KVM failing to start after upgrading Proxmox 4.0 to 4.1

OK, but that tutorial is talking about:
Code: 
cp fullchain.pem /etc/pve/<node>/pveproxy-ssl.pem
cp private-key.pem /etc/pve/<node>/pveproxy-ssl.key

while I only have
Code: 
/etc/pve/nodes/xxx

I don't see any node names directly inside /etc/pve
 
Correct, updated. You can also use the 'local' symlink (/etc/pve/local) which always points the folder of the node you are currently working on.
 
Thanks, finally figured out the difference between the old HowTo and the new one:

The new tutorial is talking about files name pveproxy-ssl.*

while the old one was using/replacing pve-ssl.*

Seems to work wonderful!
 
Yes, that is the main difference. The web interface now allows overriding the used certificate(/chain) and key via pveproxy-ssl.pem/.key, while leaving the cluster CA and self signed certificates in place. So the commercial / LE / .. certificate is used for the web interface and noVNC console/shell, and the self-signed one is used for Spice (which is pinned to the cluster CA in the generated configuration file, so no need for commercial CAs here), old-school KVM VNC (if anybody is still using that? :P) and new nodes which are added to the cluster.
 
Ovidiu said:
Thanks, finally figured out the difference between the old HowTo and the new one:

The new tutorial is talking about files name pveproxy-ssl.*

while the old one was using/replacing pve-ssl.*

Seems to work wonderful!
Click to expand...

Hi Ovidiu and Fabian,

with respect to your conclusion "pveproxy-ssl" vs "pve-ssl":

Shouldn't this also be reflected within the documentations's "CAs other than Let's Encrypt" section? The description here is talking about "pve-ssl.pem" and "pve-ssl.key" but not about "pveproxy-ssl.key" and "pveproxy-ssl.pem".

This could explain why I have still issues .. or did I misunderstood sth?

Greets,
Simon
 
SimonB said:
Hi Ovidiu and Fabian,

with respect to your conclusion "pveproxy-ssl" vs "pve-ssl":

Shouldn't this also be reflected within the documentations's "CAs other than Let's Encrypt" section? The description here is talking about "pve-ssl.pem" and "pve-ssl.key" but not about "pveproxy-ssl.key" and "pveproxy-ssl.pem".

This could explain why I have still issues .. or did I misunderstood sth?

Greets,
Simon
Click to expand...

This was reflected in the documentation, and was unfortunately changed by a user edit (which I somehow missed). I just reverted those two edits, the instructions should be correct again. The correct file names for alternative (i.e., user/admin-provided) certificates are pveproxy-ssl.pem and pveproxy-ssl.key , pve-ssl.pem and pve-ssl.key are for the automatically generated ones.
 
You must log in or register to reply here.
Top Bottom