Purpose
The purpose of this document is to explain the steps necessary to reset and regenerate the state of the node/host certificates.
Assumptions
This document assumes you have a properly functioning Proxmox cluster with all nodes accessible on the network/via web browser. You’re replaced or modified any of the certificate or key files generated by PVE and now need to revert to the default state.
Step 1 – Cleanup existing certificate files
Delete or move the following files:
- /etc/pve/pve-root-ca.pem
- /etc/pve/priv/pve-root-ca.key
- /etc/pve/nodes/<node>/pve-ssl.pem
- /etc/pve/nodes/<node>/pve-ssl.key
The latter two need to be repeated for all nodes if you have a cluster.
If you do not repeat the latter two on each host, your issue will return.
Step 2 – Regenerate certificates
Afterwards, run the following command on each node of the cluster to re-generate the certificates and keys:
pvecm updatecerts -f
