Purpose

The purpose of this document is to explain the steps necessary to reset and regenerate the state of the node/host certificates.

Assumptions

This document assumes you have a properly functioning Proxmox cluster with all nodes accessible on the network/via web browser. You’re replaced or modified any of the certificate or key files generated by PVE and now need to revert to the default state.

Step 1 – Cleanup existing certificate files

Delete or move the following files:

/etc/pve/pve-root-ca.pem
/etc/pve/priv/pve-root-ca.key
/etc/pve/nodes/<node>/pve-ssl.pem
/etc/pve/nodes/<node>/pve-ssl.key

The latter two need to be repeated for all nodes if you have a cluster.

If you do not repeat the latter two on each host, your issue will return.

Step 2 – Regenerate certificates

Afterwards, run the following command on each node of the cluster to re-generate the certificates and keys:

pvecm updatecerts -f

Additional Information

https://pve.proxmox.com/wiki/HTTPS_Certificate_Configuration_(Version_4.x,_5.0_and_5.1)#Revert_to_default_configuration

Tag: certificates

How to Revert Node Certificates to Default Configuration in Proxmox VE