Server certificate verification failed when updating
Jump to navigation
Jump to search
If you're running PVE 4.2 or older, and get the following error
Err https://enterprise.proxmox.com jessie/pve-enterprise amd64 Packages server certificate verification failed. CAfile: /etc/apt/pve-repo-ca-certificates.crt CRLfile: none W: Failed to fetch https://enterprise.proxmox.com/debian/dists/jessie/pve-enterprise/binary-amd64/Packages server certificate verification failed. CAfile: /etc /apt/pve-repo-ca-certificates.crt CRLfile: none
you need to remove the lines
Acquire::https::enterprise.proxmox.com::CaInfo "/etc/apt/pve-repo-ca-certificates.crt"; Acquire::https::enterprise.proxmox.com::Verify-Peer "true";
in /etc/apt/apt.conf.d/75pveconf
Background:
The SSL certificate for the host enterprise.proxmox.com has changed.
- Before PVE 4.2.18 the SSL certificate used to access enterprise.proxmox.com was hardcoded to expected a SSL certificate signed by StartCom.
- In PVE 4.2.18, released in August 2016 this limitation was removed.
- In July 2017, after waiting one year to let people on the PVE 4.x branch upgrade, we changed the SSL certificate on enterprise.proxmox.com to use a let's encrypt certificate.
Hence people running old versions who did not upgrade in the one year time slot expect a StartCom signed SSL certificate, and get the error when receving the new let's encrypt cert.