Hi,
I updated the system yesterday.
After that, when I try to start any machine I get:
Running as unit 108.scope.
kvm: -vnc unix:/var/run/qemu-server/108.vnc,x509,password: Failed to start VNC server: Cannot load certificate '/etc/pve/local/pve-ssl.pem' & key '/etc/pve/local/pve-ssl.key': The provided X.509 certificate list is not sorted (in subject to issuer order)
TASK ERROR: start failed: command '/usr/bin/systemd-run --scope --slice qemu --unit 108 -p 'KillMode=none' -p 'CPUShares=1000' /usr/bin/kvm -id 108 -chardev 'socket,id=qmp,path=/var/run/qemu-server/108.qmp,server,nowait' -mon 'chardev=qmp,mode=control' -pidfile /var/run/qemu-server/108.pid -daemonize -smbios 'type=1,uuid=b5be569f-e997-4b1b-9082-4435d6348638' -name prueba -smp '8,sockets=4,cores=2,maxcpus=8' -nodefaults -boot 'menu=on,strict=on,reboot-timeout=1000' -vga cirrus -vnc unix:/var/run/qemu-server/108.vnc,x509,password -cpu kvm64,+lahf_lm,+sep,+kvm_pv_unhalt,+kvm_pv_eoi,enforce -m 512 -k es -device 'pci-bridge,id=pci.1,chassis_nr=1,bus=pci.0,addr=0x1e' -device 'pci-bridge,id=pci.2,chassis_nr=2,bus=pci.0,addr=0x1f' -device 'piix3-usb-uhci,id=uhci,bus=pci.0,addr=0x1.0x2' -device 'usb-tablet,id=tablet,bus=uhci.0,port=1' -device 'virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x3' -iscsi 'initiator-name=iqn.1993-08.org.debian:01:3681fcbb6821' -drive 'file=/var/lib/vz/images/108/vm-108-disk-1.qcow2,if=none,id=drive-ide0,format=qcow2,cache=none,aio=native,detect-zeroes=on' -device 'ide-hd,bus=ide.0,unit=0,drive=drive-ide0,id=ide0,bootindex=100' -drive 'file=/var/lib/vz/template/iso/debian-8.2.0-amd64-netinst.iso,if=none,id=drive-ide2,media=cdrom,aio=threads' -device 'ide-cd,bus=ide.1,unit=0,drive=drive-ide2,id=ide2,bootindex=200' -netdev 'type=tap,id=net0,ifname=tap108i0,script=/var/lib/qemu-server/pve-bridge,downscript=/var/lib/qemu-server/pve-bridgedown' -device 'e1000,mac=66:65:32:35:66:38,netdev=net0,bus=pci.0,addr=0x12,id=net0,bootindex=300'' failed: exit code 1
After update I received this email:
pveversion -v
SOLVED
After following the NEW guide https://pve.proxmox.com/wiki/HTTPSCertificateConfiguration
I updated the system yesterday.
After that, when I try to start any machine I get:
Running as unit 108.scope.
kvm: -vnc unix:/var/run/qemu-server/108.vnc,x509,password: Failed to start VNC server: Cannot load certificate '/etc/pve/local/pve-ssl.pem' & key '/etc/pve/local/pve-ssl.key': The provided X.509 certificate list is not sorted (in subject to issuer order)
TASK ERROR: start failed: command '/usr/bin/systemd-run --scope --slice qemu --unit 108 -p 'KillMode=none' -p 'CPUShares=1000' /usr/bin/kvm -id 108 -chardev 'socket,id=qmp,path=/var/run/qemu-server/108.qmp,server,nowait' -mon 'chardev=qmp,mode=control' -pidfile /var/run/qemu-server/108.pid -daemonize -smbios 'type=1,uuid=b5be569f-e997-4b1b-9082-4435d6348638' -name prueba -smp '8,sockets=4,cores=2,maxcpus=8' -nodefaults -boot 'menu=on,strict=on,reboot-timeout=1000' -vga cirrus -vnc unix:/var/run/qemu-server/108.vnc,x509,password -cpu kvm64,+lahf_lm,+sep,+kvm_pv_unhalt,+kvm_pv_eoi,enforce -m 512 -k es -device 'pci-bridge,id=pci.1,chassis_nr=1,bus=pci.0,addr=0x1e' -device 'pci-bridge,id=pci.2,chassis_nr=2,bus=pci.0,addr=0x1f' -device 'piix3-usb-uhci,id=uhci,bus=pci.0,addr=0x1.0x2' -device 'usb-tablet,id=tablet,bus=uhci.0,port=1' -device 'virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x3' -iscsi 'initiator-name=iqn.1993-08.org.debian:01:3681fcbb6821' -drive 'file=/var/lib/vz/images/108/vm-108-disk-1.qcow2,if=none,id=drive-ide0,format=qcow2,cache=none,aio=native,detect-zeroes=on' -device 'ide-hd,bus=ide.0,unit=0,drive=drive-ide0,id=ide0,bootindex=100' -drive 'file=/var/lib/vz/template/iso/debian-8.2.0-amd64-netinst.iso,if=none,id=drive-ide2,media=cdrom,aio=threads' -device 'ide-cd,bus=ide.1,unit=0,drive=drive-ide2,id=ide2,bootindex=200' -netdev 'type=tap,id=net0,ifname=tap108i0,script=/var/lib/qemu-server/pve-bridge,downscript=/var/lib/qemu-server/pve-bridgedown' -device 'e1000,mac=66:65:32:35:66:38,netdev=net0,bus=pci.0,addr=0x12,id=net0,bootindex=300'' failed: exit code 1
After update I received this email:
Code:
ca-certificates (20141019+deb8u1) stable; urgency=medium
Update Mozilla certificate authority bundle to version 2.6.
