PROX003 - Proxmox TLS Certificate Error
Agent error code #PROX003 indicates that the agent could not establish a trusted TLS connection to Proxmox VE. The certificate presented by the cluster could not be verified.
By default Proxmox VE uses a self-signed certificate, which the agent will not trust unless told to.
Common causes include:
- Proxmox is using its default self-signed certificate
- The certificate is signed by an internal certificate authority the agent does not trust
- The certificate has expired or is not yet valid
- The hostname in the backend URL does not match the certificate's subject or SAN
Steps to Resolve
Use a Trusted Certificate
- Install a certificate on Proxmox that is signed by a CA trusted by the host running the agent (for example via the built-in ACME / Let's Encrypt integration under Datacenter > the node > System > Certificates)
- Confirm the backend URL hostname matches the certificate
Allow the Self-Signed Certificate
If you intend to keep the self-signed certificate, enable the Skip TLS verification option in the Knocknoc backend configuration for this Proxmox Knoc. Only do this when the agent reaches Proxmox over a trusted network path.
For more details, see the Proxmox setup guide.
Still Having Issues?
We can help you out, contact us at [email protected].