Proxmox Certificate Error Fix After Node Replacement
Published: 31st of December 2021
Recently, I had to replace one of the nodes in my 3 node Proxmox cluster. Once I replaced it, I found that I had certificate (both HTTP and SSH) errors between the hosts
In this post, I will show you how to resolve that issue.
I found the solution to these problems on the excellent Proxmox forum. I did however, lose the links to the posts. All credit goes to the legends of the forum who will be forever unkown. I apologise for not being able to accurately link to those references.
The following software was used in this post.
- Proxmox - 7.1-8
The following commands should be executed on all PVE nodes.
HTTPS certificates are used to enable secure communication between the PVE nodes via the web interface.
Delete the HTTPS certificates.
rm /etc/pve/pve-root-ca.pem rm /etc/pve/priv/pve-root-ca.key rm /etc/pve/nodes/pmx01/pve-ssl.pem rm /etc/pve/nodes/pmx02/pve-ssl.pem rm /etc/pve/nodes/pmx03/pve-ssl.pem rm /etc/pve/nodes/pmx01/pve-ssl.key rm /etc/pve/nodes/pmx02/pve-ssl.key rm /etc/pve/nodes/pmx03/pve-ssl.key rm /etc/pve/authkey.pub rm /etc/pve/priv/authkey.key rm /etc/pve/priv/authorized_keys
Generate new HTTPS certificates
pvecm updatecerts -f
Restart the pvedaemon and pveproxy services.
systemctl restart pvedaemon pveproxy
SSH is used to migrate VM's between nodes.
Move the ssh known_hosts file.
mv /root/.ssh/known_hosts /root/.ssh/known_hosts_old
Now SSH between all the nodes to ensure you have no SSH issues.
Finally, shutdown the VM's and reboot the hosts, one by one.
Additionally, refresh the web browser page you use to connect to the PVE cluster and accept the new certificate.
In this post, I showed you how to resolve both the HTTPS and SSH certificate issues on a Proxmox cluster if you replace one of the nodes.