PBS with two interfaces. LE Cert

[MitchDee]

Hi all,

I'm having some issues with the sudden change in fingerprint of my PBS server, obviously as a result of the LE cert rotation.
I found this issue through the article here:

M

[SOLVED] Thread 'Unexpected change of fingerprint'

Aug 29, 2022

On one of the PVS servers in the morning, a problem was discovered that the fingerprint had changed and because of this, the backup disks were not available from the PVE cluster. Tell me where to look in order to understand the reason for changing the fimherprit and in general under what conditions it can change on a working server.

The problem of inaccessibility of disks was discovered on Monday, on Friday evening everything worked, backups passed, but the morning ones at 6 in the morning did not pass anymore because the server's fingerprint changed

Of the possible problems, the dns...

• Maksimus
• Replies: 2
• Forum: Proxmox VE: Installation and configuration

My query is, since I have one management interface that the FQDN of the PBS points to, and a second interface that I'm using for the backup traffic from PVE to PBS - how does one make sure the PVE servers can verify the certificate?
I've removed the fingerprint from the Datacentre settings to make sure the PVE serves check the SSL cert, but I suspect that since the connection to PBS uses a different IP address than what the DNS servers return, the cert is being rejected.

One option that I'm sure will work is to put host entries on the PVE servers, but is there a better option that people use?

 

[SteveITS]

If you use a real cert you don’t need a fingerprint. Some articles leave that bit out.

 

[MitchDee]

If you use a real cert you don’t need a fingerprint. Some articles leave that bit out.

Thanks SteveITS. I have removed the fingerprint, but I suspect it's not working because the DNS entry points to the Management IP, not the IP that PVE servers use to communicate with PBS.