SSL Error with pveproxy-ssl certificates

D

damageG

Member
Proxmox Subscriber
Feb 6, 2017
10
1
6
62
I've installed a valid wildcard certificate in pveproxy-ssl.pem and pveproxy-ssl.key. I don't get any errors restarting pveproxy but

Code: 
curl -vv https://localhost:8006

outputs:

* Expire in 0 ms for 1 (transfer 0x5574f1894f50)
......
* Expire in 0 ms for 1 (transfer 0x5574f1894f50)
*   Trying 127.0.0.1...
* TCP_NODELAY set
* Expire in 200 ms for 4 (transfer 0x5574f1894f50)
* Connected to localhost (127.0.0.1) port 8006 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: none
  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to localhost:8006
* Closing connection 0
curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to localhost:8006

Chrome returns
This site can’t be reached

ERR_CONNECTION_CLOSED

Not sure where to look for the problem.
 
damageG said:
url: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to localhost:8006
Click to expand...
is pveproxy running?
* check with `systemctl status -l pveproxy`
* check the journal for hints - `journalctl -r`
* check if something is listening on port 8006: `ss -tlnp |grep 8006`

I hope this helps
 
Thanks for the tips. Here's what I got.

If it helps, I appended the CA bundle to the certificate file to create pveproxy-ssl.pem.

Code: 
● pveproxy.service - PVE API Proxy Server
   Loaded: loaded (/lib/systemd/system/pveproxy.service; enabled; vendor preset: enabled)
   Active: active (running) since Sun 2020-04-12 10:37:10 PDT; 1 day 21h ago
  Process: 1656971 ExecStartPre=/usr/bin/pvecm updatecerts --silent (code=exited, status=0/SUCCESS)
  Process: 1656980 ExecStart=/usr/bin/pveproxy start (code=exited, status=0/SUCCESS)
 Main PID: 1656981 (pveproxy)
    Tasks: 4 (limit: 4915)
   Memory: 130.3M
   CGroup: /system.slice/pveproxy.service
           ├─1656981 pveproxy
           ├─1656982 pveproxy worker
           ├─1656983 pveproxy worker
           └─1656984 pveproxy worker

Apr 12 10:37:09 hostxx systemd[1]: Starting PVE API Proxy Server...
Apr 12 10:37:10 hostxx pveproxy[1656980]: Using '/etc/pve/local/pveproxy-ssl.pem' as certificate for the web interface.
Apr 12 10:37:10 hostxx pveproxy[1656981]: starting server
Apr 12 10:37:10 hostxx pveproxy[1656981]: starting 3 worker(s)
Apr 12 10:37:10 hostxx pveproxy[1656981]: worker 1656982 started
Apr 12 10:37:10 hostxx pveproxy[1656981]: worker 1656983 started
Apr 12 10:37:10 hostxx pveproxy[1656981]: worker 1656984 started
Apr 12 10:37:10 hostxx systemd[1]: Started PVE API Proxy Server.

Code: 
Apr 14 08:07:00 hostxx systemd[1]: Starting Proxmox VE replication runner...
Apr 14 08:06:43 hostxx systemd[1]: Started Session 119 of user root.
Apr 14 08:06:43 hostxx systemd[1]: Started User Manager for UID 0.
Apr 14 08:06:43 hostxx systemd[3499428]: Startup finished in 45ms.
Apr 14 08:06:43 hostxx systemd[3499428]: Reached target Default.
Apr 14 08:06:43 hostxx systemd[3499428]: Reached target Basic System.
Apr 14 08:06:43 hostxx systemd[3499428]: Reached target Timers.
Apr 14 08:06:43 hostxx systemd[3499428]: Reached target Sockets.
Apr 14 08:06:43 hostxx systemd[3499428]: Listening on GnuPG cryptographic agent and passphrase cache (access for web browsers).
Apr 14 08:06:43 hostxx systemd[3499428]: Listening on GnuPG cryptographic agent (ssh-agent emulation).
Apr 14 08:06:43 hostxx systemd[3499428]: Listening on GnuPG cryptographic agent and passphrase cache.
Apr 14 08:06:43 hostxx systemd[3499428]: Reached target Paths.
Apr 14 08:06:43 hostxx systemd[3499428]: Listening on GnuPG cryptographic agent and passphrase cache (restricted).
Apr 14 08:06:43 hostxx systemd[3499428]: Listening on GnuPG network certificate management daemon.

Code: 
LISTEN    0         128                0.0.0.0:8006             0.0.0.0:*        users:(("pveproxy worker",pid=1656984,fd=6),("pveproxy worker",pid=1656983,fd=6),("pveproxy worker",pid=1656982,fd=6),("pveproxy",pid=1656981,fd=6))
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back