d-bis/proxmox
4
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
4945abcf7c30f14cd09ad00e0463245922b15c82
proxmox/scripts/fix-ssl-certificate-error-596.sh
defiQUG cb47cce074 Complete markdown files cleanup and organization 
- Organized 252 files across project
- Root directory: 187 → 2 files (98.9% reduction)
- Moved configuration guides to docs/04-configuration/
- Moved troubleshooting guides to docs/09-troubleshooting/
- Moved quick start guides to docs/01-getting-started/
- Moved reports to reports/ directory
- Archived temporary files
- Generated comprehensive reports and documentation
- Created maintenance scripts and guides

All files organized according to established standards.
2026-01-06 01:46:25 -08:00

191 lines
6.3 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
# Fix Proxmox SSL Certificate Error 596
# Error: error:0A000086:SSL routines::certificate verify failed (596)
# Usage: ./scripts/fix-ssl-certificate-error-596.sh [node_ip|all]
set -euo pipefail
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
PROJECT_ROOT="$(cd "$SCRIPT_DIR/.." && pwd)"
# Colors
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
NC='\033[0m'
log_info() { echo -e "${BLUE}[INFO]${NC} $1"; }
log_success() { echo -e "${GREEN}[✓]${NC} $1"; }
log_warn() { echo -e "${YELLOW}[⚠]${NC} $1"; }
log_error() { echo -e "${RED}[✗]${NC} $1"; }
# Proxmox cluster nodes
declare -A NODES
NODES[ml110]="192.168.11.10"
NODES[r630-01]="192.168.11.11"
NODES[r630-02]="192.168.11.12"
NODES[r630-03]="192.168.11.13"
NODES[r630-04]="192.168.11.14"
fix_node() {
local node_ip="$1"
local node_name="${2:-$node_ip}"
log_info "=== Fixing SSL certificates on ${node_name} (${node_ip}) ==="
echo ""
# Test connectivity
if ! ping -c 2 -W 2 "$node_ip" >/dev/null 2>&1; then
log_error "Node ${node_ip} is NOT reachable"
return 1
fi
log_info "Connecting to ${node_ip}..."
echo ""
# Check if we can SSH without password (key-based auth)
if ssh -o ConnectTimeout=5 -o StrictHostKeyChecking=no -o BatchMode=yes root@"$node_ip" "echo 'Connected'" >/dev/null 2>&1; then
log_info "Using SSH key authentication"
SSH_CMD="ssh -o StrictHostKeyChecking=no root@${node_ip}"
else
log_warn "SSH key authentication not available"
log_info "You will need to run the commands manually on the node:"
echo ""
echo "SSH to the node:"
echo " ssh root@${node_ip}"
echo ""
echo "Then run:"
echo " pvecm updatecerts -f"
echo " systemctl restart pveproxy pvedaemon"
echo ""
return 1
fi
log_info "Executing SSL certificate fix..."
echo ""
$SSH_CMD bash <<'ENDSSH'
set -e
echo "=== Step 1: Checking current certificate status ==="
if [ -f /etc/pve/pve-root-ca.pem ]; then
echo "Current certificate dates:"
openssl x509 -in /etc/pve/pve-root-ca.pem -noout -dates 2>/dev/null || echo "Could not read certificate dates"
else
echo "Certificate file not found (may be normal)"
fi
echo ""
echo "=== Step 2: Regenerating SSL certificates ==="
if command -v pvecm >/dev/null 2>&1; then
pvecm updatecerts -f
echo "✓ Certificates regenerated"
else
echo "ERROR: pvecm command not found"
exit 1
fi
echo ""
echo "=== Step 3: Restarting Proxmox services ==="
systemctl restart pveproxy pvedaemon
sleep 2
echo "✓ Services restarted"
echo ""
echo "=== Step 4: Verifying services are running ==="
if systemctl is-active --quiet pveproxy && systemctl is-active --quiet pvedaemon; then
echo "✓ pveproxy: active"
echo "✓ pvedaemon: active"
else
echo "⚠ Some services may not be running properly"
systemctl status pveproxy --no-pager -l | head -5 || true
systemctl status pvedaemon --no-pager -l | head -5 || true
fi
echo ""
echo "=== Step 5: Verifying new certificate ==="
if [ -f /etc/pve/pve-root-ca.pem ]; then
echo "New certificate dates:"
openssl x509 -in /etc/pve/pve-root-ca.pem -noout -dates 2>/dev/null || echo "Could not read certificate dates"
fi
echo ""
echo "=== Step 6: Testing web interface ==="
if curl -k -s -o /dev/null -w "HTTP Status: %{http_code}\n" https://localhost:8006/ >/dev/null 2>&1; then
HTTP_CODE=$(curl -k -s -o /dev/null -w "%{http_code}" https://localhost:8006/ 2>/dev/null || echo "000")
if [ "$HTTP_CODE" = "200" ] || [ "$HTTP_CODE" = "401" ] || [ "$HTTP_CODE" = "302" ]; then
echo "✓ Web interface is responding (HTTP $HTTP_CODE)"
else
echo "⚠ Web interface returned HTTP $HTTP_CODE"
fi
else
echo "⚠ Could not test web interface"
fi
echo ""
ENDSSH
if [ $? -eq 0 ]; then
log_success "SSL certificate fix completed for ${node_name}"
# Test from remote
log_info "Testing web interface from remote..."
sleep 2
HTTP_CODE=$(curl -k -s -o /dev/null -w "%{http_code}" --connect-timeout 5 "https://${node_ip}:8006/" 2>/dev/null || echo "000")
if [ "$HTTP_CODE" = "200" ] || [ "$HTTP_CODE" = "401" ] || [ "$HTTP_CODE" = "302" ]; then
log_success "Web interface is accessible at https://${node_ip}:8006"
else
log_warn "Web interface test returned HTTP $HTTP_CODE"
log_info "You may need to clear your browser cache and cookies"
fi
else
log_error "SSL certificate fix failed for ${node_name}"
return 1
fi
echo ""
echo "----------------------------------------"
echo ""
}
# Determine target
TARGET="${1:-all}"
if [[ "$TARGET" == "all" ]]; then
log_info "Fixing SSL certificates on all Proxmox nodes..."
echo ""
for node_name in "${!NODES[@]}"; do
node_ip="${NODES[$node_name]}"
fix_node "$node_ip" "$node_name" || log_warn "Failed to fix ${node_name}, continuing..."
done
log_success "All fix attempts complete!"
echo ""
log_info "Next steps:"
log_info " 1. Clear browser cache and cookies"
log_info " 2. Access Proxmox UI: https://<node-ip>:8006"
log_info " 3. Accept certificate warning if prompted (first time only)"
elif [[ -n "${NODES[$TARGET]:-}" ]]; then
# Target is a node name
node_ip="${NODES[$TARGET]}"
fix_node "$node_ip" "$TARGET"
elif [[ "$TARGET" =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
# Target is an IP address
fix_node "$TARGET" "$TARGET"
else
log_error "Invalid target: $TARGET"
echo ""
echo "Usage: $0 [node_name|node_ip|all]"
echo ""
echo "Available nodes:"
for node_name in "${!NODES[@]}"; do
echo " - $node_name (${NODES[$node_name]})"
done
echo " - all (fix all nodes)"
exit 1
fi
Reference in New Issue View Git Blame Copy Permalink