Proxmox Datacenter Manager - First Alpha Release

[pavlos]

You very likely have a broken apt sources configuration! Please check that out, ensure they all use same distro (bookworm for pdm0/alpha, trixie for pdm1/beta), and if you cannot figure that out, or if something else is off too, then please open a new thread, the generic alpha release thread is not the right place to debug this.

I have trixie 13, I looked for libapt-pkg6, d/l and installed it, pdm works. My apologies for posting here.

 

[t.lamprecht]

I have trixie 13

Ok, but

libapt-pkg6

is from Debian bookworm 12, as in Debian Trixie 13 it's libapt-pkg7.0. Are you sure you switch the PDM repo over to the trixie one?

 

[pavlos]

I realized my mistake and changed pdm-test.list to deb http://download.proxmox.com/debian/pdm trixie pdm-test
apt update, pdm is 0.9.4

 

[RocketSam]

did you maybe mix up some certificates/nodes/fingerprints? the error message says that the remote has a different one than you configured.. note that if you use Let's Encrypt or another trusted-by-default CA, you don't need to provide a fingerprint at all, you can just use the FQDN as endpoint and it should work.

Honestly I doubt it.


pm-dcm proxmox-datacenter-api[662]: bad fingerprint: 47:69:ef:da:f8:1d:9d:e9:ca:34:29:85:90:26:54:39:8e:6e:ad:7a:bc:b3:55:fe:a3:98:5a:6d:70:47:04:98
pm-dcm proxmox-datacenter-api[662]: expected fingerprint: 9b:5e:eb:18:50:2f:e1:c6:5b:19:5f:de:9b:60:c9:f7:ba:9e:78:3f:4a:cf:6a:9e:aa:63:56:5f:9c:f4:a7:9b
pm-dcm proxmox-datacenter-api[662]: failed to query info for remote 'cluster' node 'host418.domain.local:8006' - client error (Connect)

openssl s_client -connect host418.domain.local:8006 </dev/null 2>/dev/null | openssl x509 -noout -fingerprint -sha256
sha256 Fingerprint=9B:5E:EB:18:50:2F:E1:C6:5B:19:5FE:9B:60:C9:F7:BA:9E:78:3F:4A:CF:6A:9E:AA:63:56:5F:9C:F4:A7:9B

 

[fabian]

does the "bad" fingerprint match the issuer of your certificate?

 

[RocketSam]

does the "bad" fingerprint match the issuer of your certificate?

In that case, all certificates should have the same fingerprint, and that's not my case, right?

root@pm-dcm:/usr/local/share/ca-certificates# openssl s_client -connect host420.domain.local:8006 </dev/null 2>/dev/null | openssl x509 -noout -fingerprint -sha256
sha256 Fingerprint=C44:02:17:3F:3A:CB:BA:A9:FA:25:C9:2D:F4:4E:65:3C:7F:5F:FD:507:9A:AD:C2:20:92:78:F8:A9:29:12
root@pm-dcm:/usr/local/share/ca-certificates# openssl s_client -connect host419.domain.local:8006 </dev/null 2>/dev/null | openssl x509 -noout -fingerprint -sha256
sha256 Fingerprint=02:9EC:9A:35:219:2E:05:35:3F:FB:6A:31:46:08:14:05:930:5D:E64:7C:4D:46:14:51:8B:0A:51:1E
root@pm-dcm:/usr/local/share/ca-certificates# openssl s_client -connect host418.domain.local:8006 </dev/null 2>/dev/null | openssl x509 -noout -fingerprint -sha256
sha256 Fingerprint=9B:5E:EB:18:50:2F:E1:C6:5B:19:5FE:9B:60:C9:F7:BA:9E:78:3F:4A:CF:6A:9E:AA:63:56:5F:9C:F4:A7:9B

 

[fabian]

could you answer the question? the "bad" fingerprint must come from somewhere..