kvm: -vnc unix:/var/run/qemu-server/105.vnc,x509,password: Failed to start VNC server: Unable to access credentials /etc/pve/local/pve-ssl.pem: No such file or directory
TASK ERROR: start failed: command ‘/usr/bin/kvm -id 105 -chardev……
Revert to default SSL configuration
rm -rf /etc/pve/pve-root-ca.pem
rm -rf /etc/pve/priv/pve-root-ca.key
rm -rf /etc/pve/nodes/pve01/pve-ssl.pem
rm -rf /etc/pve/nodes/pve01/pve-ssl.key
rm /etc/pve/pve-root-ca.pem /etc/pve/priv/pve-root-ca.key
pvecm updatecerts -f
systemctl restart pveproxy
The easiest way to install Let’s Encrypt client by cloning github repository. To install git on your system you must enable Epel repositories with the following command
yum -y install epel-release
Install git client
yum -y install git
Change directory and go to /usr/src
Clone Let’s Encrypt Client from Github
git clone https://github.com/letsencrypt/letsencrypt
Run letsencrypt-auto script with your domain name
./letsencrypt-auto --apache -d FullyQualifiedDomainName
This Script will download and install all necessary packages.
Answer following questions.
- Enter email address ( Used for urgent renewal and security notices)
- Please read the Terms of Service and Accept it
- Would you be willing to share your email.....
- Select ssl.conf
IMPORTANT NOTES: – Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/ YourFullDomainName/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/YourFullDomainName /privkey.pem Your cert will expire on 2017-11-12. To obtain a new or tweaked version of this certificate in the future, simply run letsencrypt-auto again with the “certonly” option. To non-interactively renew *all* of your certificates, run “letsencrypt-auto renew” – Your account credentials have been saved in your Certbot configuration directory at /etc/letsencrypt. You should make a secure backup of this folder now. This configuration directory will also contain certificates and private keys obtained by Certbot so making regular backups of this folder is ideal.
Certificate has been installed successfully.
Let’s Encrypt certificate is only valid for 90 days. To renew automatically add following line to your corn job.
0 1 12 * * /usr/src/letsencrypt/certbot-auto renew
Login to Webmin site using https://your-domain-name.com:10000
Once you log in, you will see Webmin Dashboard.
Click on your server’s hostname
You will be presented Hostname and DNS Client page.
Enter a fully qualified Domain Name into hostname filed and click on Save.
Go to Webmin Configuration then select SSL Encryption
Using following screen obtains and renew certificate.
We can setup Webmin to automatically renew certificate.
Hostname for certificate: Make sure you have typed correct Fully Qualified Domain Name
Website root directory for validation file: Enter /var/www/html/
Months between automatic renewal: Select the radio button to the left of the input box and type 1 in the input box
Click on Request Certificate Button
After a few seconds, you will see a confirmation screen.
Reload the Webmin page and you browser will show valid certificate.