certificates:
For CA:
openssl genrsa -out ca.key 2048 openssl req -x509 -new -nodes -key ca.key -sha256 -days 365 -out ca.pem
For Proxmox:
openssl genrsa -out server.key 2048 openssl req -new -key server.key -out server.csr openssl x509 -req -in server.csr -CA ca.pem -CAkey ca.key -CAcreateserial -out server.pem -days 365 -sha256
Rename certificates to proxmox:
mv ca.pem pve-root-ca.pem mv server.key pve-ssl.key mv server.pem pve-ssl.pem
Copy to file Proxmox File System:
cp pve-root-ca.pem /etc/pve/pve-root-ca.pem cp pve-ssl.key /etc/pve/local/pve-ssl.key cp pve-ssl.pem /etc/pve/local/pve-ssl.pem
Restart daemon and proxy:
service pveproxy restart service pvedaemon restart
Info
You can use these certificates for all nodes.