KVM failing to start after upgrading Proxmox 4.0 to 4.1

OK, but that tutorial is talking about:
Code: 
cp fullchain.pem /etc/pve/<node>/pveproxy-ssl.pem
cp private-key.pem /etc/pve/<node>/pveproxy-ssl.key

while I only have
Code: 
/etc/pve/nodes/xxx

I don't see any node names directly inside /etc/pve
 
Correct, updated. You can also use the 'local' symlink (/etc/pve/local) which always points the folder of the node you are currently working on.
 
Thanks, finally figured out the difference between the old HowTo and the new one:

The new tutorial is talking about files name pveproxy-ssl.*

while the old one was using/replacing pve-ssl.*

Seems to work wonderful!
 
Yes, that is the main difference. The web interface now allows overriding the used certificate(/chain) and key via pveproxy-ssl.pem/.key, while leaving the cluster CA and self signed certificates in place. So the commercial / LE / .. certificate is used for the web interface and noVNC console/shell, and the self-signed one is used for Spice (which is pinned to the cluster CA in the generated configuration file, so no need for commercial CAs here), old-school KVM VNC (if anybody is still using that? :p) and new nodes which are added to the cluster.
 
Ovidiu said:
Thanks, finally figured out the difference between the old HowTo and the new one:

The new tutorial is talking about files name pveproxy-ssl.*

while the old one was using/replacing pve-ssl.*

Seems to work wonderful!
Click to expand...

Hi Ovidiu and Fabian,

with respect to your conclusion "pveproxy-ssl" vs "pve-ssl":

Shouldn't this also be reflected within the documentations's "CAs other than Let's Encrypt" section? The description here is talking about "pve-ssl.pem" and "pve-ssl.key" but not about "pveproxy-ssl.key" and "pveproxy-ssl.pem".

This could explain why I have still issues .. or did I misunderstood sth?

Greets,
Simon
 
SimonB said:
Hi Ovidiu and Fabian,

with respect to your conclusion "pveproxy-ssl" vs "pve-ssl":

Shouldn't this also be reflected within the documentations's "CAs other than Let's Encrypt" section? The description here is talking about "pve-ssl.pem" and "pve-ssl.key" but not about "pveproxy-ssl.key" and "pveproxy-ssl.pem".

This could explain why I have still issues .. or did I misunderstood sth?

Greets,
Simon
Click to expand...

This was reflected in the documentation, and was unfortunately changed by a user edit (which I somehow missed). I just reverted those two edits, the instructions should be correct again. The correct file names for alternative (i.e., user/admin-provided) certificates are pveproxy-ssl.pem and pveproxy-ssl.key , pve-ssl.pem and pve-ssl.key are for the automatically generated ones.
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back