Renew SSL certificate after ip change of the GUI

[chris_lee]

Dear colleagues,

I ran into a problem after I changed the IP of the GUI interface. The Web UI was still reachable, but when opening the VNC console, I got an a "failed to connect to server" error.
I moved the files:

• /etc/pve/pve-root-ca.pem
• /etc/pve/priv/pve-root-ca.key

somewhere else and did

pvecm updatecerts -f

Nevertheless safari did not open the noVNC console. Firefox allows it with some errors. When I display the certificate, that is served, I see still the old IP, which causes the certificate mismatch.

Is there an easy way of renewing the certificate. Any suggestions?

Thanks
Chris

 

[StormLXC]

Same problem. Any help?

 

[dcsapak]

did you also change the ip in /etc/hosts before you updated your certs ? (we resolve the hostname for checking its ip)

 

[filou59]

Hello
I'm on Pve 7.1-7 currently, I encountered the same problem.
The pvecm updatecerts --force command does not seem to generate the pve-root.ca.pem file in this specific case.

You just have to delete it manually, then once the command has been launched, it is generated.

 

[89east]

Hi, did any manage to do this and how to renew certificates after IP change ?

 

[muzs1]

pvecm updatecerts -f
This worked for me