Certificate or Signature file error - Newbie question

[bharathyes]

Hi all! I am quite new to proxmox. I am using it to learn about virtualization and then move to running dockers and k8s.

I have a new installation of PVE. Here is pveversion -v :

proxmox-ve: 6.2-2 (running kernel: 5.4.65-1-pve)
pve-manager: 6.2-15 (running version: 6.2-15/48bd51b6)
pve-kernel-5.4: 6.2-7
pve-kernel-helper: 6.2-7
pve-kernel-5.4.65-1-pve: 5.4.65-1
pve-kernel-5.4.34-1-pve: 5.4.34-2
ceph-fuse: 14.2.11-pve1
corosync: 3.0.4-pve1
criu: 3.11-3
glusterfs-client: 5.5-3
ifupdown: 0.8.35+pve1
ksm-control-daemon: 1.3-1
libjs-extjs: 6.0.1-10
libknet1: 1.16-pve1
libproxmox-acme-perl: 1.0.5
libpve-access-control: 6.1-3
libpve-apiclient-perl: 3.0-3
libpve-common-perl: 6.2-4
libpve-guest-common-perl: 3.1-3
libpve-http-server-perl: 3.0-6
libpve-storage-perl: 6.2-10
libqb0: 1.0.5-1
libspice-server1: 0.14.2-4~pve6+1
lvm2: 2.03.02-pve4
lxc-pve: 4.0.3-1
lxcfs: 4.0.3-pve3
novnc-pve: 1.1.0-1
proxmox-backup-client: 1.0.1-1
proxmox-mini-journalreader: 1.1-1
proxmox-widget-toolkit: 2.3-10
pve-cluster: 6.2-1
pve-container: 3.2-2
pve-docs: 6.2-6
pve-edk2-firmware: 2.20200531-1
pve-firewall: 4.1-3
pve-firmware: 3.1-3
pve-ha-manager: 3.1-1
pve-i18n: 2.2-2
pve-qemu-kvm: 5.1.0-6
pve-xtermjs: 4.7.0-2
qemu-server: 6.2-19
smartmontools: 7.1-pve2
spiceterm: 3.1-1
vncterm: 1.6-2
zfsutils-linux: 0.8.4-pve2

Now am stuck at certificate and signature file errors like following:

#1

root@pve ~# wget https://mirrors.edge.kernel.org/pub/site/README
--2020-11-16 12:41:53--  https://mirrors.edge.kernel.org/pub/site/README
ERROR: Cannot open directory /usr/ssl/certs.
Resolving mirrors.edge.kernel.org (mirrors.edge.kernel.org)... 2604:1380:3000:1500::1, 147.75.95.133
Connecting to mirrors.edge.kernel.org (mirrors.edge.kernel.org)|2604:1380:3000:1500::1|:443... connected.
ERROR: The certificate of ‘mirrors.edge.kernel.org’ is not trusted.
ERROR: The certificate of ‘mirrors.edge.kernel.org’ doesn't have a known issuer.

Trying to use wget without disabling SSL keeps having this issue. Not sure if I am using the command wrong, or the site doesn't support SSL or I haven't configured properly. I have tried this on two sites. Same happens.

Tried this according to StackEx post:
root@pve ~# ln -sT /usr/ssl /etc/ssl ln: failed to create symbolic link '/etc/ssl': File exists


#2

My main issue is that I don't see turnkey LXC templates on the GUI. Tried to update the certs according to posts on this forum.

root@pve ~# pveam update update failed - see /var/log/pveam.log for details

These are the logs:

