Server certificate verification failed when updating

From Proxmox VE
Jump to: navigation, search

If you're running PVE 4.2 or older, and get the following error

Err https://enterprise.proxmox.com jessie/pve-enterprise amd64 Packages
server certificate verification failed. CAfile: /etc/apt/pve-repo-ca-certificates.crt CRLfile: none
W: Failed to fetch https://enterprise.proxmox.com/debian/dists/jessie/pve-enterprise/binary-amd64/Packages server certificate verification failed. CAfile: /etc /apt/pve-repo-ca-certificates.crt CRLfile: none

you need to remove the lines

Acquire::https::enterprise.proxmox.com::CaInfo "/etc/apt/pve-repo-ca-certificates.crt";
Acquire::https::enterprise.proxmox.com::Verify-Peer "true";

in /etc/apt/apt.conf.d/75pveconf

Background:

The SSL certificate for the host enterprise.proxmox.com has changed.

  • Before PVE 4.2.18 the SSL certificate used to access enterprise.proxmox.com was hardcoded to expected a SSL certificate signed by StartCom.
  • In PVE 4.2.18, released in August 2016 this limitation was removed.
  • In July 2017, after waiting one year to let people on the PVE 4.x branch upgrade, we changed the SSL certificate on enterprise.proxmox.com to use a let's encrypt certificate.

Hence people running old versions who did not upgrade in the one year time slot expect a StartCom signed SSL certificate, and get the error when receving the new let's encrypt cert.