Unable to run backup in the pbs client

powersupport

Active Member
Jan 18, 2020
244
2
38
29
Hi,

We have an issue while running back up in the client-server(centos 7), already set up a backup server and configured it, now we need to run backup in a remote client, we use the kb below to set up the client
https://forum.proxmox.com/threads/found-a-new-centos-7-client-for-pbs.81809/

And now trying to follow up the KB:https://pbs.proxmox.com/docs/backup-client.html
Trying to run backup within,

proxmox-backup-client backup root.pxar:/ --repository backup-server-hostname:8007:test
Password for "root@pam": ************
Starting backup: host/localhost/2021-01-14T08:33:14Z
Client name: localhost
Starting backup protocol: Thu Jan 14 16:33:18 2021
Error: error trying to connect: the handshake failed: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:ssl/statem/statem_clnt.c:1915:: unable to get local issuer certificate

Tried to add the fingerprint in .config/proxmox-backup/fingerprints, but no luck

May I know anyone can advise on this?

Thank you
 
Last edited:
you don't need the fingerprint in this case.. do you have the centos equivalent of ca-certificates installed?
 
seems to be called "ca-certificates" as well :)
 
Hi,


May I know the steps to install the centos equivalent of ca-certificates?

Thank You
 
install the package ca-certificates
 
As per the suggestion installed the package ca-certificates but still getting the same error(Error: error trying to connect: the handshake failed: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:ssl/statem/statem_clnt.c:1915:: unable to get local issuer certificate) Installed the package using the below commands,

=================
  1. Install the ca-certificates package: yum install ca-certificates
  2. Enable the dynamic CA configuration feature: update-ca-trust force-enable
  3. Generated cert and key - openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/pki/tls/private/backup.key -out /etc/pki/tls/certs/backup.crt
  4. Added it as a new file to /etc/pki/ca-trust/source/anchors/
  5. Then run update-ca-trust extract
    ====================

    May I know anyone can advise on this?

    Thank You
 
does your PBS server use a proper, valid TLS certificate? does the client work when you provide the TLS certificate's fingerprint?
 
Hi,

We had already updated the fingerprint of PBS server in our client and still we were getting the error [ error(Error: error trying to connect: the handshake failed: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:ssl/statem/statem_clnt.c:1915:: unable to get local issuer certificate)]
The path at which we updated the fingerprint in the client is config/proxmox-backup/fingerprints

May I know can anyone advise on this issue?

Thank You
 
please try again after removing the fingerprints file..
 
Hi,

We are still facing the issue even after removing the mentioned fingerprint file.

Error received

> Error: error trying to connect: the handshake failed: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:ssl/statem/statem_clnt.c:1915:: unable to get local issuer certificate

May I know can anyone advise on resolving this issue?

Thank You
 
does it work with another client system? e.g., if you install proxmox-backup-client on the PBS server and try there?
 
does it work with another client system? e.g., if you install proxmox-backup-client on the PBS server and try there?
We have configured PBS on our PVE and it works in there. It's only not working when we tried to back up a centos server directly using proxmox-backup-client
 
then the reason must either be your built binary, or the centos system.. I see the linked build uses a vendored libssl - maybe that does not pick up ca-certificates? or maybe it needs them to be installed at build time already and rebuilding now fixes the issue?
 
As per the suggestion installed the package ca-certificates but still getting the same error(Error: error trying to connect: the handshake failed: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:ssl/statem/statem_clnt.c:1915:: unable to get local issuer certificate) Installed the package using the below commands,

=================
  1. Install the ca-certificates package: yum install ca-certificates
  2. Enable the dynamic CA configuration feature: update-ca-trust force-enable
  3. Generated cert and key - openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/pki/tls/private/backup.key -out /etc/pki/tls/certs/backup.crt
  4. Added it as a new file to /etc/pki/ca-trust/source/anchors/
  5. Then run update-ca-trust extract
    ====================

    May I know anyone can advise on this?

    Thank You

workaround

Code:
yum install https://github.com/sg4r/proxmox-backup-client/releases/download/v1.0.11/proxmox-backup-1.0.11-2.x86_64.el7.rpm 
yum install sg3_utils
mkdir -p /home/centos/proxmox-backup-client/proxmox-backup/target/release/build/openssl-sys-534eff37ea26a8ef/out/openssl-build/install/ssl/
ln -s /etc/ssl/certs/ca-bundle.crt /home/centos/proxmox-backup-client/proxmox-backup/target/release/build/openssl-sys-534eff37ea26a8ef/out/openssl-build/install/ssl/cert.pem
 
Last edited:

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!