Skip to main content

Proxmox TLS, SSH, Certificate Errors

Occasionally while adding/removing a node or making other significant changes to your Proxmox cluster, you'll get some errors about unauthorized SSH keys or Certificates. You might be unable to migrate VMs/containers, unable to use virtual consoles, or unable to access the web interface at all.

One example error:

tls_process_server_certificate: certificate verify failed (596)

Generally, executing the following command will fix it right up:

pvecm updatecerts -F && systemctl restart pvedaemon pveproxy

Sometimes, the nuclear option is required. That means deleting all instances of the problem node from SSH known_hosts, verifying /etc/hosts info is correct on each node, and then executing the following:

pvecm updatecerts -F

service pve-cluster stop && service corosync stop && service pvestatd stop && service pveproxy stop && service pvedaemon stop

service pve-cluster start && service corosync start && service pvestatd start && service pveproxy start

I have had these errors occur after reinstalling Proxmox on a node and attempting to rejoin the cluster with the same hostname/ip. Performing the steps above usually gets me back in business pretty quickly.