Server certificate verification failed when updating

From Proxmox VE
Jump to navigation Jump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

If you're running PVE 4.2 or older, and get the following error 

Err https://enterprise.proxmox.com jessie/pve-enterprise amd64 Packages
server certificate verification failed. CAfile: /etc/apt/pve-repo-ca-certificates.crt CRLfile: none
W: Failed to fetch https://enterprise.proxmox.com/debian/dists/jessie/pve-enterprise/binary-amd64/Packages server certificate verification failed. CAfile: /etc /apt/pve-repo-ca-certificates.crt CRLfile: none

you need to remove the lines 

Acquire::https::enterprise.proxmox.com::CaInfo "/etc/apt/pve-repo-ca-certificates.crt";
Acquire::https::enterprise.proxmox.com::Verify-Peer "true";

in /etc/apt/apt.conf.d/75pveconf

Background:

The SSL certificate for the host enterprise.proxmox.com has changed.

  • Before PVE 4.2.18 the SSL certificate used to access enterprise.proxmox.com was hardcoded to expected a SSL certificate signed by StartCom.
  • In PVE 4.2.18, released in August 2016 this limitation was removed.
  • In July 2017, after waiting one year to let people on the PVE 4.x branch upgrade, we changed the SSL certificate on enterprise.proxmox.com to use a let's encrypt certificate.

Hence people running old versions who did not upgrade in the one year time slot expect a StartCom signed SSL certificate, and get the error when receving the new let's encrypt cert.

Retrieved from "https://pve.proxmox.com/mediawiki/index.php?title=Server_certificate_verification_failed_when_updating&oldid=9923"