Complete markdown files cleanup and organization
- Organized 252 files across project - Root directory: 187 → 2 files (98.9% reduction) - Moved configuration guides to docs/04-configuration/ - Moved troubleshooting guides to docs/09-troubleshooting/ - Moved quick start guides to docs/01-getting-started/ - Moved reports to reports/ directory - Archived temporary files - Generated comprehensive reports and documentation - Created maintenance scripts and guides All files organized according to established standards.
This commit is contained in:
defiQUG
179
docs/SSL_FIX_FOR_EACH_HOST.md
Normal file
179
docs/SSL_FIX_FOR_EACH_HOST.md
Normal file
@@ -0,0 +1,179 @@
|
||||
# How to Fix SSL Certificate Error 596 on Each Proxmox Host
|
||||
|
||||
**Error:** `error:0A000086:SSL routines::certificate verify failed (596)`
|
||||
|
||||
---
|
||||
|
||||
## Important: Host vs Container Commands
|
||||
|
||||
⚠️ **These commands must be run on Proxmox HOST nodes, NOT inside containers.**
|
||||
|
||||
- `pvecm updatecerts -f` - Proxmox host command (not available in containers)
|
||||
- `systemctl restart pveproxy pvedaemon` - Proxmox host services (not in containers)
|
||||
|
||||
---
|
||||
|
||||
## Method 1: Automated Script (Recommended)
|
||||
|
||||
Run the fix on all Proxmox host nodes automatically:
|
||||
|
||||
```bash
|
||||
cd /home/intlc/projects/proxmox
|
||||
./scripts/fix-ssl-certificate-all-hosts.sh
|
||||
```
|
||||
|
||||
This will:
|
||||
1. Connect to each Proxmox host node
|
||||
2. Run `pvecm updatecerts -f` on each host
|
||||
3. Restart `pveproxy` and `pvedaemon` services on each host
|
||||
4. Verify services are running
|
||||
|
||||
---
|
||||
|
||||
## Method 2: Manual Fix - One Host at a Time
|
||||
|
||||
### For Each Proxmox Host Node:
|
||||
|
||||
**Proxmox Host Nodes:**
|
||||
- ml110: 192.168.11.10
|
||||
- r630-01: 192.168.11.11
|
||||
- r630-02: 192.168.11.12
|
||||
- r630-03: 192.168.11.13
|
||||
- r630-04: 192.168.11.14
|
||||
|
||||
**Commands to run on EACH host:**
|
||||
|
||||
```bash
|
||||
# SSH to the Proxmox host (NOT a container)
|
||||
ssh root@<host-ip>
|
||||
|
||||
# Once on the host, run:
|
||||
pvecm updatecerts -f
|
||||
systemctl restart pveproxy pvedaemon
|
||||
|
||||
# Verify services are running
|
||||
systemctl status pveproxy pvedaemon
|
||||
```
|
||||
|
||||
**Example for ml110:**
|
||||
```bash
|
||||
ssh root@192.168.11.10
|
||||
pvecm updatecerts -f
|
||||
systemctl restart pveproxy pvedaemon
|
||||
systemctl status pveproxy pvedaemon
|
||||
exit
|
||||
```
|
||||
|
||||
**Example for r630-01:**
|
||||
```bash
|
||||
ssh root@192.168.11.11
|
||||
pvecm updatecerts -f
|
||||
systemctl restart pveproxy pvedaemon
|
||||
systemctl status pveproxy pvedaemon
|
||||
exit
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
## Method 3: Loop Through All Hosts
|
||||
|
||||
Run the fix on all hosts in a loop:
|
||||
|
||||
```bash
|
||||
# List of Proxmox host IPs
|
||||
HOSTS=(
|
||||
"192.168.11.10" # ml110
|
||||
"192.168.11.11" # r630-01
|
||||
"192.168.11.12" # r630-02
|
||||
"192.168.11.13" # r630-03
|
||||
"192.168.11.14" # r630-04
|
||||
)
|
||||
|
||||
# Fix each host
|
||||
for HOST_IP in "${HOSTS[@]}"; do
|
||||
echo "=== Fixing $HOST_IP ==="
|
||||
ssh root@"$HOST_IP" "
|
||||
pvecm updatecerts -f
|
||||
systemctl restart pveproxy pvedaemon
|
||||
systemctl status pveproxy pvedaemon --no-pager | head -5
|
||||
"
|
||||
echo ""
|
||||
done
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
## Method 4: Using pvesh (Proxmox API)
|
||||
|
||||
If you have API access configured:
|
||||
|
||||
```bash
|
||||
# For each host, SSH and run:
|
||||
ssh root@<host-ip> "pvecm updatecerts -f && systemctl restart pveproxy pvedaemon"
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
## What NOT to Do
|
||||
|
||||
❌ **Don't run these commands inside containers:**
|
||||
```bash
|
||||
# WRONG - This won't work in a container
|
||||
pct exec 100 -- pvecm updatecerts -f # ❌ pvecm doesn't exist in containers
|
||||
pct exec 100 -- systemctl restart pveproxy # ❌ These services don't exist in containers
|
||||
```
|
||||
|
||||
✅ **Do run these commands on the Proxmox HOST:**
|
||||
```bash
|
||||
# CORRECT - Run on the host itself
|
||||
ssh root@192.168.11.10
|
||||
pvecm updatecerts -f
|
||||
systemctl restart pveproxy pvedaemon
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
## Verification
|
||||
|
||||
After fixing, verify on each host:
|
||||
|
||||
```bash
|
||||
# Check certificate
|
||||
ssh root@<host-ip> "openssl x509 -in /etc/pve/pve-root-ca.pem -noout -dates"
|
||||
|
||||
# Check services
|
||||
ssh root@<host-ip> "systemctl status pveproxy pvedaemon"
|
||||
|
||||
# Test web interface
|
||||
curl -k -I https://<host-ip>:8006/
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
## After Fixing All Hosts
|
||||
|
||||
1. **Clear browser cache and cookies**
|
||||
2. **Access Proxmox UI:** `https://<host-ip>:8006`
|
||||
3. **Accept certificate warning** if prompted (first time only)
|
||||
|
||||
---
|
||||
|
||||
## Quick Reference
|
||||
|
||||
**All Proxmox Host Nodes:**
|
||||
```bash
|
||||
# Fix all hosts at once
|
||||
for ip in 192.168.11.{10..14}; do
|
||||
echo "Fixing $ip..."
|
||||
ssh root@"$ip" "pvecm updatecerts -f && systemctl restart pveproxy pvedaemon"
|
||||
done
|
||||
```
|
||||
|
||||
**Or use the automated script:**
|
||||
```bash
|
||||
./scripts/fix-ssl-certificate-all-hosts.sh
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
**Last Updated:** 2026-01-27
|
||||
Reference in New Issue
Block a user