Fingerprint of Backup SRV automatical changed

I

informant

Renowned Member
Jan 31, 2012
802
11
83
hi, tonight we have the problem, thats the fingerprint of backup server was automatical changed. ssl was changed too. all proxmox nodes / servers dont have access after it, why all servers have other fingerprint key. why it do change automatical? what is problem and how can i solve it without set manually on all servers after autochange? how can i make it automatical to alls ervers... hope for answers to solve. thanks

regards
 
Last edited:
update, if i remove fingerprint on proxmox storage, i have no access to proxmox backup server. pbs have a ssl from letsencrypt, is not a self generated ssl. it dont work without fingerprint :( and with after 3 months i must change on all proxmox clusters - any ideas?
 
Do you use the fully qualified domain name for your pbs? IP or short name will not work.
 
hi as id i use full qualified domain name and in server lokal ip address of pbs well it comes all over internal ip network.
 
Last edited:
How should the certificate check work if you use the IP instead of the FQDN? Then of course u need the fingerprint to make a trusted connection.
Use as server also the FQDN and u can leave the fingerprint blank. Then u don't need to change anything if you issue a new certificate.
 
Last edited:
Ok but if i use FQDN instead of local IP, do Servers use internal Network for Backup and not public IP with FQDN? I mean no...
 
Last edited:
I don't get your point.

You have 2 options:
  1. Use your letsencrypt cert, without the fingerprint and the FQDN of the server
  2. Use the self generated cert, u can then use the IP but you need also the fingerprint
 
  • Like
Reactions: Johannes S
Create an override for the FQDN in your internal DNS. This way you get your internal IP in your internal servers. Everybody else gets the public one.
But this depends on your internal networks DNS settings and what your internal DNS server supports.
 
hi thanks for answer, if i add in /etc/hosts a entry
192.168.1.22 backup-srv.local
and i ping of a other node, it dont ping over intranet, than it goes over internet ip v4 or ipv6, normal it must work over intranet ip, well ip is internal reachable and pingable, but host goes over internet ips, also backup goes over internet ips too, what the problem here, i cant change to intranet host for using without fingerprint....?
 
Last edited:
hi, is it available to sync fingerprint automatical to proxmox cluster server if it was change in PBS? if not what is file of PBS where i can find entry of fingerprint, than i can create a own script from fingerprint line to /etc/pve/storage.cfg to the proxmox cluster?
regards
 
Last edited:
OK found command for cli
proxmox-backup-manager cert info | grep Fingerprint | awk '{print $3}'
Click to expand...
have build a sh script to sync daily :)
regards
 
Last edited:
You must log in or register to reply here.
Top Bottom