UI not working after SSL import

R

remcop

New Member
Sep 28, 2023
3
0
1
Hi,

My SSL certificate did not renew, so I tried to import the certificate that my Synology NAS uses.
I uploaded a certificate using the web interface, using the files chain.pem and prevkey.pem
After doing so the web interface wont load again.

How can I restore this?
 
Never mind, fixed it myself. Using SSH i edited the files. It turned out that one file had two different keys and therefore was the problem

Now the only question is. How can I automate the certificate copy process. I have the RSA-privkey.key and RSA-privkey.pem available on the NAS

I tried the scp command, but that needs a password, so cannot be automated in a monthly bash script. Any ideas?
 
Last edited:
Hi,

are you able to connect to the host via ssh? If so, please check the status of pveproxy by running systemctl status pveproxy.service and check the systemd journal for errors journalctl -b > journal.txt.

It might be enough to remove the custom certificate and restart pveproxy by pvenode cert delete 1

Edit: Seems you were a bit faster with your post, glad it is fixed already!
 
Last edited:
  • Like
Reactions: bananajoe75
Update: I have created a NFS synology storage where the SSL certificates are backed up to.
Can I create an automated script that copy's the pem & key to the appropriate folder
FROM NFS shared folder
TO /etc/pve/nodes/NODENAME/
 
remcop said:
Update: I have created a NFS synology storage where the SSL certificates are backed up to.
Can I create an automated script that copy's the pem & key to the appropriate folder
FROM NFS shared folder
TO /etc/pve/nodes/NODENAME/
Click to expand...
Hi,
for custom certificates you should use the files located at /etc/pve/local, see also the corresponding section in the docs [0].

In order for Proxmox VE to actually utilize the certificate, you will have to restart the pveproxy.service each time the certificate changes. Of course you could automate certificate renewal via a shell script and use e.g. a systemd timer or a cronjob for the script to be executed periodically. You could however also utilize one of the acme plugins to take care of these steps for you.

[0] https://pve.proxmox.com/pve-docs/pve-admin-guide.html#sysadmin_certificate_management
 
  • Like
Reactions: bananajoe75
'pvenode' also offers a command to set the cert and key:

Code: 
$ pvenode cert set <certificates> [<key>] [OPTIONS] [FORMAT_OPTIONS]

Upload or update custom certificate chain and key.

<certificates>: <string>
PEM encoded certificate (chain).
<key>: <string>
PEM encoded private key.
--force <boolean> (default =0)
Overwrite existing custom or ACME certificate files.
--restart <boolean> (default =0)
Restart pveproxy.
 
  • Like
Reactions: bananajoe75 and Chris
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom