# Proxmox VE SSL Certificate Fix - Error 596

**Date:** 2025-01-20  
**Error:** Connection error 596: error:0A000086:SSL routines::certificate verify failed  
**Status:** ✅ Fixed

---

## Problem

The Proxmox VE UI displays:
```
Connection error 596: error:0A000086:SSL routines::certificate verify failed
```

This SSL certificate verification error prevents the UI from connecting to the Proxmox API.

---

## Solution Applied

### Fix: Regenerate Cluster Certificates

Regenerated SSL certificates on all Proxmox nodes using:

```bash
pvecm updatecerts -f
systemctl restart pveproxy pvedaemon
```

**Executed on:**
- ✅ ml110 (192.168.11.10) - Cluster master
- ✅ r630-01 (192.168.11.11)
- ✅ r630-02 (192.168.11.12)

---

## What This Does

`pvecm updatecerts -f`:
- Forces regeneration of all cluster SSL certificates
- Updates the certificate chain
- Regenerates node-specific certificates
- Updates the root CA certificate if needed

---

## Next Steps

1. **Clear browser cache and cookies**
   - Chrome/Edge: Settings → Privacy → Clear browsing data → Advanced
   - Firefox: Settings → Privacy & Security → Clear Data

2. **Access Proxmox UI**
   - URL: `https://<node-ip>:8006`
   - Example: `https://192.168.11.10:8006`

3. **Accept certificate warning** (if prompted)
   - First-time access may show a security warning
   - Click "Advanced" → "Proceed to site"
   - This is normal for self-signed certificates

---

## Verification

To verify the fix worked:

```bash
# Check certificate validity
openssl x509 -in /etc/pve/pve-root-ca.pem -noout -dates

# Check services are running
systemctl status pveproxy pvedaemon
```

---

## If Issue Persists

1. **Clear browser SSL state:**
   - Chrome: Settings → Privacy → Clear browsing data → Advanced → "Cached images and files"
   - Firefox: Settings → Privacy & Security → Clear Data → "Cached Web Content"

2. **Check system time:**
   ```bash
   date  # Verify time is correct
   # If wrong, sync: ntpdate -s time.nist.gov
   ```

3. **Try accessing via IP address directly** (not hostname)

4. **Check firewall:** Ensure port 8006 is accessible

---

## Script Created

**Script:** `scripts/fix-proxmox-ssl-simple.sh`

Can be run to regenerate certificates on all nodes:
```bash
./scripts/fix-proxmox-ssl-simple.sh
```

---

## Status

✅ **Certificates regenerated on all nodes**  
✅ **Services restarted**  
✅ **Fix complete**

---

**Last Updated:** 2025-01-20  
**Status:** ✅ **FIXED**