Let's encrypt - KVM Error

[AlphaHost]

Hello all!

I just installed the Version from pvetest, including Let's Encrypt Support.

Let's Encrypt itself works good, the Webinterface is protected via this Certificate.. But now it's impossible to start a new KVM machine. It's giving me this error:

kvm: -vnc unix:/var/run/qemu-server/101.vnc,x509,password: Failed to start VNC server: Cannot load certificate '/etc/pve/local/pve-ssl.pem' & key '/etc/pve/local/pve-ssl.key': The certificate and the given key do not match

Going back to the default certificates crashed the whole Web Interface, giving me just a blank pake. Also restarting the services & clearing the cache didn't solve the problem.. I needet to restart the node. Afterworks the machines startet correctly and my Webinterface is without a SSL-Certificate again..

Any suggestions what went wrong here?

btw: the official Tutorial with "le.sh" didn't work. They made some changes and also renamed the repo..
I used the Tool directly from Let's Encrypt, which gave me 3 files: cert.pem, chain.pem and fullchain.pem

Maybe changing the cert.pem to pve-ssl.key didn't work as expected?

Thanks

 

[fireon]

I don't use this "Let's Encrypt". But what i use are real certs from startssl. And this works. So your error says that you have installed the wrong key for the cert, or contrariwise. Maybe this information is helpfull for you: https://pve.proxmox.com/wiki/HTTPSCertificateConfiguration

 

[kobuki]

Do you see any keys under /etc/letsencrypt/keys/? You should have your key there named "nnnn_key-letsencrypt.pem" if you used the upstream LE toolset.

 

[fabian]

Please follow the tutorial on the wiki:

• revert to default configuration
• CAs other than Let's Encrypt

You definitely copied some files to the wrong locations! The certificate and intermediate certificate should go into "/etc/pve/local/pveproxy-ssl.pem" and the private key into "/etc/pve/local/pveproxy-ssl.key".