[Proxmox] The server certificate /etc/pve/local/pve-ssl.pem has expired - iZero

The server certificate /etc/pve/local/pve-ssl.pem has expired

Suite a la mise a jour d’une Debian 8 vers 9 et de proxmox 4 vers 5, les vms ne démarrent plus avec l’erreur

Failed to start VNC server: The server certificate /etc/pve/local/pve-ssl.pem has expired

Voici l’état du service pveproxy

# systemctl status pveproxy

1	# systemctl status pveproxy

● pveproxy.service - PVE API Proxy Server
Loaded: loaded (/lib/systemd/system/pveproxy.service; enabled; vendor preset: enabled)
Active: active (running) since Sat 2018-08-18 20:48:35 CEST; 3min 52s ago
Process: 4555 ExecStop=/usr/bin/pveproxy stop (code=exited, status=0/SUCCESS)
Process: 4559 ExecStart=/usr/bin/pveproxy start (code=exited, status=0/SUCCESS)
Main PID: 4584 (pveproxy)
Tasks: 4 (limit: 4915)
Memory: 116.7M
CPU: 10.461s
CGroup: /system.slice/pveproxy.service
├─4584 pveproxy
├─4995 pveproxy worker
├─4996 pveproxy worker
└─4997 pveproxy worker

Aug 18 20:52:23 srv-primaire pveproxy[4994]: worker exit
Aug 18 20:52:23 srv-primaire pveproxy[4995]: /etc/pve/local/pve-ssl.pem: failed to use local certificate chain (cert_file or cert) at /usr/share/perl5/PVE/APIServer/AnyEvent.pm line 1643.
Aug 18 20:52:23 srv-primaire pveproxy[4584]: worker 4993 finished
Aug 18 20:52:23 srv-primaire pveproxy[4584]: starting 1 worker(s)
Aug 18 20:52:23 srv-primaire pveproxy[4584]: worker 4996 started
Aug 18 20:52:23 srv-primaire pveproxy[4996]: /etc/pve/local/pve-ssl.pem: failed to use local certificate chain (cert_file or cert) at /usr/share/perl5/PVE/APIServer/AnyEvent.pm line 1643.
Aug 18 20:52:23 srv-primaire pveproxy[4584]: worker 4994 finished
Aug 18 20:52:23 srv-primaire pveproxy[4584]: starting 1 worker(s)
Aug 18 20:52:23 srv-primaire pveproxy[4584]: worker 4997 started
Aug 18 20:52:23 srv-primaire pveproxy[4997]: /etc/pve/local/pve-ssl.pem: failed to use local certificate chain (cert_file or cert) at /usr/share/perl5/PVE/APIServer/AnyEvent.pm line 1643.

● pveproxy.service - PVE API Proxy Server

Loaded: loaded (/lib/systemd/system/pveproxy.service; enabled; vendor preset: enabled)

Active: active (running) since Sat 2018-08-18 20:48:35 CEST; 3min 52s ago

Process: 4555 ExecStop=/usr/bin/pveproxy stop (code=exited, status=0/SUCCESS)

Process: 4559 ExecStart=/usr/bin/pveproxy start (code=exited, status=0/SUCCESS)

Main PID: 4584 (pveproxy)

Tasks: 4 (limit: 4915)

Memory: 116.7M

CPU: 10.461s

CGroup: /system.slice/pveproxy.service

├─4584 pveproxy

├─4995 pveproxy worker

├─4996 pveproxy worker

└─4997 pveproxy worker

Aug 18 20:52:23 srv-primaire pveproxy[4994]: worker exit

Aug 18 20:52:23 srv-primaire pveproxy[4995]: /etc/pve/local/pve-ssl.pem: failed to use local certificate chain (cert_file or cert) at /usr/share/perl5/PVE/APIServer/AnyEvent.pm line 1643.

Aug 18 20:52:23 srv-primaire pveproxy[4584]: worker 4993 finished

Aug 18 20:52:23 srv-primaire pveproxy[4584]: starting 1 worker(s)

Aug 18 20:52:23 srv-primaire pveproxy[4584]: worker 4996 started

Aug 18 20:52:23 srv-primaire pveproxy[4996]: /etc/pve/local/pve-ssl.pem: failed to use local certificate chain (cert_file or cert) at /usr/share/perl5/PVE/APIServer/AnyEvent.pm line 1643.

Aug 18 20:52:23 srv-primaire pveproxy[4584]: worker 4994 finished

Aug 18 20:52:23 srv-primaire pveproxy[4584]: starting 1 worker(s)

Aug 18 20:52:23 srv-primaire pveproxy[4584]: worker 4997 started

Aug 18 20:52:23 srv-primaire pveproxy[4997]: /etc/pve/local/pve-ssl.pem: failed to use local certificate chain (cert_file or cert) at /usr/share/perl5/PVE/APIServer/AnyEvent.pm line 1643.

