Proxmox Certificate Error Fix After Node Replacement

Published: 2021-12-31

Intro

Recently, I had to replace one of the nodes in my 3 node Proxmox cluster. Once I replaced it, I found that I had certificate (both HTTP and SSH) errors between the hosts

In this post, I will show you how to resolve that issue.

Important
I found the solution to these problems on the excellent Proxmox forum. I did however, lose the links to the posts. All credit goes to the legends of the forum who will be forever unkown. I apologise for not being able to accurately link to those references.

The following software was used in this post.

  • Proxmox - 7.1-8
Note
The following commands should be executed on all PVE nodes.

HTTPS Certificates

HTTPS certificates are used to enable secure communication between the PVE nodes via the web interface.

Delete the HTTPS certificates.

text
rm /etc/pve/pve-root-ca.pem
rm /etc/pve/priv/pve-root-ca.key
rm /etc/pve/nodes/pmx01/pve-ssl.pem
rm /etc/pve/nodes/pmx02/pve-ssl.pem
rm /etc/pve/nodes/pmx03/pve-ssl.pem
rm /etc/pve/nodes/pmx01/pve-ssl.key
rm /etc/pve/nodes/pmx02/pve-ssl.key
rm /etc/pve/nodes/pmx03/pve-ssl.key
rm /etc/pve/authkey.pub
rm /etc/pve/priv/authkey.key
rm /etc/pve/priv/authorized_keys

Generate new HTTPS certificates

text
pvecm updatecerts -f

Restart the pvedaemon and pveproxy services.

text
systemctl restart pvedaemon pveproxy

SSH Certificates

SSH is used to migrate VM's between nodes.

Move the ssh known_hosts file.

text
mv /root/.ssh/known_hosts /root/.ssh/known_hosts_old

Now SSH between all the nodes to ensure you have no SSH issues.

Reboot

Finally, shutdown the VM's and reboot the hosts, one by one.

Additionally, refresh the web browser page you use to connect to the PVE cluster and accept the new certificate.

Outro

In this post, I showed you how to resolve both the HTTPS and SSH certificate issues on a Proxmox cluster if you replace one of the nodes.

Tags

#proxmox