Proxmox SSL Error Fixing

From Proxmox VE
Jump to navigation Jump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.
Yellowpin.svg Note: Article about old Proxmox VE releases. From Proxmox VE 5.2 this is part of the reference documentation see: Certificate Management or http://pve.proxmox.com/pve-docs/

Introduction

Some users see errors like the following when doing Proxmox VE upgrades; 

kvm: -vnc unix:/var/run/qemu-server/NODENAME.vnc,password: Failed to start VNC server: The server certificate /etc/pve/local/pve-ssl.pem has expired

Solution

Remove old certificates: 

rm /etc/pve/pve-root-ca.pem
rm /etc/pve/local/pve-ssl.key
rm /etc/pve/local/pve-ssl.pem

Generate new CA and Proxmox certificates:

For CA: 

openssl genrsa -out ca.key 2048
openssl req -x509 -new -nodes -key ca.key -sha256 -days 365 -out ca.pem

For Proxmox: 

openssl genrsa -out server.key 2048
openssl req -new -key server.key -out server.csr 
openssl x509 -req -in server.csr -CA ca.pem -CAkey ca.key -CAcreateserial -out server.pem -days 365 -sha256

Rename certificates to proxmox: 

mv ca.pem pve-root-ca.pem
mv server.key pve-ssl.key
mv server.pem pve-ssl.pem


Copy to file Proxmox File System: 

cp pve-root-ca.pem /etc/pve/pve-root-ca.pem
cp pve-ssl.key /etc/pve/local/pve-ssl.key
cp pve-ssl.pem /etc/pve/local/pve-ssl.pem

Restart daemon and proxy: 

service pveproxy restart
service pvedaemon restart

Info

You can use these certificates for all nodes.

Retrieved from "https://pve.proxmox.com/mediawiki/index.php?title=Proxmox_SSL_Error_Fixing&oldid=11402"