Hi,
We started using Let's Encrypt certificates on our proxmox cluster.
- The domain name used for is different from the internal LAN domain name. The servers were installed with the internal hostnames.
- The certificates are generated on a different machine.
- We use wildcard certificates
The web gui works fine, but if we want to use the spice console we get the following error:
The /etc/pve/nodes/NODENAME/pveproxy-ssl.pem is the LE certificate's fullchain.pem
Tried to follow
http://pve.proxmox.com/wiki/HTTPSCertificateConfiguration
By removing the /etc/pve/pve-root-ca.pem and /etc/pve/priv/pve-root-ca.key files, running "pvecm updatecerts -f" and "systemctl restart pveproxy" on all of the nodes.
But we still get the same issue.
What can we do about this?
We started using Let's Encrypt certificates on our proxmox cluster.
- The domain name used for is different from the internal LAN domain name. The servers were installed with the internal hostnames.
- The certificates are generated on a different machine.
- We use wildcard certificates
The web gui works fine, but if we want to use the spice console we get the following error:
(remote-viewer:32639): Spice-WARNING **: 11:14:52.969: ssl_verify.c:444penssl_verify: Error in certificate chain verification: unable to get local issuer certificate (num=20:depth1:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3)
The /etc/pve/nodes/NODENAME/pveproxy-ssl.pem is the LE certificate's fullchain.pem
Tried to follow
http://pve.proxmox.com/wiki/HTTPSCertificateConfiguration
By removing the /etc/pve/pve-root-ca.pem and /etc/pve/priv/pve-root-ca.key files, running "pvecm updatecerts -f" and "systemctl restart pveproxy" on all of the nodes.
But we still get the same issue.
What can we do about this?
