How to Revert Node Certificates to Default Configuration in Proxmox VE

Purpose

The purpose of this document is to explain the steps necessary to reset and regenerate the state of the node/host certificates.

Assumptions

This document assumes you have a properly functioning Proxmox cluster with all nodes accessible on the network/via web browser. You’re replaced or modified any of the certificate or key files generated by PVE and now need to revert to the default state.

Step 1 – Cleanup existing certificate files

Delete or move the following files:

  • /etc/pve/pve-root-ca.pem
  • /etc/pve/priv/pve-root-ca.key
  • /etc/pve/nodes/<node>/pve-ssl.pem
  • /etc/pve/nodes/<node>/pve-ssl.key

The latter two need to be repeated for all nodes if you have a cluster.

If you do not repeat the latter two on each host, your issue will return.

Step 2 – Regenerate certificates

Afterwards, run the following command on each node of the cluster to re-generate the certificates and keys:

pvecm updatecerts -f


Additional Information

https://pve.proxmox.com/wiki/HTTPS_Certificate_Configuration_(Version_4.x,_5.0_and_5.1)#Revert_to_default_configuration

Author: griffethbarker

Griff is a tinkerer and manager of IT, consultant of IT and management, and continuous student of organizational development. His hobbies and interests include games of all types (video, board, dice, card, tabletop, etc.) as well as listening to music, photography, and writing. Find him on LinkedIn!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s