2020-11-04 09:49:14 starting update
2020-11-04 09:49:14 start download http://download.proxmox.com/images/aplinfo-pve-6.dat.asc
2020-11-04 09:49:22 download finished: 200 OK
2020-11-04 09:49:22 start download http://download.proxmox.com/images/aplinfo-pve-6.dat.gz
2020-11-04 09:49:23 download finished: 200 OK
2020-11-04 09:49:23 signature verification: gpgv: Signature made Mon Aug 24 18:31:09 2020 IST
2020-11-04 09:49:23 signature verification: gpgv:                using RSA key 353479F83781D7F8ED5F5AC57BF2812E8A6E88E0
2020-11-04 09:49:23 signature verification: gpgv: Good signature from "Proxmox Virtual Environment 6.x Release Key <proxmox-release@proxmox.com>"
2020-11-04 09:49:23 update successful
2020-11-04 09:49:23 start download https://releases.turnkeylinux.org/pve/aplinfo.dat.asc
2020-11-04 09:49:23 download failed: 500 Can't connect to releases.turnkeylinux.org:443
2020-11-04 09:49:23 update failed - no signature file '/var/lib/pve-manager/apl-info/pveam-releases.turnkeylinux.org.tmp.1108.asc'
2020-11-09 11:24:17 starting update
2020-11-09 11:24:17 start download http://download.proxmox.com/images/aplinfo-pve-6.dat.asc
2020-11-09 11:24:37 download failed: 500 Can't connect to download.proxmox.com:80 (Temporary failure in name resolution)
2020-11-09 11:24:37 update failed - no signature file '/var/lib/pve-manager/apl-info/pveam-download.proxmox.com.tmp.1070.asc'
2020-11-09 11:24:37 start download https://releases.turnkeylinux.org/pve/aplinfo.dat.asc
2020-11-09 11:24:37 download failed: 500 Can't connect to releases.turnkeylinux.org:443
2020-11-09 11:24:37 update failed - no signature file '/var/lib/pve-manager/apl-info/pveam-releases.turnkeylinux.org.tmp.1070.asc'
2020-11-10 05:41:35 starting update
2020-11-10 05:41:35 start download http://download.proxmox.com/images/aplinfo-pve-6.dat.asc
2020-11-10 05:41:37 download finished: 200 OK
2020-11-10 05:41:37 start download http://download.proxmox.com/images/aplinfo-pve-6.dat.gz
2020-11-10 05:41:37 download finished: 200 OK
2020-11-10 05:41:37 signature verification: gpgv: Signature made Mon Aug 24 18:31:09 2020 IST
2020-11-10 05:41:37 signature verification: gpgv:                using RSA key 353479F83781D7F8ED5F5AC57BF2812E8A6E88E0
2020-11-10 05:41:37 signature verification: gpgv: Good signature from "Proxmox Virtual Environment 6.x Release Key <proxmox-release@proxmox.com>"
2020-11-10 05:41:37 update successful
2020-11-10 05:41:37 start download https://releases.turnkeylinux.org/pve/aplinfo.dat.asc
2020-11-10 05:41:37 download failed: 500 Can't connect to releases.turnkeylinux.org:443
2020-11-10 05:41:37 update failed - no signature file '/var/lib/pve-manager/apl-info/pveam-releases.turnkeylinux.org.tmp.1401.asc'
2020-11-11 05:03:51 starting update
2020-11-11 05:03:51 start download http://download.proxmox.com/images/aplinfo-pve-6.dat.asc
2020-11-11 05:03:53 download finished: 200 OK
2020-11-11 05:03:53 start download http://download.proxmox.com/images/aplinfo-pve-6.dat.gz
2020-11-11 05:03:53 download finished: 200 OK
2020-11-11 05:03:53 signature verification: gpgv: Signature made Mon Aug 24 18:31:09 2020 IST
2020-11-11 05:03:53 signature verification: gpgv:                using RSA key 353479F83781D7F8ED5F5AC57BF2812E8A6E88E0
2020-11-11 05:03:53 signature verification: gpgv: Good signature from "Proxmox Virtual Environment 6.x Release Key <proxmox-release@proxmox.com>"
2020-11-11 05:03:53 update successful
2020-11-11 05:03:53 start download https://releases.turnkeylinux.org/pve/aplinfo.dat.asc
2020-11-11 05:03:53 download failed: 500 Can't connect to releases.turnkeylinux.org:443
2020-11-11 05:03:53 update failed - no signature file '/var/lib/pve-manager/apl-info/pveam-releases.turnkeylinux.org.tmp.15417.asc'
2020-11-12 05:02:31 starting update
2020-11-12 05:02:31 start download http://download.proxmox.com/images/aplinfo-pve-6.dat.asc
2020-11-12 05:02:33 download finished: 200 OK
2020-11-12 05:02:33 start download http://download.proxmox.com/images/aplinfo-pve-6.dat.gz
2020-11-12 05:02:33 download finished: 200 OK
2020-11-12 05:02:33 signature verification: gpgv: Signature made Mon Aug 24 18:31:09 2020 IST
2020-11-12 05:02:33 signature verification: gpgv:                using RSA key 353479F83781D7F8ED5F5AC57BF2812E8A6E88E0
2020-11-12 05:02:33 signature verification: gpgv: Good signature from "Proxmox Virtual Environment 6.x Release Key <proxmox-release@proxmox.com>"
2020-11-12 05:02:33 update successful
2020-11-12 05:02:33 start download https://releases.turnkeylinux.org/pve/aplinfo.dat.asc
2020-11-12 05:02:33 download failed: 500 Can't connect to releases.turnkeylinux.org:443
2020-11-12 05:02:33 update failed - no signature file '/var/lib/pve-manager/apl-info/pveam-releases.turnkeylinux.org.tmp.8605.asc'
2020-11-13 05:30:51 starting update
2020-11-13 05:30:51 start download http://download.proxmox.com/images/aplinfo-pve-6.dat.asc
2020-11-13 05:30:53 download finished: 200 OK
2020-11-13 05:30:53 start download http://download.proxmox.com/images/aplinfo-pve-6.dat.gz
2020-11-13 05:30:53 download finished: 200 OK
2020-11-13 05:30:53 signature verification: gpgv: Signature made Mon Aug 24 18:31:09 2020 IST
2020-11-13 05:30:53 signature verification: gpgv:                using RSA key 353479F83781D7F8ED5F5AC57BF2812E8A6E88E0
2020-11-13 05:30:53 signature verification: gpgv: Good signature from "Proxmox Virtual Environment 6.x Release Key <proxmox-release@proxmox.com>"
