tls

  1. L

    changing the FQDN, and not the hostname, in a cluster

    Hello, I would like to change the FQDN in a cluster which we mainly use to access the administrative interface. I see that in /etc/hosts both the fqdn and the one-label names are set: 127.0.0.1 localhost.localdomain localhost 10.88.88.231 pve1.example.com pve1 10.88.88.232 pve2.example.com...
  2. Y

    Node ACME Removal Error - "plugin 'Cloudflare for domain `node_fqdn` not found! (500)"

    Hello, I haven't been playing with my Proxmox homelab in some time. I fired them back up to try and do some work and noticed the TLS certs had expired for my WebUI. Previously I was using ACME DNS challenges with LetsEncrypt to configure my SSL/TLS certs. So I figured I would remove all of the...
  3. R

    Disable TLS for spice connections?

    Is it possible to completely disable TLS / certificates with spice connections? I'm using tailscale to "open up" my proxmox server, so I don't need tls for spice connections. Is there a way to disable tls?
  4. D

    Different SMTP/TLS Auth to same destination server based on sender address?

    We want to implement a mail gateway that is forwarding email to a specific mail host based on the MX record. However, the login credentials should be different (for that same mail host) based on the sender address. The email is sent from an application server via SMTP to the local Proxmox Mail...
  5. T

    454 4.7.0 TLS not available due to local problem

    Transcript of session follows. Out: 220 mail.dmz.se dmz.se In: EHLO mta-70-5-198.update.strava.com.sparkpostmail.com Out: 250-mail.dmz.se Out: 250-PIPELINING Out: 250-SIZE 10485760 Out: 250-VRFY Out: 250-ETRN Out: 250-STARTTLS Out: 250-ENHANCEDSTATUSCODES Out: 250-8BITMIME Out: 250-SMTPUTF8...
  6. M

    PVE ACME client generating bad CSR for IP addresses

    I am using an ACME server other than Let's Encrypt, and I observe PVE is having issues creating the CSR for IP addresses. Depending of the order of the domains (the actual domain and the IP) to be verified I add in the GUI to be verified it creates a bad CSR that is not accepted by the ACME...
  7. M

    Bad certificate for https://download.proxmox.com/

    The non-subscription repository has a bad certificate, and it prevents HTTPS usage on `apt` related commands. The issue is caused because it uses a certificate that is not valid for download.proxmox.com. The certificate is only valid for the following names: au.cdn.proxmox.com...
  8. T

    Is Smart Host TLS SSL supported?

    Today I am using Mail Gateway for all incoming email... to my Exchange Server. For ouotgoing smtp-mail I have an smart host via TLS SSL that I have to use. Can I use Proxmox Mail Gateway as my "Smarthost"? What version of TLS is this? Is it for outgoing, incoming or both? The SSL-certificate...
  9. J

    [SOLVED] NGINX with kTLS on unprivileged LXC on Proxmox 7.3

    Good day everyone! I have a 5-node cluster on PVE 7.3-6 with a couple hundred unprivileged LXC, all using the Debian 11 Bullseye template. I was looking at how Netflix can serve 800Gb/s of TLS encrypted video content from a single server, and a large part of it appears to be kTLS. I also saw...
  10. M

    TLS aktiviert, jetzt folgende Fehler: Cannot start TLS: handshake failure

    Hallo, ich habe heute meinen Exchange umgestellt, dass er seine Mails über das Proxmox Mail Gateway versendet. Dort habe ich TLS aktiviert. Seit dem werden meine Mails nicht von den Empfängern angenommen und ich bekomme folgenden Fehler: Cannot start TLS: handshake failure Hat jemand eine Idee...
  11. C

    SPICE TLS certificates

    Im using my own TLS certificate in PVE WebUI. But how can I setup How can I setup my custom TLS certificates in the SPICE protocol used by Proxmox PVE?
  12. K

    How to load TLS kernel module on Ubuntu CT?

    I'm running a Ubuntu 22.04 container on the latest version of Proxmox. I'm trying to load the kernel module in this container but it fails: mycontainer@root / # modprobe tls modprobe: FATAL: Module tls not found in directory /lib/modules/5.15.39-1-pve How can I load this module?
  13. T

    [SOLVED] PBS benchmark tool - Good TLS speed in local but decreased TLS speed from remote

    Hi there, as the title suggested, I would like to troubleshooting my issue with you. I installed a Proxmox Backup Server on a dedicated hardware: If I run proxmox-backup-client benchmark --repository BackupPVE i have this result: Now, from my main Proxmox server I get this result using...
  14. R

    Error Connection error 596 after upgrading to 7.2

    Hi everyone!, we are in the process of upgrading our cluster to Proxmox version 7.2 and after upgrading one of the nodes we have encountered this error. Error Connection error 596: tls_process_server_certificate: certificate verify failed Curiously I see the status of all virtual machines and...
  15. A

    TLS certificate ACME generation problems

    Hello, we are using PMG v 7.1-2 We started using the integrated ACME, but when the certificates are automatically generated, for some reason, they always contain outdated Let's Encrypt R3 certificate chain which expired in 2021. This means that TLS with our customers stops working every time...
  16. M

    [SOLVED] Zertifikate über API - Nicht über tls?

    Guten Abend Zusammen, ich habe jetzt schon eine Weile meinen PMG im Einsatz und bin extrem zufrieden mit dem Ergebniss, danke an das Team welches diese tolle Software erstellt und an alle die hier so tollen Support leisten! Ich habe heute für meine Domains im DNS DMARC aktiviert, und habe...
  17. Z

    Letsencrypt root certificate

    Hi, I have a problem receiving emails from a small number of servers, no emails make it through and i get the following message in the syslog: warning: TLS library problem: error:14094415:SSL routines:ssl3_read_bytes:sslv3 alert certificate expired:../ssl/record/rec_layer_s3.c:1543:SSL alert...
  18. K

    Feature requests for PBS

    Loving PBS but it would great to see the following added as standard so that it's more inline with PVE. I wondered if the below was on the roadmap for the future and if anyone else might find these useful: Firewall management (like PVE) Whilst I know I can use IPTABLES for the firewall element...
  19. O

    SSL connect attempt failed, error 500 when trying to view changelog of updates and git clone a repository TLS error

    Hello everyone, 1- Everything works fine when I update the repository list and upgrade all packages, but when I try to view the changelog, 50% of the time for the debian packages and 100% of the time for Proxmox enterprises packages, I get the error you can see in both screenshot. Looking at the...
  20. D

    Proxmox API allow HTTP connections

    Hi, We need to be able to debug network communication between an apliacation using HTTPS API and proxmox host. For it we need transmission to not be encrypted - is there any way to allow plain HTTP communication?

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!