PBS: error fetching datastores - fingerprint 'xx' not verified, abort! (500)

aroundmyroom

New Member
Oct 5, 2020
14
5
3
52
After last update and reboot of PBS proxmox tells on my 3 nodes that I have a finger print issue

When pressing on the PBS datastore, Backups I see
PBS: error fetching datastores - fingerprint 'xxxxxxxxxx' not verified, abort! (500)

Due to this no backups can be made right now
What to do to verify the fingerprint?

The only thing I did before was - update and install my wildcard certificate onto PBS

update ..
just found that in the datacenter I could change the fingerprint what was given when I got the error. replacing this fingerprint and it was solved..
 
Last edited:
If you change the certificate on the PBS server, you also need to change the configured fingerprint on the pve client.
 
@dietmar Yeah, that was / is not clear from the message .. I saw the new function to add the certificate, but it gave me no hint that I had to do that ;) Possibly available in the manual but could not find it ;)
but in the end I found out it myself where I could change it.
 
Last edited:
  • Like
Reactions: tafkaz and networ
I couldn't find it in the web interface so I did it in command line on the VE node (for backup storage named PBSNINA):
pvesm set PBSNINA --fingerprint 47:d0:cc:0d:87...24:25
 
Does that mean if we enable LetsEncrypt we will need to adjust the host nodes each time the certificates are renewed?
 
Hi
We are running PBS 1.x in production with a LetsEncrypt cert and I can confirm that each time the cert is renewed, the fingerprint seems to change and backups are not running until we manually update the fingerprint for the storage in the PVE Cluster.
We have a lab-setup where PBS is still running the default self-signed cert and no interruption has been detected there throughout running PBS 1.x and even now with PBS 2.x it works fine
 
just to note: if your pbs server has a certificate that is seen as valid by the pve host, there is no need to specify a fingerprint at all in the config. this way you do not need to adapt it everytime
the fingerprint is mainly there to verify 'custom' certificates and for the super-paranoid ;)
 
  • Like
Reactions: maxgdias and Herman
Just ran into the same issue.

Updating PBS's fingerprint in the client was easy enough (Datacenter > Storage > Edit).

But
just to note: if your pbs server has a certificate that is seen as valid by the pve host, there is no need to specify a fingerprint at all in the config.
My PBS's new certificate is self signed as well. So how do I tell the client (PVE) to trust it?

Thanks!
 
  • Like
Reactions: Aubs
My PBS's new certificate is self signed as well. So how do I tell the client (PVE) to trust it?
if it's self-signed, providing the fingerprint is enough for pve, no need to trust it system-wide
 
Hi, i am running into this same situation all of a sudden. As far as i know, there have been no changes made. However, the solutions above are confusing to me.
The fingerprint that is putting up the error is the same one in each of the nodes under datacenter->storage->name of pmb->edit->general.

I dont see where this is located in the pmb server itself, if i am supposed to add it there.

I really need to restore a corrupted vm, could someone please guide me.
 
I have found the command for determining the fingerprint in the proxmox back up server and it is the same as in the nodes, so i am not clear why i am getting this error all of a sudden.

This is the command by the way,

proxmox-backup-manager cert info | grep Fingerprint
 
Hi, i am running into this same situation all of a sudden. As far as i know, there have been no changes made. However, the solutions above are confusing to me.
The fingerprint that is putting up the error is the same one in each of the nodes under datacenter->storage->name of pmb->edit->general.

I dont see where this is located in the pmb server itself, if i am supposed to add it there.

I really need to restore a corrupted vm, could someone please guide me.
as an FYI in the GUI on the PBS server it is dashboard > show fingerprint (blue button in top right)
on my machine this was caused by LE renewing the cert in the last 3 weeks.... which is less than ideal....
 
as an FYI in the GUI on the PBS server it is dashboard > show fingerprint (blue button in top right)
on my machine this was caused by LE renewing the cert in the last 3 weeks.... which is less than ideal....
Thank you!!! This saved me! Wish this had been mentioned earlier :)
 
I've tried removing the fingerprint value, however when I try to view the backups I get the following error....

NFS-BACKUP: error fetching datastores - 500 Can't connect to 192.168.16.61:8007 (hostname verification failed) (500)

Any way around this?

1704690501842.png
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!