certificate

  1. O

    Certificate misconfiguration for download.proxmox.com

    https://download.proxmox.com/iso/ Reports a certificate misconfiguration (certificate was issued for: enterprise.proxmox.com).
  2. M

    Using HE DDNS for ACME certificates

    For anyone using Hurricane Electric's dynamic DNS records in https://dns.he.net/, here is an ACME DNS API plugin script for PVE: https://github.com/markkuleinio/pve-acme-he-ddns If I have understood it correctly, Proxmox will update their own proxmox-acme repo from acme.sh repo in GitHub, so...
  3. L

    Any way to make proxmox check if ACME cert renewal needed on startup?

    I am using my selfhosted smallstep server to issue certificates for everything in my homelab. By design, the certificates are short-lived (only 24 hours). I have managed to request the certificate just fine via proxmox, and the auto renewal process seems to work fine. However, when the proxmox...
  4. L

    New install pve 8.2 on Debian 12 certificate blocks GUI

    I have done fresh install on a Debian 12 cloud host and all went well I thought, except that port 8006 is not responding. (I followed the documentation here) I the logs I find this: Jun 04 17:52:23 pmx1 pveproxy[12734]: /etc/pve/local/pve-ssl.pem: failed to use local certificate chain...
  5. L

    Bookmyname certificate, tips for PVE and PBS

    Since Acme released a bookmyname plugin at the end of 2023, it is now possible to use the user interface to manage certificates. A few comments though: I had trouble getting it to work, and couldn't find much information here. After a lot of struggling, I put some debugging code in...
  6. O

    [SOLVED] Unable to access GUI after trying to import SSL cert

    Hi, I was trying to apply a SSL cert I created for my home lab and was following instructions from a YouTube video and after I imported it via the interface/gui the web page was inaccessible. I get the error "Site can't be reached - unexpectedly closed the connection." I use Brave browser but...
  7. C

    Built-in SSL certificate renewal?

    I have a pve-ssl.pem that expires on May 24th (the matching pve-root-ca.pem does not expire until May 2032), the default-on-creation /OU=PVE Cluster Node/O=Proxmox Virtual Environment/ certificate. It is not in the ACME section of the certificates area of my Proxmox node. Is this going to...
  8. S

    [TUTORIAL] Clean Install Proxmox VE 8.1 - How I fixed: Webinterface not working (failed to use local certificate chain)

    While installing my first Proxmox VE hosts I chose to use the latest version on a Dell Wyse 5070 host. The installation process went completely fine. As hostname I provided "proxmoxtest". After removing the install medium and first start I tried to connect via https and port 8006 but nothing...
  9. M

    error fetching datastores - fingerprint 'xxx' not verified, abort!

    Hi Team, I've recently upgraded all the PVE nodes + PBS nodes here and since that, my formerly fully trusted 3rd party certificate (used on PBS's) seems not trusted anymore. The PKI root certificate is imported on every PVE/PBS nodes and each nodes installed certificate is signed by that root...
  10. V

    DNS and certificate question

    Hi! I recently started using PMG, super amazing service! I plan on expanding to a HA Cluster and I wonder how to handle certificate for my cluster I want to have one dedicated subdomain for each and then one domain for users to have in their MX records. So lets say we have pmg.mydomain.net A...
  11. N

    Cert from other Host (NGINX Proxy Manager)

    Hey guys, I was able to setup PMG yesterday and my mailcow behind it. Right now I run into the following issue that I get a reject on a receiving server ehlo/helo domain. F.e. my PMG got the hostname mailgateway.internal.local right now. My 1st: Is it just enough to change the hostname in...
  12. M

    [SOLVED] PBS certificate validation fails even with updated fingerprint set

    Hi, yesterday I’ve updated the certificate on PBS with a new self-signed cert (uploaded a proxy.pem containing the cert and the root ca that signed it, I don’t have an intermediate CA on my lab setup) and my PBS backups on PVE started to fail. Then I remembered that the fingerprint changed and...
  13. H

    [SOLVED] ACME Certificate Can't Add Subject Alternative Names?

    I was able to successfully get a Lets Encrypt cert for my PVE box, using the domain: PVE.domain.com, but I am only able to access the server as such. If I connect to the server locally at https;//PVE:8006/, I get an err_cert_common_name_invalid error in chrome. Is there any way to add SANs to...
  14. M

    Uploading certificates signed by a personal CA

    Hi, I've tried to upload a certificate+key pair signed by my own self-signed CA and as soon as I upload it I loose the connection to the management interface. I've tried to upload also a certificate with the server cert + CA cert and nothing changed. Is there any particular setting/option that I...
  15. S

    Fehlermeldung beim Upload des neuen Zertifikats

    Hallo, ich möchte mein TLS-Zertifikat auf meinen Proxmox-Servern updaten. (2 von 3 sind live :) ) Wir haben ein Wildcard-Zertifikat für *.consulting1x1.info. Dazu habe ich eine Datei, die aus dem Zertifikat und darauf folgend dem ersten Teil der Chain besteht und mit nginx problemlos...
  16. B

    download.proxmox.com certificate issue

    hello, can you explain, why PVE 7.1-4 can't apt into http repos? if i set https repos like: deb https://download.proxmox.com/debian/pve bullseye pve-no-subscription it requires authorization, which i can't provide. from another side, if i set http repo, apt gives me this answer: Err:1...
  17. N

    [SOLVED] Issue while adding acme account with custom acme directory

    Hey, I want to add an ACME account with a custom directory (-> self hosted step-ca) Because you cannot add an acme account with a non-letsencrypt directory via the GUI, I used the command line on proxmox-back-server, I will get the following error: root@pbs:~# proxmox-backup-manager acme...
  18. A

    Help with ECDSA certificate

    Hi! Are ECDSA generated certificates supported by Proxmox VE and Proxmox BS? I'm asking this because I'v genenarated a certificate using "openssl ecparam -name prime256v1" and once i upload id trough Proxmox GUI, it doesnt looks to be supported as it wont reload the page. - No error appears...
  19. E

    SSLCertificate problem

    Hello, After a fresh installation of Proxmox, we have taken a backup of Proxmox and restore it into new servers. But in Mozilla Firefox, we cannot login Proxmox, because their SSL Certificate are same, but in Chrome it is ok, we can login. We want to prepare an image of Proxmox for future...
  20. F

    Issues with certificates

    Today I upgraded to Proxmox 7 and noticed my certificates were expired. I built these certificates myself with easy-rsa and had no problems installing them last time. However, after issuing new certs and uploading them, pveproxy stopped working with journalctl -xy giving...

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!