[SOLVED] Nach upgrade WebGui nicht mehr erreichbar

TRON

Member
Nov 12, 2013
20
0
21
Hallo Leute,

ich habe das gerade upgrade auf 6 gemacht und jetzt ist das Webinterface nicht mehr erreichbar.

root@pve:~# tail /var/log/daemon.log
Jul 17 10:20:53 pve pveproxy[17093]: worker 17617 started
Jul 17 10:20:53 pve pveproxy[17093]: worker 17618 started
Jul 17 10:20:53 pve pveproxy[17617]: /etc/pve/local/pve-ssl.pem: failed to use local certificate chain (cert_file or cert) at /usr/share/perl5/PVE/APIServer/AnyEvent.pm line 1688.
Jul 17 10:20:53 pve pveproxy[17618]: /etc/pve/local/pve-ssl.pem: failed to use local certificate chain (cert_file or cert) at /usr/share/perl5/PVE/APIServer/AnyEvent.pm line 1688.
Jul 17 10:20:53 pve pvedaemon[17619]: starting server
Jul 17 10:20:53 pve pvedaemon[17619]: starting 3 worker(s)
Jul 17 10:20:53 pve pvedaemon[17619]: worker 17620 started
Jul 17 10:20:53 pve pvedaemon[17619]: worker 17621 started
Jul 17 10:20:53 pve pvedaemon[17619]: worker 17622 started
Jul 17 10:20:53 pve systemd[1]: Started PVE API Daemon.

Was will es mir damit sagen und wie kann ich es wieder reparieren?

danke für die Antworten
grüße
Alex
 
Steht im Syslog mehr und /etc/pve/ erreichbar? Da hier nur steht das der pveproxy die Certificate Chain nicht laden konnte. Das kann jetzt einige Gründe haben.
 
Hallo Alwin,

danke für die schnelle Antwort, der Server ist erreichbar und die Gäste scheinen auch hochgefahren zu sein nur das Webinterface hat keine Lust.

root@pve:~# tail /var/log/syslog
Jul 17 11:23:51 pve pveproxy[141757]: /etc/pve/local/pve-ssl.pem: failed to use local certificate chain (cert_file or cert) at /usr/share/perl5/PVE/APIServer/AnyEvent.pm line 1688.
Jul 17 11:23:51 pve pveproxy[141748]: worker exit
Jul 17 11:23:51 pve pveproxy[141749]: worker exit
Jul 17 11:23:51 pve pveproxy[17093]: worker 141749 finished
Jul 17 11:23:51 pve pveproxy[17093]: worker 141748 finished
Jul 17 11:23:51 pve pveproxy[17093]: starting 2 worker(s)
Jul 17 11:23:51 pve pveproxy[17093]: worker 141758 started
Jul 17 11:23:51 pve pveproxy[17093]: worker 141759 started
Jul 17 11:23:51 pve pveproxy[141758]: /etc/pve/local/pve-ssl.pem: failed to use local certificate chain (cert_file or cert) at /usr/share/perl5/PVE/APIServer/AnyEvent.pm line 1688.
Jul 17 11:23:51 pve pveproxy[141759]: /etc/pve/local/pve-ssl.pem: failed to use local certificate chain (cert_file or cert) at /usr/share/perl5/PVE/APIServer/AnyEvent.pm line 1688.

/etc/pve ist erreichbar und in /etc/pve/local/ liegen auch die pem und key file

root@pve:/etc/pve/local# ls -la
total 2
drwxr-xr-x 2 root www-data 0 Jan 9 2017 .
drwxr-xr-x 2 root www-data 0 Jan 9 2017 ..
-rw-r----- 1 root www-data 34 Jun 28 14:36 host.fw
-rw-r----- 1 root www-data 83 Jul 17 11:28 lrm_status
drwxr-xr-x 2 root www-data 0 Jan 9 2017 lxc
drwxr-xr-x 2 root www-data 0 Jan 9 2017 openvz
drwx------ 2 root www-data 0 Jan 9 2017 priv
-rw-r----- 1 root www-data 1675 Jan 9 2017 pve-ssl.key
-rw-r----- 1 root www-data 1367 Jan 9 2017 pve-ssl.pem
drwxr-xr-x 2 root www-data 0 Jan 9 2017 qemu-server


grüße
Alex
 
You can check if the key and pem file match with the commands below.
Code:
openssl x509 -noout -modulus -in /etc/pve/local/pve-ssl.pem | openssl md5
openssl rsa -noout -modulus -in /etc/pve/local/pve-ssl.key | openssl md5

Und im allgemeinen, kannst Du die Zertifikate mit folgendem Befehl neu erstellen lassen.
Code:
pvecm updatecerts -force
 
Hallo Alwin,

die checksummen sind identisch.

woran könnte es dann noch liegen?



das hat es gebracht: pvecm updatecerts -force



Danke

gruß
Alex
 
Last edited:
Was steht den im pem file, raw + text?
Code:
openssl x509 -in /etc/pve/local/pve-ssl.pem -text -noout
 
Hallo Alwin,

"key und signatur entfernt"

root@pve:~# openssl x509 -in /etc/pve/local/pve-ssl.pem -text -noout
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 3 (0x3)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN = Proxmox Virtual Environment, OU = 017feaa8bdffc3cbe5c1eedaa2e786de, O = PVE Cluster Manager CA
Validity
Not Before: Jul 16 10:42:44 2019 GMT
Not After : Jul 13 10:42:44 2029 GMT
Subject: OU = PVE Cluster Node, O = Proxmox Virtual Environment, CN = FQDN
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
key:
key:
key:
key:
key:
key:
key:
key:
key:
key:
key:
key:
key:
key:
key:
key:
key:
key:
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Extended Key Usage:
TLS Web Server Authentication
X509v3 Subject Alternative Name:
IP Address:127.0.0.1, IP Address:0:0:0:0:0:0:0:1, DNS:localhost, IP Address:192.168.100.10, DNS:pve, DNS:FQDN
Signature Algorithm: sha256WithRSAEncryption
key:
key:
key:
key:
key:
key:
key:
key:
key:
key:
key:
key:
key:
key:
key:

grüße
Alex
 
It is also odd that the pem file is smaller then the key file. As it is a self-signed certificate, run the below command to generate a new one.
Code:
pvecm updatecerts -force
 
Hallo Alwin,

wie ich im Post #5 schon schrieb der Befehl ( pvecm updatecerts -force ) hat das Problem gelöst .

danke dir.

grüße
Alex
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!