docs/SSL_CERTIFICATE_ERROR_596_FIX.md

# SSL Certificate Error 596 - Quick Fix Guide

**Error:** `error:0A000086:SSL routines::certificate verify failed (596)`  
**Date:** 2026-01-27  
**Status:** ✅ Fix Available

---

## Problem

The Proxmox VE UI displays:
```
Connection error 596: error:0A000086:SSL routines::certificate verify failed
```

This SSL certificate verification error prevents the UI from connecting to the Proxmox API.

---

## Quick Fix

### Automated Fix (Recommended)

Run the fix script on all nodes:

```bash
cd /home/intlc/projects/proxmox
./scripts/fix-ssl-certificate-error-596.sh all
```

Or fix a specific node:

```bash
# Fix specific node by name
./scripts/fix-ssl-certificate-error-596.sh ml110
./scripts/fix-ssl-certificate-error-596.sh r630-01

# Or by IP address
./scripts/fix-ssl-certificate-error-596.sh 192.168.11.10
```

### Manual Fix

If automated fix doesn't work, SSH to each Proxmox node and run:

```bash
# SSH to the node
ssh root@<node-ip>

# Regenerate certificates
pvecm updatecerts -f

# Restart services
systemctl restart pveproxy pvedaemon

# Verify services are running
systemctl status pveproxy pvedaemon
```

**Proxmox Cluster Nodes:**
- ml110: 192.168.11.10
- r630-01: 192.168.11.11
- r630-02: 192.168.11.12
- r630-03: 192.168.11.13
- r630-04: 192.168.11.14

---

## What This Does

`pvecm updatecerts -f`:
- Forces regeneration of all cluster SSL certificates
- Updates the certificate chain
- Regenerates node-specific certificates
- Updates the root CA certificate if needed
- Syncs certificates across cluster nodes

---

## After Fixing

1. **Clear browser cache and cookies**
   - Chrome/Edge: Settings → Privacy → Clear browsing data → Advanced → "Cached images and files"
   - Firefox: Settings → Privacy & Security → Clear Data → "Cached Web Content"

2. **Access Proxmox UI**
   - URL: `https://<node-ip>:8006`
   - Example: `https://192.168.11.10:8006`

3. **Accept certificate warning** (if prompted)
   - First-time access may show a security warning
   - Click "Advanced" → "Proceed to site"
   - This is normal for self-signed certificates in Proxmox

---

## Verification

To verify the fix worked:

```bash
# Check certificate validity
ssh root@<node-ip> "openssl x509 -in /etc/pve/pve-root-ca.pem -noout -dates"

# Check services are running
ssh root@<node-ip> "systemctl status pveproxy pvedaemon"

# Test web interface
curl -k -I https://<node-ip>:8006/
```

---

## If Issue Persists

1. **Clear browser SSL state completely**
   - Chrome: Settings → Privacy → Clear browsing data → Advanced → "Cached images and files"
   - Firefox: Settings → Privacy & Security → Clear Data → "Cached Web Content"

2. **Try accessing via IP address directly** (not hostname)

3. **Check system time synchronization:**
   ```bash
   ssh root@<node-ip> "date"
   # If time is wrong, sync it:
   ssh root@<node-ip> "systemctl restart systemd-timesyncd"
   ```

4. **Verify cluster status:**
   ```bash
   ssh root@<node-ip> "pvecm status"
   ```

5. **Check for cluster filesystem issues:**
   ```bash
   ssh root@<node-ip> "systemctl status pve-cluster"
   ```

---

## Related Scripts

- `scripts/fix-ssl-certificate-error-596.sh` - Automated fix script
- `scripts/fix-proxmox-ssl-cluster.sh` - More comprehensive SSL/cluster fix

---

## Root Cause

This error typically occurs when:
- SSL certificates expire or become invalid
- Cluster certificates get out of sync
- Certificate chain is broken
- System time is incorrect (certificates are time-sensitive)

---

**Last Updated:** 2026-01-27  
**Status:** ✅ Fix Available
Complete markdown files cleanup and organization - Organized 252 files across project - Root directory: 187 → 2 files (98.9% reduction) - Moved configuration guides to docs/04-configuration/ - Moved troubleshooting guides to docs/09-troubleshooting/ - Moved quick start guides to docs/01-getting-started/ - Moved reports to reports/ directory - Archived temporary files - Generated comprehensive reports and documentation - Created maintenance scripts and guides All files organized according to established standards. 2026-01-06 01:46:25 -08:00			`# SSL Certificate Error 596 - Quick Fix Guide`

