tls_process_server_certificate: certificate verify failed - whmcs - modulesgarden

[pxsense]

Modulesgarden said this is a Proxmox bug and there is a workaround solution for this on Promxos side, but I do not find this anywhere on forum, and tried to do a lot of solution.

We have a single node proxmox server (no HA, no corosync at all)
Problem: From whmcs I can not create new VM on proxmox because it receive the following module command error:

HTTP/1.1 596 tls_process_server_certificate: certificate verify failed

which is strange, because the pveproxy cert is valid for sure. I have checked it from the server, where the module try to connect from:

openssl s_client -showcerts -connect proxmox.host.tld:8006

CONNECTED(00000003)
depth=2 C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN = USERTrust RSA Certification Authority
verify return:1
depth=1 C = GB, ST = Greater Manchester, L = Salford, O = Sectigo Limited, CN = Sectigo RSA Domain Validation Secure Server CA
verify return:1
depth=0 CN = *.host.tld
verify return:1

Another strange thing is that the module works sometimes and can connect, sometimes not on previous Proxmox verisons, but from 6.2.x is it not working.
The problem is that we can't reproduce this behavior from our side, the cert looks valid at all.
We tried to regenerate the certs with: pvecm updatecerts --force
but it does not help.

Any idea? thank you very much for your help in advance

 

[tom]

Modulesgarden said this is a Proxmox bug

If they are aware on any but, they should file it on https://bugzilla.proxmox.com

 

[Dragoon]

Tested on the following proxmox versions

proxmox version 5.4-6 Works and provisions accounts with latest whmcs and modulegarden module.

proxmox version 5.4-15
Doesn't work same error Order Accept Encountered Problems
Tls_process_server_certificate: certificate verify failed

proxmox version 6.4-13
Doesn't work same error Order Accept Encountered Problems
Tls_process_server_certificate: certificate verify failed

Latest proxmox version 7.1-10 also fails
Doesn't work same error Order Accept Encountered Problems
Tls_process_server_certificate: certificate verify failed

Latest node


root@host-03:~# pveversion --V
proxmox-ve: 7.1-1 (running kernel: 5.13.19-5-pve)
pve-manager: 7.1-10 (running version: 7.1-10/6ddebafe)
pve-kernel-helper: 7.1-12
pve-kernel-5.13: 7.1-9
pve-kernel-5.4: 6.4-13
pve-kernel-5.13.19-6-pve: 5.13.19-14
pve-kernel-5.13.19-5-pve: 5.13.19-13
pve-kernel-5.4.166-1-pve: 5.4.166-1
pve-kernel-4.15: 5.4-19
pve-kernel-4.15.18-30-pve: 4.15.18-58
pve-kernel-4.15.18-12-pve: 4.15.18-36
ceph-fuse: 14.2.21-1
corosync: 3.1.5-pve2
criu: 3.15-1+pve-1
glusterfs-client: 9.2-1
ifupdown: 0.8.36+pve1
ksm-control-daemon: 1.4-1
libjs-extjs: 7.0.0-1
libknet1: 1.22-pve2
libproxmox-acme-perl: 1.4.1
libproxmox-backup-qemu0: 1.2.0-1
libpve-access-control: 7.1-6
libpve-apiclient-perl: 3.2-1
libpve-common-perl: 7.1-3
libpve-guest-common-perl: 4.1-1
libpve-http-server-perl: 4.1-1
libpve-storage-perl: 7.1-1
libqb0: 1.0.5-1
libspice-server1: 0.14.3-2.1
lvm2: 2.03.11-2.1
lxc-pve: 4.0.11-1
lxcfs: 4.0.11-pve1
novnc-pve: 1.3.0-2
proxmox-backup-client: 2.1.5-1
proxmox-backup-file-restore: 2.1.5-1
proxmox-mini-journalreader: 1.3-1
proxmox-widget-toolkit: 3.4-7
pve-cluster: 7.1-3
pve-container: 4.1-4
pve-docs: 7.1-2
pve-edk2-firmware: 3.20210831-2
pve-firewall: 4.2-5
pve-firmware: 3.3-5
pve-ha-manager: 3.3-3
pve-i18n: 2.6-2
pve-qemu-kvm: 6.1.1-2
pve-xtermjs: 4.16.0-1
qemu-server: 7.1-4
smartmontools: 7.2-pve2
spiceterm: 3.2-2
swtpm: 0.7.1~bpo11+1
vncterm: 1.7-1
zfsutils-linux: 2.1.2-pve1


Please help resolve this issue as we are not able to provision now with the latest module and versions.

