Introduction

Recently, I had to replace one of the nodes in my 3 node Proxmox cluster. Once I replaced it, I found that I had certificate (both HTTP and SSH) errors between the hosts

In this post, I will show you how to resolve that issue.

Hot Tip

I found the solution to these problems on the excellent Proxmox forum. I did however, lose the links to the posts. All credit goes to the legends of the forum who will be forever unkown. I apologise for not being able to accurately link to those references.

The following software was used in this post.

  • Proxmox - 7.1-8

Note

The following commands should be executed on all PVE nodes.

HTTPS Certificates

HTTPS certificates are used to enable secure communication between the PVE nodes via the web interface.

Delete the HTTPS certificates.

cmd

rm /etc/pve/pve-root-ca.pem
rm /etc/pve/priv/pve-root-ca.key
rm /etc/pve/nodes/pmx01/pve-ssl.pem
rm /etc/pve/nodes/pmx02/pve-ssl.pem
rm /etc/pve/nodes/pmx03/pve-ssl.pem
rm /etc/pve/nodes/pmx01/pve-ssl.key
rm /etc/pve/nodes/pmx02/pve-ssl.key
rm /etc/pve/nodes/pmx03/pve-ssl.key
rm /etc/pve/authkey.pub
rm /etc/pve/priv/authkey.key
rm /etc/pve/priv/authorized_keys
    

Generate new HTTPS certificates

cmd

pvecm updatecerts -f
    

Restart the pvedaemon and pveproxy services.

cmd

systemctl restart pvedaemon pveproxy
    

SSH Certificates

SSH is used to migrate VM's between nodes.

Move the ssh known_hosts file.

cmd

mv /root/.ssh/known_hosts /root/.ssh/known_hosts_old
    

Now SSH between all the nodes to ensure you have no SSH issues.

Reboot

Finally, shutdown the VM's and reboot the hosts, one by one.

Additionally, refresh the web browser page you use to connect to the PVE cluster and accept the new certificate.

Summary

In this post, I showed you how to resolve both the HTTPS and SSH certificate issues on a Proxmox cluster if you replace one of the nodes.

Tags

proxmox