Hi, My systemvm’s have a public IP, and they can indeed resolve hostnames on the internet.
I am thankful though for your reply, could have been it as well. :) -- Jimmy From: Fariborz Navidan <mdvlinqu...@gmail.com> Date: Thursday, 14 November 2024 at 23:45 To: users@cloudstack.apache.org <users@cloudstack.apache.org> Subject: Re: ssl certificate proxy vm not working Hello, Recently I had a similar issue where in my case the cause was the internet connectivity of console proxy so that console proxy VM could not resolve the hostname of the SSL cert. As a result, it was unable to complete the SSL handshake. To fix this I managed to masquerade internet traffic from system VMs' IP address range through the host's public network interface. If this is your case as well, please ensure that your CPVM can reach the resolver and the Internet. Regards. On Thu, Nov 14, 2024 at 11:47 PM Jimmy Huybrechts <ji...@linservers.com> wrote: > From what I can see that is indeed the issue, which kind of is a bummer ☹ > I tried migrating a vm to a different server and console started working. > As the person there also did, I increased the validity time by a lot now. > > -- > Jimmy > > From: Wei ZHOU <ustcweiz...@gmail.com> > Date: Thursday, 14 November 2024 at 20:11 > To: users@cloudstack.apache.org <users@cloudstack.apache.org> > Subject: Re: ssl certificate proxy vm not working > I suspect you are hitting the issue > https://github.com/apache/cloudstack/issues/9718 > Unfortunately I have no idea how to fix it in the codewise, except > migrating the vm or stopping/starting it > > -Wei > > On Thu, Nov 14, 2024 at 7:31 PM Jimmy Huybrechts <ji...@linservers.com> > wrote: > > > Seems indeed you are on to something. > > > > I have 6 hosts, all KVM. > > > > If I pick a VM on host 3, it opens the console, if I pick a vm on host 2 > > it says not after Nov 1st, if I pick a VM on host 4 it says not after nov > > 14th. > > > > So How do I fix this? :) > > > > -- > > Jimmy > > > > From: Wei ZHOU <ustcweiz...@gmail.com> > > Date: Thursday, 14 November 2024 at 18:16 > > To: users@cloudstack.apache.org <users@cloudstack.apache.org> > > Subject: Re: ssl certificate proxy vm not working > > Do you use kvm ? > > If so, it might be due to the expiration (and renewal) of certificate on > > the kvm host. > > Try migrating the vm to another host, or stop/start it. > > > > > > On Thursday, November 14, 2024, Jimmy Huybrechts <ji...@linservers.com> > > wrote: > > > > > Hi, > > > > > > So I’m having a weird issue on the proxy vm with the certificate. I > know > > > the certificate is correct, because when I copy them from the database > > and > > > put them into an ssl decoder it shows up as not after 31 dec 2024. > > > > > > However if I try opening the console of an instance it just says > > > connecting and then times out. > > > > > > When I look in the systemvm itself it then says: > > > Nov 14 15:51:22 v-255-VM _run.sh[2717]: at > > > java.base/java.lang.Thread.run(Thread.java:829) > > > Nov 14 15:51:22 v-255-VM _run.sh[2717]: at > > com.cloud.consoleproxy. > > > ConsoleProxyNoVncClient$1.run(ConsoleProxyNoVncClient.java:108) > > > Nov 14 15:51:22 v-255-VM _run.sh[2717]: at > > com.cloud.consoleproxy. > > > ConsoleProxyNoVncClient.authenticateToVNCServer( > > > ConsoleProxyNoVncClient.java:189) > > > Nov 14 15:51:22 v-255-VM _run.sh[2717]: at > > com.cloud.consoleproxy. > > > ConsoleProxyNoVncClient.authenticateVNCServerThroughNioSocket( > > > ConsoleProxyNoVncClient.java:232) > > > Nov 14 15:51:22 v-255-VM _run.sh[2717]: at > > com.cloud.consoleproxy. > > > > ConsoleProxyNoVncClient.handshakePhase(ConsoleProxyNoVncClient.java:204) > > > Nov 14 15:51:22 v-255-VM _run.sh[2717]: at > > com.cloud.consoleproxy. > > > ConsoleProxyNoVncClient.handshakeSecurityResult( > > > ConsoleProxyNoVncClient.java:210) > > > Nov 14 15:51:22 v-255-VM _run.sh[2717]: at > > > com.cloud.consoleproxy.vnc.NoVncClient.processHandshakeSecurityType( > > > NoVncClient.java:518) > > > Nov 14 15:51:22 v-255-VM _run.sh[2717]: at > > > com.cloud.consoleproxy.vnc.security.VncTLSSecurity. > > > process(VncTLSSecurity.java:96) > > > Nov 14 15:51:22 v-255-VM _run.sh[2717]: Exception in thread "Thread-27" > > > com.cloud.utils.exception.CloudRuntimeException: > > javax.net.ssl.SSLHandshakeException: > > > NotAfter: Fri Nov 01 13:28:12 UTC 2024 > > > > > > But I have no idea where it gets that 1 nov from.. how to check which > > > certs the system vm has? > > > > > > -- > > > Jimmy > > > > > >