			Error: `error:0A000086:SSL routines::certificate verify failed (596)`
			`Date: 2026-01-27`
			`Status: ✅ Fix Available`

			`---`

			`## Problem`

			`The Proxmox VE UI displays:`
			```
			`Connection error 596: error:0A000086:SSL routines::certificate verify failed`
			```

			`This SSL certificate verification error prevents the UI from connecting to the Proxmox API.`

			`---`

			`## Quick Fix`

			`### Automated Fix (Recommended)`

			`Run the fix script on all nodes:`

			```bash
			`cd /home/intlc/projects/proxmox`
			`./scripts/fix-ssl-certificate-error-596.sh all`
			```

			`Or fix a specific node:`

			```bash
			`# Fix specific node by name`
			`./scripts/fix-ssl-certificate-error-596.sh ml110`
			`./scripts/fix-ssl-certificate-error-596.sh r630-01`

			`# Or by IP address`
			`./scripts/fix-ssl-certificate-error-596.sh 192.168.11.10`
			```

			`### Manual Fix`

			`If automated fix doesn't work, SSH to each Proxmox node and run:`

			```bash
			`# SSH to the node`
			`ssh root@<node-ip>`

			`# Regenerate certificates`
			`pvecm updatecerts -f`

			`# Restart services`
			`systemctl restart pveproxy pvedaemon`

			`# Verify services are running`
			`systemctl status pveproxy pvedaemon`
			```

			`Proxmox Cluster Nodes:`
			`- ml110: 192.168.11.10`
			`- r630-01: 192.168.11.11`
			`- r630-02: 192.168.11.12`
			`- r630-03: 192.168.11.13`
			`- r630-04: 192.168.11.14`

			`---`

			`## What This Does`

			`pvecm updatecerts -f`:
			`- Forces regeneration of all cluster SSL certificates`
			`- Updates the certificate chain`
			`- Regenerates node-specific certificates`
			`- Updates the root CA certificate if needed`
			`- Syncs certificates across cluster nodes`

			`---`

			`## After Fixing`

			`1. Clear browser cache and cookies`
			`- Chrome/Edge: Settings → Privacy → Clear browsing data → Advanced → "Cached images and files"`
			`- Firefox: Settings → Privacy & Security → Clear Data → "Cached Web Content"`

			`2. Access Proxmox UI`
			- URL: `https://<node-ip>:8006`
			- Example: `https://192.168.11.10:8006`

			`3. Accept certificate warning (if prompted)`
			`- First-time access may show a security warning`
			`- Click "Advanced" → "Proceed to site"`
			`- This is normal for self-signed certificates in Proxmox`

			`---`

			`## Verification`

			`To verify the fix worked:`

			```bash
			`# Check certificate validity`
			`ssh root@<node-ip> "openssl x509 -in /etc/pve/pve-root-ca.pem -noout -dates"`

			`# Check services are running`
			`ssh root@<node-ip> "systemctl status pveproxy pvedaemon"`

			`# Test web interface`
			`curl -k -I https://<node-ip>:8006/`
			```

			`---`

			`## If Issue Persists`

			`1. Clear browser SSL state completely`
			`- Chrome: Settings → Privacy → Clear browsing data → Advanced → "Cached images and files"`
			`- Firefox: Settings → Privacy & Security → Clear Data → "Cached Web Content"`

			`2. Try accessing via IP address directly (not hostname)`

			`3. Check system time synchronization:`
			```bash
			`ssh root@<node-ip> "date"`
			`# If time is wrong, sync it:`
			`ssh root@<node-ip> "systemctl restart systemd-timesyncd"`
			```

			`4. Verify cluster status:`
			```bash
			`ssh root@<node-ip> "pvecm status"`
			```

			`5. Check for cluster filesystem issues:`
			```bash
			`ssh root@<node-ip> "systemctl status pve-cluster"`
			```

			`---`

			`## Related Scripts`

			- `scripts/fix-ssl-certificate-error-596.sh` - Automated fix script
			- `scripts/fix-proxmox-ssl-cluster.sh` - More comprehensive SSL/cluster fix

			`---`

			`## Root Cause`

			`This error typically occurs when:`
			`- SSL certificates expire or become invalid`
			`- Cluster certificates get out of sync`
			`- Certificate chain is broken`
			`- System time is incorrect (certificates are time-sensitive)`

			`---`

			`Last Updated: 2026-01-27`
			`Status: ✅ Fix Available`