How to Revert Node Certificates to Default Configuration in Proxmox VE

Purpose

The purpose of this document is to explain the steps necessary to reset and regenerate the state of the node/host certificates.

Assumptions

This document assumes you have a properly functioning Proxmox cluster with all nodes accessible on the network/via web browser. You’re replaced or modified any of the certificate or key files generated by PVE and now need to revert to the default state.

Step 1 – Cleanup existing certificate files

Delete or move the following files:

  • /etc/pve/pve-root-ca.pem
  • /etc/pve/priv/pve-root-ca.key
  • /etc/pve/nodes/<node>/pve-ssl.pem
  • /etc/pve/nodes/<node>/pve-ssl.key

The latter two need to be repeated for all nodes if you have a cluster.

If you do not repeat the latter two on each host, your issue will return.

Step 2 – Regenerate certificates

Afterwards, run the following command on each node of the cluster to re-generate the certificates and keys:

pvecm updatecerts -f


Additional Information

https://pve.proxmox.com/wiki/HTTPS_Certificate_Configuration_(Version_4.x,_5.0_and_5.1)#Revert_to_default_configuration

How to Fix “Cluster Not Ready – No Quorum?” in Proxmox

Purpose

This document will delineate the steps necessary to work around a situation where your Proxmox cluster will not allow you to interact with it due to lack of quorum between the hosts.

Assumptions

This document assumes that the nodes in the cluster are all online with proper certificates, network connectivity, and that the administrator intents to properly resolve the quorum issue following these steps.

This guide is not intended to be a permanent solution, but rather a work-around.

Cause

This occurs when the cluster quorum is not configured correctly –or– when a cluster member is offline. The intended function of the cluster is to not work if the quorum does not receive the adequate number of votes from the cluster to begin. You can manually set the number of expected quorum.

Step 1 – Override expected number of quorum votes

You can manually set the number of expected quorum votes by running this command:

pvecm expected #

where # is the number of votes you wish to make the quorum use to determine if the cluster is quorate.

Only manually override this if the node that is offline is about to be deleted from the cluster.

Following use of this command, the cluster should achieve quorum and allow you to interact with it. It is recommended that you remove the problem node from the cluster following the procedure.


Additional Information

https://pve.proxmox.com/wiki/Cluster_Manager

https://forum.proxmox.com/threads/cluster-and-quorum.7786/

https://www.jm.technology/post/proxmox_quorum_april_2019/