[SOLVED] Lost access to the GUI after SSL certificates deletion

pardub

Member
Oct 7, 2019
23
4
23
Good evening,
I lost access to the GUI Prosmox 6.0.7 after I deleted by mistake the following files : /etc/pve/local/pveproxy-ssl.pem and /etc/pve/local/pveproxy-ssl.key while trying unsuccessfully to use Let's Encrypt.

I then did the following:

Bash:
pvecm updatecerts -f
(re)generate node files
generate new node certificate
merge authorized SSH keys and known hosts




Bash:
cat /etc/hosts



# Do not remove the following line, or various programs

# that require network functionality will fail.

127.0.0.1       localhost.localdomain localhost

151.80.XX.XX    ns3550000.ip-151-80.eu       ns3550000

# The following lines are desirable for IPv6 capable hosts

#(added automatically by netbase upgrade)

::1     ip6-localhost ip6-loopback

feo0::0 ip6-localnet

ff00::0 ip6-mcastprefix

ff02::1 ip6-allnodes

ff02::2 ip6-allrouters

ff02::3 ip6-allhosts



Bash:
systemctl status -l pve-cluster
● pve-cluster.service - The Proxmox VE cluster filesystem
   Loaded: loaded (/lib/systemd/system/pve-cluster.service; enabled; vendor preset: enabled)
   Active: active (running) since Mon 2019-10-07 19:04:25 UTC; 17min ago
  Process: 20704 ExecStart=/usr/bin/pmxcfs (code=exited, status=0/SUCCESS)
  Process: 20717 ExecStartPost=/usr/bin/pvecm updatecerts --silent (code=exited, status=0/SUCCESS)
 Main PID: 20711 (pmxcfs)
    Tasks: 6 (limit: 4915)
   Memory: 21.8M
   CGroup: /system.slice/pve-cluster.service
           └─20711 /usr/bin/pmxcfs

Oct 07 19:04:24 ns300000 systemd[1]: Starting The Proxmox VE cluster filesystem...
Oct 07 19:04:25 ns300000 systemd[1]: Started The Proxmox VE cluster filesystem.


Bash:
journalctl -u pve-cluster
-- Logs begin at Sat 2019-10-05 18:59:34 UTC, end at Mon 2019-10-07 19:24:21 UTC. --
Oct 07 19:04:23 ns0000000 systemd[1]: Stopping The Proxmox VE cluster filesystem...
Oct 07 19:04:23 ns0000000 pmxcfs[1206]: [main] notice: teardown filesystem
Oct 07 19:04:24 ns0000000 pmxcfs[1206]: [main] notice: exit proxmox configuration filesystem (0)
Oct 07 19:04:24 ns0000000 systemd[1]: pve-cluster.service: Succeeded.
Oct 07 19:04:24 ns0000000 systemd[1]: Stopped The Proxmox VE cluster filesystem.
Oct 07 19:04:24 ns0000000 systemd[1]: Starting The Proxmox VE cluster filesystem...
Oct 07 19:04:25 ns0000000 systemd[1]: Started The Proxmox VE cluster filesystem.


Bash:
systemctl status pveproxy pvedaemon pve-cluster

● pveproxy.service - PVE API Proxy Server
   Loaded: loaded (/lib/systemd/system/pveproxy.service; enabled; vendor preset: enabled)
   Active: active (running) since Mon 2019-10-07 19:00:16 UTC; 25min ago
  Process: 20072 ExecStart=/usr/bin/pveproxy start (code=exited, status=0/SUCCESS)
 Main PID: 20082 (pveproxy)
    Tasks: 4 (limit: 4915)
   Memory: 123.6M
   CGroup: /system.slice/pveproxy.service
           ├─20082 pveproxy
           ├─23938 pveproxy worker
           ├─23939 pveproxy worker
           └─23940 pveproxy worker

Oct 07 19:25:41 ns300000 pveproxy[23938]: /etc/pve/local/pveproxy-ssl.key: failed to load local private key (key_file or key) at /usr/share/perl5/PVE/APIServe
Oct 07 19:25:41 ns300000 pveproxy[23931]: worker exit
Oct 07 19:25:41 ns300000 pveproxy[20082]: worker 23930 finished
Oct 07 19:25:41 ns300000 pveproxy[20082]: starting 1 worker(s)
Oct 07 19:25:41 ns300000 pveproxy[20082]: worker 23939 started
Oct 07 19:25:41 ns300000 pveproxy[20082]: worker 23931 finished
Oct 07 19:25:41 ns300000 pveproxy[20082]: starting 1 worker(s)
Oct 07 19:25:41 ns300000 pveproxy[20082]: worker 23940 started
Oct 07 19:25:41 ns300000 pveproxy[23939]: /etc/pve/local/pveproxy-ssl.key: failed to load local private key (key_file or key) at /usr/share/perl5/PVE/APIServe
Oct 07 19:25:41 ns300000 pveproxy[23940]: /etc/pve/local/pveproxy-ssl.key: failed to load local private key (key_file or key) at /usr/share/perl5/PVE/APIServe



How can I retrieve access to the GUI?

Thank you for your help
 
Both /etc/pve/local/pveproxy-ssl.pem and /etc/pve/local/pveproxy-ssl.key are empty ...
I did also

Bash:
 pvecm updatecerts
(re)generate node files
merge authorized SSH keys and known hosts

and

Bash:
 pvecm updatecerts --force

and

Bash:
rm /etc/pve/priv/authkey.key

followed again by

Bash:
pvecm updatecerts --force
(re)generate node files
generate new node certificate
merge authorized SSH keys and known hosts


but those both files are still empty.
 
Last edited:
try removing the files '/etc/pve/local/pveproxy-ssl.pem' and '/etc/pve/local/pveproxy-ssl.key'
if they exist (even though they are empty) pveproxy will try to read cert+key from there - if they are not there it will fall back to the certs for cluster communication

run `pvecm updatecerts --force` afterwards

I hope this helps!
 
Glad the problem is solved :)
 
try removing the files '/etc/pve/local/pveproxy-ssl.pem' and '/etc/pve/local/pveproxy-ssl.key'
if they exist (even though they are empty) pveproxy will try to read cert+key from there - if they are not there it will fall back to the certs for cluster communication

run `pvecm updatecerts --force` afterwards

I hope this helps!
Thanks ! It worked out
 
  • Like
Reactions: Stoiko Ivanov
try removing the files '/etc/pve/local/pveproxy-ssl.pem' and '/etc/pve/local/pveproxy-ssl.key'
if they exist (even though they are empty) pveproxy will try to read cert+key from there - if they are not there it will fall back to the certs for cluster communication

run `pvecm updatecerts --force` afterwards

I hope this helps!
this really saved me, was doing a deployment in tetraform and deployed the wrong cert to the node.

quick script to fix it.

rm /etc/pve/local/pveproxy-ssl.pem
rm /etc/pve/local/pveproxy-ssl.key
pvecm updatecerts --force
systemctl restart pveproxy
Perfect, worked a treat!! Thank you
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!