Certificates for API and web GUI

leanhduc215 · May 5, 2020

I updated the SSL certificate and now it has this error.
Is there any way back to the default?

root@pve1:/etc/pve/local# journalctl -b -u pveproxy.service
-- Logs begin at Tue 2020-05-05 08:57:19 +07, end at Tue 2020-05-05 09:49:00 +07. --
May 05 08:57:25 pve1 systemd[1]: Starting PVE API Proxy Server...
May 05 08:57:27 pve1 pveproxy[1548]: Using '/etc/pve/local/pveproxy-ssl.pem' as certificate for the web interface.
May 05 08:57:27 pve1 pveproxy[1550]: starting server
May 05 08:57:27 pve1 pveproxy[1550]: starting 3 worker(s)
May 05 08:57:27 pve1 pveproxy[1550]: worker 1551 started
May 05 08:57:27 pve1 pveproxy[1550]: worker 1552 started
May 05 08:57:27 pve1 pveproxy[1550]: worker 1553 started
May 05 08:57:27 pve1 systemd[1]: Started PVE API Proxy Server.
May 05 08:57:27 pve1 pveproxy[1551]: /etc/pve/local/pveproxy-ssl.key: failed to load local private key (key_file or key) at /usr/share/perl5/PVE/APIServer/AnyEvent.pm line 1727.
May 05 08:57:27 pve1 pveproxy[1552]: /etc/pve/local/pveproxy-ssl.key: failed to load local private key (key_file or key) at /usr/share/perl5/PVE/APIServer/AnyEvent.pm line 1727.
May 05 08:57:27 pve1 pveproxy[1553]: /etc/pve/local/pveproxy-ssl.key: failed to load local private key (key_file or key) at /usr/share/perl5/PVE/APIServer/AnyEvent.pm line 1727.
May 05 08:57:32 pve1 pveproxy[1551]: worker exit
May 05 08:57:32 pve1 pveproxy[1552]: worker exit
May 05 08:57:32 pve1 pveproxy[1553]: worker exit
May 05 08:57:32 pve1 pveproxy[1550]: worker 1551 finished
May 05 08:57:32 pve1 pveproxy[1550]: starting 1 worker(s)
May 05 08:57:32 pve1 pveproxy[1550]: worker 1552 finished
May 05 08:57:32 pve1 pveproxy[1550]: worker 1553 finished
May 05 08:57:32 pve1 pveproxy[1550]: worker 1567 started
May 05 08:57:32 pve1 pveproxy[1567]: /etc/pve/local/pveproxy-ssl.key: failed to load local private key (key_file or key) at /usr/share/perl5/PVE/APIServer/AnyEvent.pm line 1727.
May 05 08:57:37 pve1 pveproxy[1550]: starting 2 worker(s)
May 05 08:57:37 pve1 pveproxy[1550]: worker 1617 started
May 05 08:57:37 pve1 pveproxy[1550]: worker 1618 started
May 05 08:57:37 pve1 pveproxy[1567]: worker exit
May 05 08:57:37 pve1 pveproxy[1617]: /etc/pve/local/pveproxy-ssl.key: failed to load local private key (key_file or key) at /usr/share/perl5/PVE/APIServer/AnyEvent.pm line 1727.
May 05 08:57:37 pve1 pveproxy[1618]: /etc/pve/local/pveproxy-ssl.key: failed to load local private key (key_file or key) at /usr/share/perl5/PVE/APIServer/AnyEvent.pm line 1727.
May 05 08:57:37 pve1 pveproxy[1550]: worker 1567 finished
May 05 08:57:37 pve1 pveproxy[1550]: starting 1 worker(s)
May 05 08:57:37 pve1 pveproxy[1550]: worker 1619 started
May 05 08:57:37 pve1 pveproxy[1619]: /etc/pve/local/pveproxy-ssl.key: failed to load local private key (key_file or key) at /usr/share/perl5/PVE/APIServer/AnyEvent.pm line 1727.
May 05 08:57:42 pve1 pveproxy[1617]: worker exit
May 05 08:57:42 pve1 pveproxy[1618]: worker exit
May 05 08:57:42 pve1 pveproxy[1550]: worker 1617 finished
May 05 08:57:42 pve1 pveproxy[1550]: worker 1618 finished
May 05 08:57:42 pve1 pveproxy[1550]: starting 2 worker(s)
May 05 08:57:42 pve1 pveproxy[1550]: worker 1628 started
May 05 08:57:42 pve1 pveproxy[1550]: worker 1629 started
May 05 08:57:42 pve1 pveproxy[1619]: worker exit
May 05 08:57:42 pve1 pveproxy[1628]: /etc/pve/local/pveproxy-ssl.key: failed to load local private key (key_file or key) at /usr/share/perl5/PVE/APIServer/AnyEvent.pm line 1727.
May 05 08:57:42 pve1 pveproxy[1629]: /etc/pve/local/pveproxy-ssl.key: failed to load local private key (key_file or key) at /usr/share/perl5/PVE/APIServer/AnyEvent.pm line 1727.
May 05 08:57:42 pve1 pveproxy[1550]: worker 1619 finished
May 05 08:57:42 pve1 pveproxy[1550]: starting 1 worker(s)
May 05 08:57:42 pve1 pveproxy[1550]: worker 1630 started
May 05 08:57:42 pve1 pveproxy[1630]: /etc/pve/local/pveproxy-ssl.key: failed to load local private key (key_file or key) at /usr/share/perl5/PVE/APIServer/AnyEvent.pm line 1727.

t.lamprecht · May 5, 2020

leanhduc215 said:
I updated the SSL certificate and now it has this error.

How? The key isn't protected with a password, or?
https://pve.proxmox.com/pve-docs/chapter-sysadmin.html#_certificates_for_api_and_web_gui

leanhduc215 said:
Is there any way back to the default?

You could delete your personal certs from the cluster path, if you just copied them over and did nothing else it should do the trick and go back to the self-signed certificates.

Bash:

rm /etc/pve/local/pveproxy-ssl.pem /etc/pve/local/pveproxy-ssl.key
systemctl restart pveproxy

If you did more than just copying over your cert files I'd be good to hear first what that was exactly.

leanhduc215 · May 5, 2020

t.lamprecht said:
How? The key isn't protected with a password, or?
https://pve.proxmox.com/pve-docs/chapter-sysadmin.html#_certificates_for_api_and_web_gui

You could delete your personal certs from the cluster path, if you just copied them over and did nothing else it should do the trick and go back to the self-signed certificates.

Bash:

rm /etc/pve/local/pveproxy-ssl.pem /etc/pve/local/pveproxy-ssl.key systemctl restart pveproxy

If you did more than just copying over your cert files I'd be good to hear first what that was exactly.

I have purchased SSL certificate for my domain, now I want to add the domain name proxmox?

I have cabundle and certificate, so what else do I need to add to proxmox?

Search

Search

Certificates for API and web GUI

leanhduc215

New Member

Attachments

t.lamprecht

Proxmox Staff Member

leanhduc215

New Member