I dont have it handy from my DeepQuery session, but it'll provide the reference if you try the question yourself
Original Message:
Sent: Oct 10, 2024 11:18 AM
From: Barry Tuber
Subject: SSL Problem
I was finally able to get console access to the virtual machines by connecting to the esxi host via IP address instead of domain name. My guess is that something in my web configuration was preventing access, maybe because whatever port esxi needed for console access was not open?
Original Message:
Sent: Oct 09, 2024 06:54 PM
From: tuberb
Subject: SSL Problem
Thanks, but:
- I am pasting in a .pem file which has no control characters, but I am not sure which pieces of the certificate to paste in
- I ran /sbin/generate-certificates and the message about the certificate assigned to the host having expired is gone, but remote console still says "connection error: could not negotiate SSL" when trying to connect to a host.
Barry
Original Message:
Sent: Oct 09, 2024 05:03 PM
From: svaghani1
Subject: SSL Problem
Pasting this into Tiyaro DeepQuery suggests that there might be hidden control characters in the certificate requiring cleanup....or the heavy hammer approach of regenerating certs using /sbin/generate-certificates
Original Message:
Sent: Oct 09, 2024 01:18 PM
From: tuberb
Subject: SSL Problem
I have a standalone esxi installation that I am trying to add some hosts to, which I have not done for a while.
I am unable to get the console to work for any of the virtual machines that are running. When I click on the window icon for a machine I get a "Failed to connect" message, and when I try to launch a remote console I get a "Connection error: could not negotiate SSL" message.
The host has an ssl certificate installed that covers the url I use to login to it, and that was installed by generating a letsencrypt certificate, copying the appropriate pieces into rui.crt and rui.key and uploading those into /etc/vmware/ssl.
That does not seem to address the issue I have here, and in the esxi host page I still see a "The certificate assigned to this host has expired. You should install a valid certificate." message.
I have tried importing the cert.pem from letsencrypt but that resulted in a "failed to import new SSL certificate" error. So I am now trying to follow the instructions here: https://gethttpsforfree.com/ to get a certificate that can be installed from the /host/manage/security/certificates page in esxi. Unfortunately, some of the command that need to be entered when SSHing into esxi are longer than the terminal buffer there seems to allow, and I can't seem to find where to be able to control the setting for that.
Any suggestions on either:
- how to enlarge the terminal buffer so that I can run the commands to generate a certificate from the gethttpsforfree.com page
- what pieces of the certificate generated by letsencrypt/certbot should be pasted into the form on the /host/manage/security/certificates page in esxi?
Thanks.