2020-11-13 05:30:53 update successful
2020-11-13 05:30:53 start download https://releases.turnkeylinux.org/pve/aplinfo.dat.asc
2020-11-13 05:30:53 download failed: 500 Can't connect to releases.turnkeylinux.org:443
2020-11-13 05:30:53 update failed - no signature file '/var/lib/pve-manager/apl-info/pveam-releases.turnkeylinux.org.tmp.8141.asc'
2020-11-14 05:23:51 starting update
2020-11-14 05:23:51 start download http://download.proxmox.com/images/aplinfo-pve-6.dat.asc
2020-11-14 05:23:53 download finished: 200 OK
2020-11-14 05:23:53 start download http://download.proxmox.com/images/aplinfo-pve-6.dat.gz
2020-11-14 05:23:53 download finished: 200 OK
2020-11-14 05:23:53 signature verification: gpgv: Signature made Mon Aug 24 18:31:09 2020 IST
2020-11-14 05:23:53 signature verification: gpgv:                using RSA key 353479F83781D7F8ED5F5AC57BF2812E8A6E88E0
2020-11-14 05:23:53 signature verification: gpgv: Good signature from "Proxmox Virtual Environment 6.x Release Key <proxmox-release@proxmox.com>"
2020-11-14 05:23:53 update successful
2020-11-14 05:23:53 start download https://releases.turnkeylinux.org/pve/aplinfo.dat.asc
2020-11-14 05:23:53 download failed: 500 Can't connect to releases.turnkeylinux.org:443
2020-11-14 05:23:53 update failed - no signature file '/var/lib/pve-manager/apl-info/pveam-releases.turnkeylinux.org.tmp.4663.asc'
2020-11-14 11:15:09 starting update
2020-11-14 11:15:09 start download http://download.proxmox.com/images/aplinfo-pve-6.dat.asc
2020-11-14 11:15:10 download finished: 200 OK
2020-11-14 11:15:10 start download http://download.proxmox.com/images/aplinfo-pve-6.dat.gz
2020-11-14 11:15:10 download finished: 200 OK
2020-11-14 11:15:10 signature verification: gpgv: Signature made Mon Aug 24 18:31:09 2020 IST
2020-11-14 11:15:10 signature verification: gpgv:                using RSA key 353479F83781D7F8ED5F5AC57BF2812E8A6E88E0
2020-11-14 11:15:10 signature verification: gpgv: Good signature from "Proxmox Virtual Environment 6.x Release Key <proxmox-release@proxmox.com>"
2020-11-14 11:15:10 update successful
2020-11-14 11:15:10 start download https://releases.turnkeylinux.org/pve/aplinfo.dat.asc
2020-11-14 11:15:10 download failed: 500 Can't connect to releases.turnkeylinux.org:443
2020-11-14 11:15:10 update failed - no signature file '/var/lib/pve-manager/apl-info/pveam-releases.turnkeylinux.org.tmp.798.asc'
2020-11-15 22:09:33 starting update
2020-11-15 22:09:33 start download http://download.proxmox.com/images/aplinfo-pve-6.dat.asc
2020-11-15 22:09:48 download finished: 200 OK
2020-11-15 22:09:48 start download http://download.proxmox.com/images/aplinfo-pve-6.dat.gz
2020-11-15 22:09:49 download finished: 200 OK
2020-11-15 22:09:49 signature verification: gpgv: Signature made Mon Aug 24 18:31:09 2020 IST
2020-11-15 22:09:49 signature verification: gpgv:                using RSA key 353479F83781D7F8ED5F5AC57BF2812E8A6E88E0
2020-11-15 22:09:49 signature verification: gpgv: Good signature from "Proxmox Virtual Environment 6.x Release Key <proxmox-release@proxmox.com>"
2020-11-15 22:09:49 update successful
2020-11-15 22:09:49 start download https://releases.turnkeylinux.org/pve/aplinfo.dat.asc
2020-11-15 22:09:49 download failed: 500 Can't connect to releases.turnkeylinux.org:443
2020-11-15 22:09:49 update failed - no signature file '/var/lib/pve-manager/apl-info/pveam-releases.turnkeylinux.org.tmp.1088.asc'
2020-11-16 02:38:31 starting update
2020-11-16 02:38:31 start download http://download.proxmox.com/images/aplinfo-pve-6.dat.asc
2020-11-16 02:38:32 download finished: 200 OK
2020-11-16 02:38:32 start download http://download.proxmox.com/images/aplinfo-pve-6.dat.gz
2020-11-16 02:38:32 download finished: 200 OK
2020-11-16 02:38:32 signature verification: gpgv: Signature made Mon Aug 24 18:31:09 2020 IST
2020-11-16 02:38:32 signature verification: gpgv:                using RSA key 353479F83781D7F8ED5F5AC57BF2812E8A6E88E0
2020-11-16 02:38:32 signature verification: gpgv: Good signature from "Proxmox Virtual Environment 6.x Release Key <proxmox-release@proxmox.com>"
2020-11-16 02:38:32 update successful
2020-11-16 02:38:32 start download https://releases.turnkeylinux.org/pve/aplinfo.dat.asc
2020-11-16 02:38:32 download failed: 500 Can't connect to releases.turnkeylinux.org:443
2020-11-16 02:38:32 update failed - no signature file '/var/lib/pve-manager/apl-info/pveam-releases.turnkeylinux.org.tmp.10239.asc'
2020-11-16 12:39:53 starting update
2020-11-16 12:39:53 start download http://download.proxmox.com/images/aplinfo-pve-6.dat.asc
2020-11-16 12:39:56 download finished: 200 OK
2020-11-16 12:39:56 start download http://download.proxmox.com/images/aplinfo-pve-6.dat.gz
2020-11-16 12:39:56 download finished: 200 OK
2020-11-16 12:39:56 signature verification: gpgv: Signature made Mon Aug 24 18:31:09 2020 IST
2020-11-16 12:39:56 signature verification: gpgv:                using RSA key 353479F83781D7F8ED5F5AC57BF2812E8A6E88E0
2020-11-16 12:39:56 signature verification: gpgv: Good signature from "Proxmox Virtual Environment 6.x Release Key <proxmox-release@proxmox.com>"
2020-11-16 12:39:56 update successful
2020-11-16 12:39:56 start download https://releases.turnkeylinux.org/pve/aplinfo.dat.asc
2020-11-16 12:39:56 download failed: 500 Can't connect to releases.turnkeylinux.org:443
2020-11-16 12:39:56 update failed - no signature file '/var/lib/pve-manager/apl-info/pveam-releases.turnkeylinux.org.tmp.5432.asc'