Systems are stand alone nothing is setup in clusters so no corosync.conf file to adjust.

 

[Gh0st]

I'm using this module with WHMCS and have no issues on 6.4-14

 

[Dragoon]

I'm using this module with WHMCS and have no issues on 6.4-14

Can you confirm if you had fresh installs or did upgrades? Some of the nodes are fresh installs and but most of them have been upgraded from older versions.

 

[Dragoon]

I am leaning towards a setting that was left behind or misconfigured for TLS as most of these nodes were working fine until updates were completed and rebooted. Now whmcs would not deploy to any of the nodes that were upgraded.

https://projects.letic.fr/public/te...mmit/90d504fa0de28c16f4a240417f84e6b862ba4caf

 

[Gh0st]

I did upgrades but I havnt rebooted. I have a dev cluster running pve7 which is a new install. If I get the chance I will hook it up to whmcs and see what happens. (I'm running whmcs 8.4)

 

[Dragoon]

The nodes I have are from version 5 which were upgraded then stopped working after upgrading. I didn't want to upgrade any more nodes till I got this issue resolved. list below of some nodes that have issues and versions.

proxmox version 5.4-6 Works and provisions accounts with latest whmcs and modulegarden module.

proxmox version 5.4-15
Doesn't work same error Order Accept Encountered Problems
Tls_process_server_certificate: certificate verify failed

proxmox version 6.4-13
Doesn't work same error Order Accept Encountered Problems
Tls_process_server_certificate: certificate verify failed

Latest proxmox version 7.1-10 also fails
Doesn't work same error Order Accept Encountered Problems
Tls_process_server_certificate: certificate verify failed

Latest node

 

[Dragoon]

Can anyone else confirm if they do upgrades from version proxmox version 5.4-6 to newer version if their whmcs module still works.

 

[ModulesGarden]

Let us clear up any doubts: our Proxmox VE modules, starting from the recent 3.5.0 update, no longer support Proxmox VE 5.X due to API changes, but they continue to work well with Proxmox VE 6.X and 7.X.

 

[rudysp]

The nodes I have are from version 5 which were upgraded then stopped working after upgrading. I didn't want to upgrade any more nodes till I got this issue resolved. list below of some nodes that have issues and versions.

proxmox version 5.4-6 Works and provisions accounts with latest whmcs and modulegarden module.

proxmox version 5.4-15
Doesn't work same error Order Accept Encountered Problems
Tls_process_server_certificate: certificate verify failed

proxmox version 6.4-13
Doesn't work same error Order Accept Encountered Problems
Tls_process_server_certificate: certificate verify failed

Latest proxmox version 7.1-10 also fails
Doesn't work same error Order Accept Encountered Problems
Tls_process_server_certificate: certificate verify failed

Latest node

Basically this issue is because of self-sign SSL, workaround is to import your PVE SSL(pve-ssl.pem) into your WHMCS machine.

 

[ModulesGarden]

Basically this issue is because of self-sign SSL, workaround is to import your PVE SSL(pve-ssl.pem) into your WHMCS machine.

That sounds very reasonable. We are genuinely curious if it'll help so do let us know please @Dragoon

 

[Dragoon]

Can you supply steps you believe will help resolve this issue on your KB https://www.docs.modulesgarden.com/Proxmox_VE_VPS_For_WHMCS#Installation_and_Configuration or here. We have valid ssl certs from lets encrypt installed on the nodes why would we need to import these to whmcs? Please explain in detail thanks in advance.

 

[ModulesGarden]

Since the module itself rarely turns out to be the direct cause of these types of problems, start by making sure that the communication between the nodes is working properly. Next, to verify if the module is connected to your problem in any way, turn on both Debug Mode in the Proxmox Addon and WHMCS Module Log, and review request/response data to rule out the possibility that the error is returned by Proxmox via API.

In case the source of the problem is confirmed to be located outside the module then we suggest you follow the tips provided in this thread. Otherwise, feel free to contact our support agents for a more detailed troubleshooting.