Skip to main content

PROX003 - Proxmox TLS Certificate Error

Agent error code #PROX003 indicates that the agent could not establish a trusted TLS connection to Proxmox VE. The certificate presented by the cluster could not be verified.

By default Proxmox VE uses a self-signed certificate, which the agent will not trust unless told to.

Common causes include:

  • Proxmox is using its default self-signed certificate
  • The certificate is signed by an internal certificate authority the agent does not trust
  • The certificate has expired or is not yet valid
  • The hostname in the backend URL does not match the certificate's subject or SAN

Steps to Resolve

Use a Trusted Certificate

  1. Install a certificate on Proxmox that is signed by a CA trusted by the host running the agent (for example via the built-in ACME / Let's Encrypt integration under Datacenter > the node > System > Certificates)
  2. Confirm the backend URL hostname matches the certificate

Allow the Self-Signed Certificate

If you intend to keep the self-signed certificate, enable the Skip TLS verification option in the Knocknoc backend configuration for this Proxmox Knoc. Only do this when the agent reaches Proxmox over a trusted network path.

For more details, see the Proxmox setup guide.

Still Having Issues?

We can help you out, contact us at [email protected].