Most other posts here and articles I got for certificate errors seem to relate to https hosting servers by obtaining CA certs for domain names. I am looking to setup domains locally (like this) once I start using locally hosted services, so is CA certificates something I need to do right now?

Not sure where I messed up since when I first installed PVE few months back I didn't have this issue. What am I missing here. Don't want to re-install for every error, then I won't learn anything.

 

[wolfgang]

Hi,

I guess you got network/DNS problems.

Please check your Network connection.

 

[bharathyes]

I guess you got network/DNS problems.

Please check your Network connection.

What makes you say that?? I am able to access the internet from PVE and I have now tried using 1.1.1.1 and a couple other services that works on my other devices.

I have set different DNS ( both v4 and v6) using the GUI and tried updating the system and the certificates but keep getting the same.

What is the proper command to pull the proper certificates needed? And is there a way to check if it is indeed a DNS issue?

 

[wolfgang]

500 Can't connect to releases.turnkeylinux.org:443

This indicates something is not working with the network.
Do you use a proxy, IDS or does your DNS blacklist domains dynamic?

 

[bharathyes]

This indicates something is not working with the network.
Do you use a proxy, IDS or does your DNS blacklist domains dynamic?

No proxy or IDS on the network. Just connected to a regular ISP modem.

I have tried using 1.1.1.1 which doesn't filter. I have now also tried with NextDNS with the logs enabled. All requests from PVE was responded including releases.turnkeylinux.org. Does it mean anything that I am able to ping to this domain too.

This seems to be more of an issus with verification of the certificates. Is it significant that connection to port 443 specifically fails and could the 500 status an actual response from the server or just a placeholder? If it is an actual response doesn't that mean that the server was reached by PVE and thus DNS and the network works fine?