# SSL Certificate Error 596 - Quick Fix Guide **Error:** `error:0A000086:SSL routines::certificate verify failed (596)` **Date:** 2026-01-27 **Status:** ✅ Fix Available --- ## Problem The Proxmox VE UI displays: ``` Connection error 596: error:0A000086:SSL routines::certificate verify failed ``` This SSL certificate verification error prevents the UI from connecting to the Proxmox API. --- ## Quick Fix ### Automated Fix (Recommended) Run the fix script on all nodes: ```bash cd /home/intlc/projects/proxmox ./scripts/fix-ssl-certificate-error-596.sh all ``` Or fix a specific node: ```bash # Fix specific node by name ./scripts/fix-ssl-certificate-error-596.sh ml110 ./scripts/fix-ssl-certificate-error-596.sh r630-01 # Or by IP address ./scripts/fix-ssl-certificate-error-596.sh 192.168.11.10 ``` ### Manual Fix If automated fix doesn't work, SSH to each Proxmox node and run: ```bash # SSH to the node ssh root@ # Regenerate certificates pvecm updatecerts -f # Restart services systemctl restart pveproxy pvedaemon # Verify services are running systemctl status pveproxy pvedaemon ``` **Proxmox Cluster Nodes:** - ml110: 192.168.11.10 - r630-01: 192.168.11.11 - r630-02: 192.168.11.12 - r630-03: 192.168.11.13 - r630-04: 192.168.11.14 --- ## What This Does `pvecm updatecerts -f`: - Forces regeneration of all cluster SSL certificates - Updates the certificate chain - Regenerates node-specific certificates - Updates the root CA certificate if needed - Syncs certificates across cluster nodes --- ## After Fixing 1. **Clear browser cache and cookies** - Chrome/Edge: Settings → Privacy → Clear browsing data → Advanced → "Cached images and files" - Firefox: Settings → Privacy & Security → Clear Data → "Cached Web Content" 2. **Access Proxmox UI** - URL: `https://:8006` - Example: `https://192.168.11.10:8006` 3. **Accept certificate warning** (if prompted) - First-time access may show a security warning - Click "Advanced" → "Proceed to site" - This is normal for self-signed certificates in Proxmox --- ## Verification To verify the fix worked: ```bash # Check certificate validity ssh root@ "openssl x509 -in /etc/pve/pve-root-ca.pem -noout -dates" # Check services are running ssh root@ "systemctl status pveproxy pvedaemon" # Test web interface curl -k -I https://:8006/ ``` --- ## If Issue Persists 1. **Clear browser SSL state completely** - Chrome: Settings → Privacy → Clear browsing data → Advanced → "Cached images and files" - Firefox: Settings → Privacy & Security → Clear Data → "Cached Web Content" 2. **Try accessing via IP address directly** (not hostname) 3. **Check system time synchronization:** ```bash ssh root@ "date" # If time is wrong, sync it: ssh root@ "systemctl restart systemd-timesyncd" ``` 4. **Verify cluster status:** ```bash ssh root@ "pvecm status" ``` 5. **Check for cluster filesystem issues:** ```bash ssh root@ "systemctl status pve-cluster" ``` --- ## Related Scripts - `scripts/fix-ssl-certificate-error-596.sh` - Automated fix script - `scripts/fix-proxmox-ssl-cluster.sh` - More comprehensive SSL/cluster fix --- ## Root Cause This error typically occurs when: - SSL certificates expire or become invalid - Cluster certificates get out of sync - Certificate chain is broken - System time is incorrect (certificates are time-sensitive) --- **Last Updated:** 2026-01-27 **Status:** ✅ Fix Available