Proxmox 6 GUI problem - certificate has been revoked

[kazzuja]

Hello,

I have a problem accessing the Proxmox 6 GUI (installed clean six months ago,updated to 6.0-11).
All browsers (Chrome,FF,Opera-Win/Mac) report a problem with the site's certificate
https://192.168.xxx.xxx:8006.I can't go further.


Your connection is not private
Attackers might be trying to steal your information from 192.168.xxx.xxx (for example, passwords, messages or credit cards). Learn more
NET::ERR_CERT_REVOKED

I tried to find a solution for example here

https://pve.proxmox.com/wiki/Certificate_Management
https://forum.proxmox.com/tags/ssl/
https://pve.proxmox.com/wiki/Proxmox_SSL_Error_Fixing

but it doesn't work.

first try:

rm -f /etc/pve/pve-root-ca.pem
rm -f /etc/pve/priv/pve-root-ca.*
rm -f /etc/pve/local/pve-ssl.*
rm -f /etc/pve/priv/authkey.key
pvecm updatecerts -f
service pveproxy restart
service pvedaemon restart

second try:

rm -f /etc/pve/pve-root-ca.pem
rm -f /etc/pve/priv/pve-root-ca.*
rm -f /etc/pve/local/pve-ssl.*
rm -f /etc/pve/priv/authkey.key
cd /tmp
openssl genrsa -out ca.key 2048
openssl req -x509 -new -nodes -key ca.key -sha256 -days 3650 -out ca.pem
openssl genrsa -out server.key 2048
openssl req -new -key server.key -out server.csr
openssl x509 -req -in server.csr -CA ca.pem -CAkey ca.key -CAcreateserial -out server.pem -days 3650 -sha256
mv ca.pem pve-root-ca.pem
mv server.key pve-ssl.key
mv server.pem pve-ssl.pem
cp pve-root-ca.pem /etc/pve/pve-root-ca.pem
cp pve-ssl.key /etc/pve/local/pve-ssl.key
cp pve-ssl.pem /etc/pve/local/pve-ssl.pem
service pveproxy restart
service pvedaemon restart

BTW.
Server is behind NAT, I can't use letsencrypt.


please kindly help. Thx!

 

[tom]

See https://forum.proxmox.com/threads/proxmox-webpage-gui-and-chrome.59238/

 

[kazzuja]

See https://forum.proxmox.com/threads/proxmox-webpage-gui-and-chrome.59238/

Now works great in MacOS (Safari/Chrome) & Windows (Edge) after export server certificate from Safari (keychain) on Mac to cert file and then import on Windows machine.

Thank you very much !

 

[Zaman]

Hello,

I have a problem accessing the Proxmox 6 GUI (installed clean six months ago,updated to 6.0-11).
All browsers (Chrome,FF,Opera-Win/Mac) report a problem with the site's certificate
https://192.168.xxx.xxx:8006.I can't go further.


Your connection is not private
Attackers might be trying to steal your information from 192.168.xxx.xxx (for example, passwords, messages or credit cards). Learn more
NET::ERR_CERT_REVOKED

I tried to find a solution for example here

https://pve.proxmox.com/wiki/Certificate_Management
https://forum.proxmox.com/tags/ssl/
https://pve.proxmox.com/wiki/Proxmox_SSL_Error_Fixing

but it doesn't work.

first try:

rm -f /etc/pve/pve-root-ca.pem
rm -f /etc/pve/priv/pve-root-ca.*
rm -f /etc/pve/local/pve-ssl.*
rm -f /etc/pve/priv/authkey.key
pvecm updatecerts -f
service pveproxy restart
service pvedaemon restart

second try:

rm -f /etc/pve/pve-root-ca.pem
rm -f /etc/pve/priv/pve-root-ca.*
rm -f /etc/pve/local/pve-ssl.*
rm -f /etc/pve/priv/authkey.key
cd /tmp
openssl genrsa -out ca.key 2048
openssl req -x509 -new -nodes -key ca.key -sha256 -days 3650 -out ca.pem
openssl genrsa -out server.key 2048
openssl req -new -key server.key -out server.csr
openssl x509 -req -in server.csr -CA ca.pem -CAkey ca.key -CAcreateserial -out server.pem -days 3650 -sha256
mv ca.pem pve-root-ca.pem
mv server.key pve-ssl.key
mv server.pem pve-ssl.pem
cp pve-root-ca.pem /etc/pve/pve-root-ca.pem
cp pve-ssl.key /etc/pve/local/pve-ssl.key
cp pve-ssl.pem /etc/pve/local/pve-ssl.pem
service pveproxy restart
service pvedaemon restart

BTW.
Server is behind NAT, I can't use letsencrypt.


please kindly help. Thx!

I try to add self-signed certificate but doesn't work from GUI,by using your second try work for me and adding to it

pvecm updatecert

then works
Best Regards