Proxmox Certificate Error Fix After Node Replacement

published: 31st of December 2021

Intro

Recently, I had to replace one of the nodes in my 3 node Proxmox cluster. Once I replaced it, I found that I had certificate (both HTTP and SSH) errors between the hosts

In this post, I will show you how to resolve that issue.

Important

I found the solution to these problems on the excellent Proxmox forum. I did however, lose the links to the posts. All credit goes to the legends of the forum who will be forever unkown. I apologise for not being able to accurately link to those references.

The following software was used in this post.

Proxmox - 7.1-8

Note

The following commands should be executed on all PVE nodes.

HTTPS Certificates

HTTPS certificates are used to enable secure communication between the PVE nodes via the web interface.

Delete the HTTPS certificates.

    cmd
  

    rm /etc/pve/pve-root-ca.pem
rm /etc/pve/priv/pve-root-ca.key
rm /etc/pve/nodes/pmx01/pve-ssl.pem
rm /etc/pve/nodes/pmx02/pve-ssl.pem
rm /etc/pve/nodes/pmx03/pve-ssl.pem
rm /etc/pve/nodes/pmx01/pve-ssl.key
rm /etc/pve/nodes/pmx02/pve-ssl.key
rm /etc/pve/nodes/pmx03/pve-ssl.key
rm /etc/pve/authkey.pub
rm /etc/pve/priv/authkey.key
rm /etc/pve/priv/authorized_keys
  

Generate new HTTPS certificates

    cmd
  
    pvecm updatecerts -f

Restart the pvedaemon and pveproxy services.

    cmd
  
    systemctl restart pvedaemon pveproxy

SSH Certificates

SSH is used to migrate VM's between nodes.

Move the ssh known_hosts file.

    cmd
  
    mv /root/.ssh/known_hosts /root/.ssh/known_hosts_old

Now SSH between all the nodes to ensure you have no SSH issues.

Reboot

Finally, shutdown the VM's and reboot the hosts, one by one.

Additionally, refresh the web browser page you use to connect to the PVE cluster and accept the new certificate.

Outro

In this post, I showed you how to resolve both the HTTPS and SSH certificate issues on a Proxmox cluster if you replace one of the nodes.

# proxmox