Web GUI not working after messing with SSL certs

cheabred

New Member
May 12, 2014
6
0
1
Portland, Oregon, United States
i was messing around and uploaded my SSL certs, and then restarted the pveproxy like it said to do..

PVE Version
Code:
pve-manager/5.3-5/97ae681d (running kernel: 4.15.18-9-pve)
and now the webGUI is just refusing connection..

Code:
ss -tlpn
outputs:

Code:
LISTEN    0           128                     0.0.0.0:8006                0.0.0.0:*         users:(("pveproxy worker",pid=29542,fd=6),("pveproxy worker",pid=29541,fd=6),("pveproxy worker",pid=29540,fd=6),("pveproxy",pid=29539,fd=6))
LISTEN    0           128                     0.0.0.0:6342                0.0.0.0:*         users:(("sshd",pid=1854,fd=5))
LISTEN    0           128                     0.0.0.0:111                 0.0.0.0:*         users:(("rpcbind",pid=1195,fd=8))
LISTEN    0           128                   127.0.0.1:85                  0.0.0.0:*         users:(("pvedaemon worke",pid=25086,fd=6),("pvedaemon worke",pid=24577,fd=6),("pvedaemon worke",pid=23049,fd=6),("pvedaemon",pid=2263,fd=6))
LISTEN    0           128                     0.0.0.0:22                  0.0.0.0:*         users:(("sshd",pid=1854,fd=3))
LISTEN    0           128                     0.0.0.0:3128                0.0.0.0:*         users:(("spiceproxy work",pid=12297,fd=6),("spiceproxy",pid=2347,fd=6))
LISTEN    0           100                   127.0.0.1:25                  0.0.0.0:*         users:(("master",pid=2171,fd=13))
LISTEN    0           128                        [::]:6342                   [::]:*         users:(("sshd",pid=1854,fd=6))
LISTEN    0           128                        [::]:111                    [::]:*         users:(("rpcbind",pid=1195,fd=11))
LISTEN    0           128                        [::]:22                     [::]:*         users:(("sshd",pid=1854,fd=4))
LISTEN    0           100                       [::1]:25                     [::]:*         users:(("master",pid=2171,fd=14))

i have tried this:

Revert to default configuration
If you have used the previous HowTo and replaced any of the certificate or key files generated by PVE, you need to revert to the default state before proceeding.

Delete or move the following files:

  • /etc/pve/pve-root-ca.pem
  • /etc/pve/priv/pve-root-ca.key
  • /etc/pve/nodes/<node>/pve-ssl.pem
  • /etc/pve/nodes/<node>/pve-ssl.key
The latter two need to be repeated for all nodes if you have a cluster.

Afterwards, run the following command on each node of the cluster to re-generate the certificates and keys:
Code:
pvecm updatecerts -f

and nothing has worked......
dont want to restart host machine as i dont want to get locked out.. but will try that as a last option if needed. all VM's are running, and working fine, and i have SSH access as well still.


pveproxy is running error free..
Code:
root@loki:~# service pveproxy status
● pveproxy.service - PVE API Proxy Server
   Loaded: loaded (/lib/systemd/system/pveproxy.service; enabled; vendor preset: enabled)
   Active: active (running) since Sun 2019-01-27 02:42:32 PST; 18min ago
  Process: 29512 ExecStop=/usr/bin/pveproxy stop (code=exited, status=0/SUCCESS)
  Process: 26173 ExecReload=/usr/bin/pveproxy restart (code=exited, status=0/SUCCESS)
  Process: 29516 ExecStart=/usr/bin/pveproxy start (code=exited, status=0/SUCCESS)
 Main PID: 29539 (pveproxy)
    Tasks: 4 (limit: 4915)
   Memory: 120.8M
      CPU: 848ms
   CGroup: /system.slice/pveproxy.service
           ├─29539 pveproxy
           ├─29540 pveproxy worker
           ├─29541 pveproxy worker
           └─29542 pveproxy worker

Jan 27 02:42:32 loki systemd[1]: Starting PVE API Proxy Server...
Jan 27 02:42:32 loki pveproxy[29516]: Using '/etc/pve/local/pveproxy-ssl.pem' as certificate for the web interface.
Jan 27 02:42:32 loki pveproxy[29539]: starting server
Jan 27 02:42:32 loki pveproxy[29539]: starting 3 worker(s)
Jan 27 02:42:32 loki pveproxy[29539]: worker 29540 started
Jan 27 02:42:32 loki pveproxy[29539]: worker 29541 started
Jan 27 02:42:32 loki pveproxy[29539]: worker 29542 started
Jan 27 02:42:32 loki systemd[1]: Started PVE API Proxy Server.
any help would be awesome.
 
Last edited:

Stoiko Ivanov

Proxmox Staff Member
Staff member
May 2, 2018
1,857
179
63
* Check the logs while you're trying to connect (let `journalctl -f` run in parallel, as well as `tail -f /var/log/pveproxy/*log`)
* Connection refused could also be due to a REJECT rule (or a firewall in between) - check `iptables -nvL`
* just to be sure - you're connecting to `https://pve.node.name:8006`
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE and Proxmox Mail Gateway. We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get your own in 60 seconds.

Buy now!