How to Revert Node Certificates to Default Configuration in Proxmox VE

Purpose

The purpose of this document is to explain the steps necessary to reset and regenerate the state of the node/host certificates.

Assumptions

This document assumes you have a properly functioning Proxmox cluster with all nodes accessible on the network/via web browser. You’re replaced or modified any of the certificate or key files generated by PVE and now need to revert to the default state.

Step 1 – Cleanup existing certificate files

Delete or move the following files:

  • /etc/pve/pve-root-ca.pem
  • /etc/pve/priv/pve-root-ca.key
  • /etc/pve/nodes/<node>/pve-ssl.pem
  • /etc/pve/nodes/<node>/pve-ssl.key

The latter two need to be repeated for all nodes if you have a cluster.

If you do not repeat the latter two on each host, your issue will return.

Step 2 – Regenerate certificates

Afterwards, run the following command on each node of the cluster to re-generate the certificates and keys:

pvecm updatecerts -f


Additional Information

https://pve.proxmox.com/wiki/HTTPS_Certificate_Configuration_(Version_4.x,_5.0_and_5.1)#Revert_to_default_configuration