Joining Cluster pve-ssl.pem error

[karlsiu1]

Good days everyone.

I have a question that I tried many times and search over the Internet and got no answer. Well, I have 2 Proxmox machines fresh install. But when I join the cluster it had the pve-ssl.pem not exist error. No matter how I tried it doesn't work, so I try to make each machine join existing cluster which also runs Proxmox 8. It doesn't work too....

I am exhausted from all solutions, can anyone shed some light on me?

Thanks

 

[karlsiu1]

Cluster information
-------------------
Name:             dellvm
Config Version:   9
Transport:        knet
Secure auth:      on

Quorum information
------------------
Date:             Fri Jul 28 04:30:09 2023
Quorum provider:  corosync_votequorum
Nodes:            2
Node ID:          0x00000001
Ring ID:          1.28
Quorate:          Yes

Votequorum information
----------------------
Expected votes:   3
Highest expected: 3
Total votes:      2
Quorum:           2 
Flags:            Quorate

Membership information
----------------------
    Nodeid      Votes Name
0x00000001          1 192.168.60.31 (local)
0x00000002          1 192.168.60.30

 

[karlsiu1]

Cluster information
-------------------
Name:             dellvm
Config Version:   9
Transport:        knet
Secure auth:      on

Quorum information
------------------
Date:             Fri Jul 28 04:33:34 2023
Quorum provider:  corosync_votequorum
Nodes:            1
Node ID:          0x00000003
Ring ID:          3.5
Quorate:          Yes

Votequorum information
----------------------
Expected votes:   1
Highest expected: 1
Total votes:      1
Quorum:           1 
Flags:            Quorate

Membership information
----------------------
    Nodeid      Votes Name
0x00000003          1 192.168.60.15 (local)

 

[ggoller]

Try executing pvecm updatecerts on all the nodes, this will update node certificates (and generate all needed files/directories).

 

[tipex]

@karlsiu1 I have been struggling with the exact same problem for a long time now.

See my thread here: https://forum.proxmox.com/threads/create-cluster-problem-possibly-ssl-related.130309/

I'm kind of at the point where I have run out of options like you. Hopefully someone can help us.

 

[pgk]

Same here. Now i play with this error a week....

 

[dust2k.mf]

Same here. Now i play with this error a week....

Same here, both two new installation on two mini servers and join cluster give this error.. try all options, nothing help, I guess it's kind of bug...but we don't have supporting ticket so nobody care...

 

[clayrisser]

I'm facing the exact same issue. I'm using a Hetzner vSwitch to create a private vLAN for the cluster.

 

[nazari]

For those may have similar issue: After adding new node I got pve-ssl.pem errors in my node directory at /etc/pve/nodes/MyNode/pve-ssl.pem, as I have other nodes just I copy the pve-ssl.pem and pve-ssl.key from my other node /etc/pve/nodes/MyOtherNode/ to /etc/pve/nodes/MyNode/ broken nodes and then MyNode get working properly.

As recomandation of ggoller to Try executing pvecm updatecerts on all the nodes, then I try out manually coping file with hope of maybe it working, in my case it worked.

I'm using verions 8.0.3

Updated:
after fixing & working with MyNode I found out running this command will be useful systemctl restart pveproxy if you can migrate VMs.

 

[musta]

Solution for "SSL Certificate Missing Error ('pve-ssl.pem does not exist') in Proxmox"

After encountering the error '/etc/pve/nodes/your-node/pve-ssl.pem' does not exist! (500) in Proxmox, I found a simple solution that resolved the issue without needing to regenerate the certificates manually.

The error typically occurs when Proxmox fails to locate the SSL certificate (pve-ssl.pem) for one or more nodes, which can prevent access to the web interface.

Instead of manually regenerating the SSL certificates or making complex configuration changes, I resolved the issue with the following steps:

1. Login to each Proxmox node via SSH: On each node, use the terminal to log into the other nodes via SSH. For example:
   bash
   ssh root@<other-node-ip>
2. Repeat the process for all nodes in the cluster: This establishes an SSH trust between the nodes, and the SSL issue should automatically resolve.

Logging into the nodes via SSH forces the nodes to recognize each other and refresh the necessary credentials and certificate relationships. This simple step can often bypass the need for more complex certificate regeneration or proxy reconfiguration.

 

[stevensedory]

Solution for "SSL Certificate Missing Error ('pve-ssl.pem does not exist') in Proxmox"

After encountering the error '/etc/pve/nodes/your-node/pve-ssl.pem' does not exist! (500) in Proxmox, I found a simple solution that resolved the issue without needing to regenerate the certificates manually.

The error typically occurs when Proxmox fails to locate the SSL certificate (pve-ssl.pem) for one or more nodes, which can prevent access to the web interface.

Instead of manually regenerating the SSL certificates or making complex configuration changes, I resolved the issue with the following steps:

1. Login to each Proxmox node via SSH: On each node, use the terminal to log into the other nodes via SSH. For example:
   bash
   ssh root@<other-node-ip>
2. Repeat the process for all nodes in the cluster: This establishes an SSH trust between the nodes, and the SSL issue should automatically resolve.

Logging into the nodes via SSH forces the nodes to recognize each other and refresh the necessary credentials and certificate relationships. This simple step can often bypass the need for more complex certificate regeneration or proxy reconfiguration.

This seemed to do the trick for me as well. Thank you for sharing!

 

[esi_y]

Which version are you running this on? Because PVE now uses own "pinned" certificates for SSH and none of this has anything to do with SSL. However, this is the third time I have seen issues with SSL certs. For joining node alone, I used to suggest using SSH to do the join itself:

https://forum.proxmox.com/threads/re-adding-host-to-cluster.156303/#post-715101

And as the Proxmox culture has it, no one investigates this.