The following certificate authorities were added (+):
+ "CA WoSign ECC Root"
+ "Certification Authority of WoSign G2"
+ "Certinomis - Root CA"
+ "CFCA EV ROOT"
+ "COMODO RSA Certification Authority"
+ "Entrust Root Certification Authority - EC1"
+ "Entrust Root Certification Authority - G2"
+ "GlobalSign ECC Root CA - R4"
+ "GlobalSign ECC Root CA - R5"
+ "IdenTrust Commercial Root CA 1"
+ "IdenTrust Public Sector Root CA 1"
+ "OISTE WISeKey Global Root GB CA"
+ "S-TRUST Universal Root CA"
+ "Staat der Nederlanden EV Root CA"
+ "Staat der Nederlanden Root CA - G3"
+ "TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H5"
+ "TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H6"
+ "USERTrust ECC Certification Authority"
+ "USERTrust RSA Certification Authority"
The following certificate authorities were removed (-):
- "A-Trust-nQual-03"
- "America Online Root Certification Authority 1"
- "America Online Root Certification Authority 2"
- "Buypass Class 3 CA 1"
- "ComSign Secured CA"
- "Digital Signature Trust Co. Global CA 1"
- "Digital Signature Trust Co. Global CA 3"
- "E-Guven Kok Elektronik Sertifika Hizmet Saglayicisi"
- "GTE CyberTrust Global Root"
- "SG TRUST SERVICES RACINE"
- "TC TrustCenter Class 2 CA II"
- "TC TrustCenter Universal CA I"
- "Thawte Premium Server CA"
- "Thawte Server CA"
- "TURKTRUST Certificate Services Provider Root 1"
- "TURKTRUST Certificate Services Provider Root 2"
- "UTN DATACorp SGC Root CA"
- "Verisign Class 4 Public Primary Certification Authority - G3"
-- Michael Shuler <michael@pbandjelly.org> Mon, 14 Dec 2015 20:46:50 -0600pveversion -v
Code:
proxmox-ve: 4.1-41 (running kernel: 4.2.3-2-pve)
pve-manager: 4.1-22 (running version: 4.1-22/aca130cf)
pve-kernel-4.2.6-1-pve: 4.2.6-36
pve-kernel-4.2.8-1-pve: 4.2.8-41
pve-kernel-4.2.2-1-pve: 4.2.2-16
pve-kernel-4.2.3-2-pve: 4.2.3-22
lvm2: 2.02.116-pve2
corosync-pve: 2.3.5-2
libqb0: 1.0-1
pve-cluster: 4.0-36
qemu-server: 4.0-64
pve-firmware: 1.1-7
libpve-common-perl: 4.0-54
libpve-access-control: 4.0-13
libpve-storage-perl: 4.0-45
pve-libspice-server1: 0.12.5-2
vncterm: 1.2-1
pve-qemu-kvm: 2.5-9
pve-container: 1.0-52
pve-firewall: 2.0-22
pve-ha-manager: 1.0-25
ksm-control-daemon: 1.2-1
glusterfs-client: 3.5.2-2+deb8u1
lxc-pve: 1.1.5-7
lxcfs: 2.0.0-pve2
pve-kernel-4.2.2-1-pve: 4.2.2-16
pve-kernel-4.2.3-2-pve: 4.2.3-22
lvm2: 2.02.116-pve2
corosync-pve: 2.3.5-2
libqb0: 1.0-1
pve-cluster: 4.0-36
qemu-server: 4.0-64
pve-firmware: 1.1-7
libpve-common-perl: 4.0-54
libpve-access-control: 4.0-13
libpve-storage-perl: 4.0-45
pve-libspice-server1: 0.12.5-2
vncterm: 1.2-1
pve-qemu-kvm: 2.5-9
pve-container: 1.0-52
pve-firewall: 2.0-22
pve-ha-manager: 1.0-25
ksm-control-daemon: 1.2-1
clusterfs-client: 3.5.2-2+deb8u1
lxc-pve: 1.1.5-7
lxcfs: 2.0.0-pve2
cgmanager: 0.39-pve1
criu: 1.6.0-1
zfsutils: 0.6.5-pve7~jessieSOLVED
After following the NEW guide https://pve.proxmox.com/wiki/HTTPSCertificateConfiguration
Last edited: