Recently, I had to replace one of the nodes in my 3 node Proxmox cluster. Once I replaced it, I found that I had certificate (both HTTP and SSH) errors between the hosts

In this post, I will show you how to resolve that issue.

I found the solution to these problems on the excellent Proxmox forum. I did however, lose the links to the posts. All credit goes to the legends of the forum who will be forever unkown. I apologise for not being able to accurately link to those references.

The following software was used in this post.

  • Proxmox - 7.1-8
The following commands should be executed on all PVE nodes.

HTTPS Certificates

HTTPS certificates are used to enable secure communication between the PVE nodes via the web interface.

Delete the HTTPS certificates.

rm /etc/pve/pve-root-ca.pem
rm /etc/pve/priv/pve-root-ca.key
rm /etc/pve/nodes/pmx01/pve-ssl.pem
rm /etc/pve/nodes/pmx02/pve-ssl.pem
rm /etc/pve/nodes/pmx03/pve-ssl.pem
rm /etc/pve/nodes/pmx01/pve-ssl.key
rm /etc/pve/nodes/pmx02/pve-ssl.key
rm /etc/pve/nodes/pmx03/pve-ssl.key
rm /etc/pve/
rm /etc/pve/priv/authkey.key
rm /etc/pve/priv/authorized_keys

Generate new HTTPS certificates

pvecm updatecerts -f

Restart the pvedaemon and pveproxy services.

systemctl restart pvedaemon pveproxy

SSH Certificates

SSH is used to migrate VM's between nodes.

Move the ssh known_hosts file.

mv /root/.ssh/known_hosts /root/.ssh/known_hosts_old

Now SSH between all the nodes to ensure you have no SSH issues.


Finally, shutdown the VM's and reboot the hosts, one by one.

Additionally, refresh the web browser page you use to connect to the PVE cluster and accept the new certificate.


In this post, I showed you how to resolve both the HTTPS and SSH certificate issues on a Proxmox cluster if you replace one of the nodes.