tls_process_server_certificate: certificate verify failed - whmcs - modulesgarden

pxsense

New Member
Oct 28, 2020
1
0
1
44
Modulesgarden said this is a Proxmox bug and there is a workaround solution for this on Promxos side, but I do not find this anywhere on forum, and tried to do a lot of solution.

We have a single node proxmox server (no HA, no corosync at all)
Problem: From whmcs I can not create new VM on proxmox because it receive the following module command error:

HTTP/1.1 596 tls_process_server_certificate: certificate verify failed

which is strange, because the pveproxy cert is valid for sure. I have checked it from the server, where the module try to connect from:

Code:
openssl s_client -showcerts -connect proxmox.host.tld:8006

CONNECTED(00000003)
depth=2 C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN = USERTrust RSA Certification Authority
verify return:1
depth=1 C = GB, ST = Greater Manchester, L = Salford, O = Sectigo Limited, CN = Sectigo RSA Domain Validation Secure Server CA
verify return:1
depth=0 CN = *.host.tld
verify return:1

Another strange thing is that the module works sometimes and can connect, sometimes not on previous Proxmox verisons, but from 6.2.x is it not working.
The problem is that we can't reproduce this behavior from our side, the cert looks valid at all.
We tried to regenerate the certs with: pvecm updatecerts --force
but it does not help.

Any idea? thank you very much for your help in advance:)
 
Tested on the following proxmox versions

proxmox version 5.4-6 Works and provisions accounts with latest whmcs and modulegarden module.

proxmox version 5.4-15
Doesn't work same error Order Accept Encountered Problems
Tls_process_server_certificate: certificate verify failed

proxmox version 6.4-13
Doesn't work same error Order Accept Encountered Problems
Tls_process_server_certificate: certificate verify failed

Latest proxmox version 7.1-10 also fails
Doesn't work same error Order Accept Encountered Problems
Tls_process_server_certificate: certificate verify failed

Latest node


root@host-03:~# pveversion --V
proxmox-ve: 7.1-1 (running kernel: 5.13.19-5-pve)
pve-manager: 7.1-10 (running version: 7.1-10/6ddebafe)
pve-kernel-helper: 7.1-12
pve-kernel-5.13: 7.1-9
pve-kernel-5.4: 6.4-13
pve-kernel-5.13.19-6-pve: 5.13.19-14
pve-kernel-5.13.19-5-pve: 5.13.19-13
pve-kernel-5.4.166-1-pve: 5.4.166-1
pve-kernel-4.15: 5.4-19
pve-kernel-4.15.18-30-pve: 4.15.18-58
pve-kernel-4.15.18-12-pve: 4.15.18-36
ceph-fuse: 14.2.21-1
corosync: 3.1.5-pve2
criu: 3.15-1+pve-1
glusterfs-client: 9.2-1
ifupdown: 0.8.36+pve1
ksm-control-daemon: 1.4-1
libjs-extjs: 7.0.0-1
libknet1: 1.22-pve2
libproxmox-acme-perl: 1.4.1
libproxmox-backup-qemu0: 1.2.0-1
libpve-access-control: 7.1-6
libpve-apiclient-perl: 3.2-1
libpve-common-perl: 7.1-3
libpve-guest-common-perl: 4.1-1
libpve-http-server-perl: 4.1-1
libpve-storage-perl: 7.1-1
libqb0: 1.0.5-1
libspice-server1: 0.14.3-2.1
lvm2: 2.03.11-2.1
lxc-pve: 4.0.11-1
lxcfs: 4.0.11-pve1
novnc-pve: 1.3.0-2
proxmox-backup-client: 2.1.5-1
proxmox-backup-file-restore: 2.1.5-1
proxmox-mini-journalreader: 1.3-1
proxmox-widget-toolkit: 3.4-7
pve-cluster: 7.1-3
pve-container: 4.1-4
pve-docs: 7.1-2
pve-edk2-firmware: 3.20210831-2
pve-firewall: 4.2-5
pve-firmware: 3.3-5
pve-ha-manager: 3.3-3
pve-i18n: 2.6-2
pve-qemu-kvm: 6.1.1-2
pve-xtermjs: 4.16.0-1
qemu-server: 7.1-4
smartmontools: 7.2-pve2
spiceterm: 3.2-2
swtpm: 0.7.1~bpo11+1
vncterm: 1.7-1
zfsutils-linux: 2.1.2-pve1


Please help resolve this issue as we are not able to provision now with the latest module and versions.

Systems are stand alone nothing is setup in clusters so no corosync.conf file to adjust.
 
I did upgrades but I havnt rebooted. I have a dev cluster running pve7 which is a new install. If I get the chance I will hook it up to whmcs and see what happens. (I'm running whmcs 8.4)
 
Last edited:
The nodes I have are from version 5 which were upgraded then stopped working after upgrading. I didn't want to upgrade any more nodes till I got this issue resolved. list below of some nodes that have issues and versions.

proxmox version 5.4-6 Works and provisions accounts with latest whmcs and modulegarden module.

proxmox version 5.4-15
Doesn't work same error Order Accept Encountered Problems
Tls_process_server_certificate: certificate verify failed

proxmox version 6.4-13
Doesn't work same error Order Accept Encountered Problems
Tls_process_server_certificate: certificate verify failed

Latest proxmox version 7.1-10 also fails
Doesn't work same error Order Accept Encountered Problems
Tls_process_server_certificate: certificate verify failed

Latest node
 
Let us clear up any doubts: our Proxmox VE modules, starting from the recent 3.5.0 update, no longer support Proxmox VE 5.X due to API changes, but they continue to work well with Proxmox VE 6.X and 7.X.
 
The nodes I have are from version 5 which were upgraded then stopped working after upgrading. I didn't want to upgrade any more nodes till I got this issue resolved. list below of some nodes that have issues and versions.

proxmox version 5.4-6 Works and provisions accounts with latest whmcs and modulegarden module.

proxmox version 5.4-15
Doesn't work same error Order Accept Encountered Problems
Tls_process_server_certificate: certificate verify failed

proxmox version 6.4-13
Doesn't work same error Order Accept Encountered Problems
Tls_process_server_certificate: certificate verify failed

Latest proxmox version 7.1-10 also fails
Doesn't work same error Order Accept Encountered Problems
Tls_process_server_certificate: certificate verify failed

Latest node

Basically this issue is because of self-sign SSL, workaround is to import your PVE SSL(pve-ssl.pem) into your WHMCS machine.
 
Since the module itself rarely turns out to be the direct cause of these types of problems, start by making sure that the communication between the nodes is working properly. Next, to verify if the module is connected to your problem in any way, turn on both Debug Mode in the Proxmox Addon and WHMCS Module Log, and review request/response data to rule out the possibility that the error is returned by Proxmox via API.

In case the source of the problem is confirmed to be located outside the module then we suggest you follow the tips provided in this thread. Otherwise, feel free to contact our support agents for a more detailed troubleshooting.
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!