Failed to start proxmox-backup-proxy.service after update to 3.4

G

gabbegubben

Member
Proxmox Subscriber
Apr 1, 2021
14
10
23
53
Just updated to PBS 3.4 and after a reboot the proxmox-backup-proxy.service refuses to start:

Code: 
systemd[1]: Starting proxmox-backup-proxy.service - Proxmox Backup API Proxy Server...
proxmox-backup-proxy[1505]: apply old journal log rrd.journal-67f79b3b
proxmox-backup-proxy[1505]: thread 'main' panicked at /usr/share/cargo/registry/proxmox-rest-server-0.8.9/src/connection.rs:154:38:
proxmox-backup-proxy[1505]: called `Result::unwrap()` on an `Err` value: ErrorStack([Error { code: 167772350, library: "SSL routines", function: "SSL_CTX_check_private_key", reason: "no private key assigned", file: "../ssl/ssl_lib.c", line: 1673 }])
proxmox-backup-proxy[1505]: note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
systemd[1]: proxmox-backup-proxy.service: Main process exited, code=exited, status=101/n/a
systemd[1]: proxmox-backup-proxy.service: Failed with result 'exit-code'.
systemd[1]: Failed to start proxmox-backup-proxy.service - Proxmox Backup API Proxy Server.

Any suggestions?
 
Hi,
do you use a custom certificate? What's the output of proxmox-backup-manager cert info?
 
Chris said:
Hi,
do you use a custom certificate? What's the output of proxmox-backup-manager cert info?
Click to expand...

Code: 
# proxmox-backup-manager cert info
Subject: CN = backup.ad.<ourdomain>
    DNS:backup.ad.<ourdomain>
    DNS:pbs.<ourdomain>
Issuer: C = US, O = Let's Encrypt, CN = R10
Validity:
    Not Before: Apr 10 07:54:01 2025 GMT
    Not After : Jul  9 07:54:00 2025 GMT
Fingerprint (sha256): fa:7c:cc:07:d9:75:14:52:1b:10:50:4e:07:0c:32:17:d2:8d:dc:3a:16:68:78:30:db:1d:bc:48:6a:bb:fe:3d
Public key type: rsaEncryption
Public key bits: 4096

As you can see, the certificate has one alternate name, something that has caused trouble with automatic renewal before (see https://bugzilla.proxmox.com/show_bug.cgi?id=4486) but manually pushing the button to order certificates has worked without problems.
 
Can you try the following
  • stop the PBS services via systemctl stop proxmox-backup-proxy.service proxmox-backup.service
  • move the current certificates to backup files via mv /etc/proxmox-backup/proxy.key /etc/proxmox-backup/proxy.key.bak; mv /etc/proxmox-backup/proxy.pem /etc/proxmox-backup/proxy.pem.bak
  • restart the PBS services via systemctl start proxmox-backup-proxy.service proxmox-backup.service
By this the proxy should come backup and generate new self-signed certificates. That would allow you to at least connect and setup your certificates again via the WebUI.
 
Last edited:
  • Like
Reactions: gabbegubben
Chris said:
Can you try the following
  • stop the PBS services via systemctl stop proxmox-backup-proxy.service proxmox-backup.service
  • move the current certificates to backup files via mv /etc/proxmox-backup/proxy.key /etc/proxmox-backup/proxy.key.bak; mv /etc/proxmox-backup/proxy.pem /etc/proxmox-backup/proxy.pem.bak
  • restart the PBS services via systemctl stop proxmox-backup-proxy.service proxmox-backup.service
By this the proxy should come backup and generate new self-signed certificates. That would allow you to at least connect and setup your certificates again via the WebUI.
Click to expand...
This worked perfectly. I could then use the "Order Certificates Now"-button and now our own certificate is installed and working again.
Many thanks!
 
You must log in or register to reply here.
Top Bottom