Il faut renommer ou supprimer les anciens certificats.

# mv /etc/pve/pve-root-ca.pem /etc/pve/pve-root-ca.pem.bak 

# mv /etc/pve/pve-www.key /etc/pve/pve-www.key.bak 

# mv /etc/pve/priv/pve-root-ca.key /etc/pve/priv/pve-root-ca.key.bak 

# mv /etc/pve/priv/pve-root-ca.srl /etc/pve/priv/pve-root-ca.srl.bak 

# mv /etc/pve/local/pve-ssl.key /etc/pve/local/pve-ssl.key.bak 

# mv /etc/pve/local/pve-ssl.pem /etc/pve/local/pve-ssl.pem.bak

# mv /etc/pve/pve-root-ca.pem /etc/pve/pve-root-ca.pem.bak

# mv /etc/pve/pve-www.key /etc/pve/pve-www.key.bak

# mv /etc/pve/priv/pve-root-ca.key /etc/pve/priv/pve-root-ca.key.bak

# mv /etc/pve/priv/pve-root-ca.srl /etc/pve/priv/pve-root-ca.srl.bak

# mv /etc/pve/local/pve-ssl.key /etc/pve/local/pve-ssl.key.bak

# mv /etc/pve/local/pve-ssl.pem /etc/pve/local/pve-ssl.pem.bak

Régénérer les certificats

# pvecm updatecerts --force

1	# pvecm updatecerts --force

Puis redémarrer les services

# service pvedaemon restart

1	# service pvedaemon restart

# service pveproxy restart

1	# service pveproxy restart

État du service pveproxy

# systemctl status pveproxy

1	# systemctl status pveproxy

● pveproxy.service - PVE API Proxy Server
Loaded: loaded (/lib/systemd/system/pveproxy.service; enabled; vendor preset: enabled)
Active: active (running) since Sat 2018-08-18 20:54:05 CEST; 17s ago
Process: 5287 ExecStop=/usr/bin/pveproxy stop (code=exited, status=0/SUCCESS)
Process: 5292 ExecStart=/usr/bin/pveproxy start (code=exited, status=0/SUCCESS)
Main PID: 5315 (pveproxy)
Tasks: 4 (limit: 4915)
Memory: 113.5M
CPU: 1.529s
CGroup: /system.slice/pveproxy.service
├─5315 pveproxy
├─5318 pveproxy worker
├─5319 pveproxy worker
└─5320 pveproxy worker

Aug 18 20:54:04 srv-primaire systemd[1]: Starting PVE API Proxy Server...
Aug 18 20:54:05 srv-primaire pveproxy[5315]: starting server
Aug 18 20:54:05 srv-primaire pveproxy[5315]: starting 3 worker(s)
Aug 18 20:54:05 srv-primaire pveproxy[5315]: worker 5318 started
Aug 18 20:54:05 srv-primaire pveproxy[5315]: worker 5319 started
Aug 18 20:54:05 srv-primaire pveproxy[5315]: worker 5320 started
Aug 18 20:54:05 srv-primaire systemd[1]: Started PVE API Proxy Server.

● pveproxy.service - PVE API Proxy Server

Loaded: loaded (/lib/systemd/system/pveproxy.service; enabled; vendor preset: enabled)

Active: active (running) since Sat 2018-08-18 20:54:05 CEST; 17s ago

Process: 5287 ExecStop=/usr/bin/pveproxy stop (code=exited, status=0/SUCCESS)

Process: 5292 ExecStart=/usr/bin/pveproxy start (code=exited, status=0/SUCCESS)

Main PID: 5315 (pveproxy)

Tasks: 4 (limit: 4915)

Memory: 113.5M

CPU: 1.529s

CGroup: /system.slice/pveproxy.service

├─5315 pveproxy

├─5318 pveproxy worker

├─5319 pveproxy worker

└─5320 pveproxy worker

Aug 18 20:54:04 srv-primaire systemd[1]: Starting PVE API Proxy Server...

Aug 18 20:54:05 srv-primaire pveproxy[5315]: starting server

Aug 18 20:54:05 srv-primaire pveproxy[5315]: starting 3 worker(s)

Aug 18 20:54:05 srv-primaire pveproxy[5315]: worker 5318 started

Aug 18 20:54:05 srv-primaire pveproxy[5315]: worker 5319 started

Aug 18 20:54:05 srv-primaire pveproxy[5315]: worker 5320 started

Aug 18 20:54:05 srv-primaire systemd[1]: Started PVE API Proxy Server.

Articles lus : 6 568

Rating: 5.0/5. From 1 vote.

Please wait...

Voting is currently disabled, data maintenance in progress.

Laisser un commentaire Annuler la réponse