repo certificate mismatch?

[otto001]

Hi,

installed a new node today, but when trying to update, I am encountering ssl issues.
Could it be that proxmox has certificate problems on their repo server?

root@pve:~# curl -v https://download.proxmox.com/debian/pve/dists/trixie/InRelease 2>&1 | grep -E "SSL|subject|issuer|expire|error"
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 / X25519MLKEM768 / RSASSA-PSS
* subject: CN=enterprise.proxmox.com
* expire date: Sep 7 04:04:53 2026 GMT
* subjectAltName does not match hostname download.proxmox.com
* SSL: no alternative certificate subject name matches target hostname 'download.proxmox.com'
curl: (60) SSL: no alternative certificate subject name matches target hostname 'download.proxmox.com'

thanks in advance,
Otto

 

[Daniel-Doggy]

You cannot use https for non enterprise repositories.
Change https to http to fix the errors.

https only available for enterprise as it needs to do auth but all other repositories do not need auth and thus the proxmox staff have decided a long time ago to not support https on non enterprise repositories.

 

[aaron]

download.proxmox.com should be accessed via http, not https. Which is reserve to enterprise.proxmox.com as you see in the certs details.

The packages themselves are signed via GPG and verified with the key present on the host via the package management (apt) when they are downloaded/installed.