[Proxmox] The server certificate /etc/pve/local/pve-ssl.pem has expired

 

The server certificate /etc/pve/local/pve-ssl.pem has expired

 

 

Suite a la mise a jour d’une Debian 8 vers 9 et de proxmox 4 vers 5, les vms ne démarrent plus avec l’erreur

Failed to start VNC server: The server certificate /etc/pve/local/pve-ssl.pem has expired

 

Voici l’état du service pveproxy

# systemctl status pveproxy
 pveproxy.service - PVE API Proxy Server
Loaded: loaded (/lib/systemd/system/pveproxy.service; enabled; vendor preset: enabled)
Active: active (running) since Sat 2018-08-18 20:48:35 CEST; 3min 52s ago
Process: 4555 ExecStop=/usr/bin/pveproxy stop (code=exited, status=0/SUCCESS)
Process: 4559 ExecStart=/usr/bin/pveproxy start (code=exited, status=0/SUCCESS)
Main PID: 4584 (pveproxy)
Tasks: 4 (limit: 4915)
Memory: 116.7M
CPU: 10.461s
CGroup: /system.slice/pveproxy.service
├─4584 pveproxy
├─4995 pveproxy worker
├─4996 pveproxy worker
└─4997 pveproxy worker

Aug 18 20:52:23 srv-primaire pveproxy[4994]: worker exit
Aug 18 20:52:23 srv-primaire pveproxy[4995]: /etc/pve/local/pve-ssl.pem: failed to use local certificate chain (cert_file or cert) at /usr/share/perl5/PVE/APIServer/AnyEvent.pm line 1643.
Aug 18 20:52:23 srv-primaire pveproxy[4584]: worker 4993 finished
Aug 18 20:52:23 srv-primaire pveproxy[4584]: starting 1 worker(s)
Aug 18 20:52:23 srv-primaire pveproxy[4584]: worker 4996 started
Aug 18 20:52:23 srv-primaire pveproxy[4996]: /etc/pve/local/pve-ssl.pem: failed to use local certificate chain (cert_file or cert) at /usr/share/perl5/PVE/APIServer/AnyEvent.pm line 1643.
Aug 18 20:52:23 srv-primaire pveproxy[4584]: worker 4994 finished
Aug 18 20:52:23 srv-primaire pveproxy[4584]: starting 1 worker(s)
Aug 18 20:52:23 srv-primaire pveproxy[4584]: worker 4997 started
Aug 18 20:52:23 srv-primaire pveproxy[4997]: /etc/pve/local/pve-ssl.pem: failed to use local certificate chain (cert_file or cert) at /usr/share/perl5/PVE/APIServer/AnyEvent.pm line 1643.

 

Il faut renommer ou supprimer les anciens certificats.

# mv /etc/pve/pve-root-ca.pem /etc/pve/pve-root-ca.pem.bak 

# mv /etc/pve/pve-www.key /etc/pve/pve-www.key.bak 

# mv /etc/pve/priv/pve-root-ca.key /etc/pve/priv/pve-root-ca.key.bak 

# mv /etc/pve/priv/pve-root-ca.srl /etc/pve/priv/pve-root-ca.srl.bak 

# mv /etc/pve/local/pve-ssl.key /etc/pve/local/pve-ssl.key.bak 

# mv /etc/pve/local/pve-ssl.pem /etc/pve/local/pve-ssl.pem.bak

 

Régénérer les certificats

# pvecm updatecerts --force

 

Puis redémarrer les services

# service pvedaemon restart
# service pveproxy restart

 

État du service pveproxy

# systemctl status pveproxy
 pveproxy.service - PVE API Proxy Server
Loaded: loaded (/lib/systemd/system/pveproxy.service; enabled; vendor preset: enabled)
Active: active (running) since Sat 2018-08-18 20:54:05 CEST; 17s ago
Process: 5287 ExecStop=/usr/bin/pveproxy stop (code=exited, status=0/SUCCESS)
Process: 5292 ExecStart=/usr/bin/pveproxy start (code=exited, status=0/SUCCESS)
Main PID: 5315 (pveproxy)
Tasks: 4 (limit: 4915)
Memory: 113.5M
CPU: 1.529s
CGroup: /system.slice/pveproxy.service
├─5315 pveproxy
├─5318 pveproxy worker
├─5319 pveproxy worker
└─5320 pveproxy worker

Aug 18 20:54:04 srv-primaire systemd[1]: Starting PVE API Proxy Server...
Aug 18 20:54:05 srv-primaire pveproxy[5315]: starting server
Aug 18 20:54:05 srv-primaire pveproxy[5315]: starting 3 worker(s)
Aug 18 20:54:05 srv-primaire pveproxy[5315]: worker 5318 started
Aug 18 20:54:05 srv-primaire pveproxy[5315]: worker 5319 started
Aug 18 20:54:05 srv-primaire pveproxy[5315]: worker 5320 started
Aug 18 20:54:05 srv-primaire systemd[1]: Started PVE API Proxy Server.

 

 

No votes yet.
Please wait...

Laisser un commentaire

Votre adresse de messagerie ne sera pas publiée. Les champs obligatoires sont indiqués avec *

Ce site utilise Akismet pour réduire les indésirables. En savoir plus sur comment les données de vos commentaires sont utilisées.