[TUTORIAL] Clean Install Proxmox VE 8.1 - How I fixed: Webinterface not working (failed to use local certificate chain)

[Starbase]

While installing my first Proxmox VE hosts I chose to use the latest version on a Dell Wyse 5070 host. The installation process went completely fine. As hostname I provided "proxmoxtest". After removing the install medium and first start I tried to connect via https and port 8006 but nothing happens. I ensured, that the Port 8006 is opened but still wasn't able to access the GUI.


To check the status of service "pveproxy" I entered systemctl status pveproxy.

It showed me the error: /etc/pve/local/pve-ssl.pem: failed to use local certificate chain (cert_file or cert) at /usr/share/perl5/PVE/APIServer/AnyEvent.pm line 2009. Therefore I checked two locations:

ls -l /etc/pve/priv
ls -l /etc/pve/local

The file "pve-root-ca.key" has a size of 0 bytes. "pve-ssl.key" looks valid but "pve-ssl.pem" is missing. What happened here?

The command pvecm updatecerts -f didn't worked because of missing/invalid files. So I re-created the required files and restarted the "pveproxy"-service.

openssl genrsa -out /etc/pve/priv/pve-root-ca.key 4096
openssl req -new -x509 -days 3650 -key pve-root-ca.key -out /etc/pve/pve-root-ca.pem -subj "/CN=Proxmox Virtual Environment Root CA/O=PVE Cluster Manager CA/"
openssl req -newkey rsa:4096 -nodes -x509 -days 365 -keyout /etc/pve/local/pve-ssl.key -out /etc/pve/local/pve-ssl.pem -subj "/CN=$(hostname -f)"
systemctl restart pveproxy

After that it seems to be fixed . But if such basic thing is somehow broken.... what else might didn't work while installing Proxmox 8.1? Hope such issues are not common for Proxmox. I plan to replace some VMware hypervisor in the future.

Chris

 

[Vince.pan]

met same issue on new installed PVE 8.1

 

[Vince.pan]

It is so strange, i installed on two machines, use same iso file. one had this problem another not.

Maybe the internet connection during installing, cause this problem

 

[guhcampos]

Registered just to reply to this. I had the exact same issue but the solution was a bit different.

Installed proxmox without an internet connection, booted to a perfectly working console from which I was able to connect to the internet and see everything in my network. I could even `nmap` the other hosts, no problem.

From my laptop I could not open the web interface or ping the proxmox IP address. SSH worked fine, `telnet` to port 8006 worked fine. Very weird.

Googled and stumbled into this post, successfully ran:
```
openssl genrsa -out /etc/pve/priv/pve-root-ca.key 4096
```

but then:
```
root@proxmox:~# openssl req -new -x509 -days 3650 -key pve-root-ca.key -out /etc/pve/pve-root-ca.pem -subj "/CN=Proxmox Virtual Environment Root CA/O=PVE Cluster Manager CA/"
private key from pve-root-ca.key
40C7DB4DB9700000:error:16000069:STORE routinesssl_store_get0_loader_int:unregistered scheme:../crypto/store/store_register.c:237:scheme=file
40C7DB4DB9700000:error:80000002:system library:file_open:No such file or directory:../providers/implementations/storemgmt/file_store.c:267:calling stat(pve-root-ca.key)
```

Decided to reinstall now that I have an internet connection just in case, but when I rebooted the machine, it booted to Proxmox before I could stick the USB in place...

... and it booted to a working instance with the web interface and ping proper.

 

[tiagoadp]

Great the only one that solved my issue, tnx! =)

 

[bart.simspon]

Thanks mate! I had the same issue with a new installation. I solved it by executing

1. openssl genrsa -out /etc/pve/priv/pve-root-ca.key 4096
2. pvecm updatecerts -f
3. systemctl restart pveproxy

 

[Fabri91]

Thanks mate! I had the same issue with a new installation. I solved it by executing

1. openssl genrsa -out /etc/pve/priv/pve-root-ca.key 4096
2. pvecm updatecerts -f
3. systemctl restart pveproxy

I too had the same issue and was able to solve it with this.

Freshly-downloaded .iso of PVE 8.3.

 

[smil]

I can't access proxmox after systemctl restart pveproxy
proxmox ip address is 192.168.1.110:8006, but after run journalctl command showing authentication failur ; rhost=::ffff:198.244.201.213 user=root@pam.
Is proxmox ip address changed ?