SSL Error with pveproxy-ssl certificates

D

damageG

Member
Proxmox Subscriber
Feb 6, 2017
10
1
6
63
I've installed a valid wildcard certificate in pveproxy-ssl.pem and pveproxy-ssl.key. I don't get any errors restarting pveproxy but

Code: 
curl -vv https://localhost:8006

outputs:

* Expire in 0 ms for 1 (transfer 0x5574f1894f50)
......
* Expire in 0 ms for 1 (transfer 0x5574f1894f50)
*   Trying 127.0.0.1...
* TCP_NODELAY set
* Expire in 200 ms for 4 (transfer 0x5574f1894f50)
* Connected to localhost (127.0.0.1) port 8006 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: none
  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to localhost:8006
* Closing connection 0
curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to localhost:8006

Chrome returns
This site can’t be reached

ERR_CONNECTION_CLOSED

Not sure where to look for the problem.
 
damageG said:
url: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to localhost:8006
Click to expand...
is pveproxy running?
* check with `systemctl status -l pveproxy`
* check the journal for hints - `journalctl -r`
* check if something is listening on port 8006: `ss -tlnp |grep 8006`

I hope this helps
 
Thanks for the tips. Here's what I got.

If it helps, I appended the CA bundle to the certificate file to create pveproxy-ssl.pem.

Code: 
● pveproxy.service - PVE API Proxy Server
   Loaded: loaded (/lib/systemd/system/pveproxy.service; enabled; vendor preset: enabled)
   Active: active (running) since Sun 2020-04-12 10:37:10 PDT; 1 day 21h ago
  Process: 1656971 ExecStartPre=/usr/bin/pvecm updatecerts --silent (code=exited, status=0/SUCCESS)
  Process: 1656980 ExecStart=/usr/bin/pveproxy start (code=exited, status=0/SUCCESS)
 Main PID: 1656981 (pveproxy)
    Tasks: 4 (limit: 4915)
   Memory: 130.3M
   CGroup: /system.slice/pveproxy.service
           ├─1656981 pveproxy
           ├─1656982 pveproxy worker
           ├─1656983 pveproxy worker
           └─1656984 pveproxy worker

Apr 12 10:37:09 hostxx systemd[1]: Starting PVE API Proxy Server...
Apr 12 10:37:10 hostxx pveproxy[1656980]: Using '/etc/pve/local/pveproxy-ssl.pem' as certificate for the web interface.
Apr 12 10:37:10 hostxx pveproxy[1656981]: starting server
Apr 12 10:37:10 hostxx pveproxy[1656981]: starting 3 worker(s)
Apr 12 10:37:10 hostxx pveproxy[1656981]: worker 1656982 started
Apr 12 10:37:10 hostxx pveproxy[1656981]: worker 1656983 started
Apr 12 10:37:10 hostxx pveproxy[1656981]: worker 1656984 started
Apr 12 10:37:10 hostxx systemd[1]: Started PVE API Proxy Server.

Code: 
Apr 14 08:07:00 hostxx systemd[1]: Starting Proxmox VE replication runner...
Apr 14 08:06:43 hostxx systemd[1]: Started Session 119 of user root.
Apr 14 08:06:43 hostxx systemd[1]: Started User Manager for UID 0.
Apr 14 08:06:43 hostxx systemd[3499428]: Startup finished in 45ms.
Apr 14 08:06:43 hostxx systemd[3499428]: Reached target Default.
Apr 14 08:06:43 hostxx systemd[3499428]: Reached target Basic System.
Apr 14 08:06:43 hostxx systemd[3499428]: Reached target Timers.
Apr 14 08:06:43 hostxx systemd[3499428]: Reached target Sockets.
Apr 14 08:06:43 hostxx systemd[3499428]: Listening on GnuPG cryptographic agent and passphrase cache (access for web browsers).
Apr 14 08:06:43 hostxx systemd[3499428]: Listening on GnuPG cryptographic agent (ssh-agent emulation).
Apr 14 08:06:43 hostxx systemd[3499428]: Listening on GnuPG cryptographic agent and passphrase cache.
Apr 14 08:06:43 hostxx systemd[3499428]: Reached target Paths.
Apr 14 08:06:43 hostxx systemd[3499428]: Listening on GnuPG cryptographic agent and passphrase cache (restricted).
Apr 14 08:06:43 hostxx systemd[3499428]: Listening on GnuPG network certificate management daemon.

Code: 
LISTEN    0         128                0.0.0.0:8006             0.0.0.0:*        users:(("pveproxy worker",pid=1656984,fd=6),("pveproxy worker",pid=1656983,fd=6),("pveproxy worker",pid=1656982,fd=6),("pveproxy",pid=1656981,fd=6))
 
You must log in or register to reply here.
Top Bottom