Workaround needed for default PVE self-signed CA/certs and python3.13's new strict cert checking - 惯性聚合

推荐订阅源

博客园 - 三生石上(FineUI控件)

Threat Research - Cisco Blogs

钛媒体：引领未来商业与生活新知

Hugging Face - Blog

罗磊的独立博客

博客园 - 聂微东

人人都是产品经理

Proofpoint News Feed

博客园 - Franky

Apple Machine Learning Research

美团技术团队

Java Code Geeks

让小产品的独立变现更简单 - ezindie.com

Security Latest

Recent Commits to openclaw:main

Recorded Future

Hacker News - Newest: "LLM"

LINUX DO - 热门话题

Recent Announcements

Last Week in AI

About on SuperTechFans

News | PayPal Newsroom

大猫的无限游戏

CTFtime.org: upcoming CTF events

奇客Solidot–传递最新科技情报

Schneier on Security

SegmentFault 最新的问题

宝玉的分享

Visual Studio Blog

Tor Project blog

Comments on: Blog

Proxmox Support Forum

How to encrypt new disk in PVE? [feature suggestion] Degraded ZFS pools should be reflected in node state Restoring backup on another system does not work Network issues on kernel-6.8.12-28-pve causing cluster to fail ASMEDIA SATA Controller Woes - 1164 Works, 1166 and 1064 Do Not Github Auth for Mirrors-Kernel Repo? [Automation] Mass migration tool for MS Win11/Server Proxmox GUI hang - not response is it possible to reject or quarantine spam based on conditions I set ? The PVENode task list in PVE9 is partially obscured due to the terminal font being too large. About 100% error reporting due to pveproxy.service hooks Kubernetes overlay networking breaks when upgrading from PVE 9.1 to PVE 9.2.3 Zentraler Speicher No space left on device Combine datastore and direct file archival to tape Kernel panic VFS: Unable to mount root fs on unknown-block (0,0) sobald ein 7.x Kernel verwendet wird. How to migrate disk of a VM from one ZFS to another Windows Server 2025 fails to boot after PVE 9.2 / Linux 7.0 Kernel upgrade Cannot Install Proxmox on T610 Poweredge with H700 PERC card sdn Config. gateway not reachable How to safely change domain/FQDN? Welche Filterquote erreicht ihr? NFS Share status unknown on 2 of 5 nodes Can't connect to PVE9 consoles Can't connect to PVE9 consoles [solved] Use secondary network for PVE commands Created cluster, one node storage gone BUG: proxmox mail gateway FROM = null bypass spam filtering Moving existing PBS from VMWare workstation to PVE cluster Does eBGP SDN fabric support external peering? Bug: PDM 1.1 not recognizing valid license status Proxmo GUI hang - not response PVE crashes unexpectedly Proxmox Backup Server 4.2 released! Advice ceph-osd crashes with kernel 6.17.2-1-pve on Dell system [META] Links on Proxmox Forum Website Hardwarer oder Software RAID Joining a cluster with already created guests VM PDM missing backup jobs from PVE / Log retention Remove VM.Monitor from all users/roles, PVE 9.2 Proxmox Freezing (new instalation) 9.2.2 - Intel 12700T No Web gui and random connection reset by peer [SOLVED] - i40e module for X710 Intel NIC PBS trixie repo no public key PBS trixie repo no public key Dutch Proxmox Day 2026 Updates Changelog How pools use the space Updates Changelog Corosync initiiert Reboot trotz Verfügbarkeit der Systeme Opt-in Linux 7.0 Kernel for Proxmox VE 9 available After PVE 8to9 upgrade, unable to check guest fs freeze status Problem with MegaRAID SAS3508 controller proxmox-kernel-7.0.2-6-pve failing network service Auto sync guest time after rollback of VM snapshot with RAM/state Broadcom BCM57504 (100G) bnxt_en TX timeout and NIC reset on Proxmox 8.1.5 — while BCM57414 (25G) works fine on same host QEMU 11.0 available on pve-test and pve-no-subscription as of now 350 MPM Solventless Lamination Machine for High-Speed Flexible Packaging Making sense of NVMe zfs and SMART errors PVE loses network connection after kernel upgrade to proxmox-kernel-7.0.0-3-pve [SOLVED] - Remove or reset cluster configuration. Proxmox 8.4.1 Fresh Install BCM57416 10G Ethernet Adapter Not Recognized PDM 1.1.1 unable to add AD realm with anonymous search [TUTORIAL] - Developer Workstation (Proxmox-VE 9) with cinnamon (LMDE7) SDN zone shows "pending" on peer nodes after node reboot (9.2.x) -- is this a bug? Cluster not quorate - extending auth key lifetime! Proxmox not rebooting properly (SOLVED) Proxmox 9 Stuck on loading initial ramdisk With new HA-Disarm Feature is there a Documentation for NUT Setup on Clusters? Proxmox 8.3 Installation Issue on ProLiant DL380 Gen9 Cluster networking setup LXC System images unavailable PVE 9 apparmor errors [SOLVED] - Fix: NVIDIA Drivers Failing after upgrade to Proxmox 9.2.2 (Kernel 7.0.2-6-pve) / NovaCore Conflict Install NUT directly on Proxmox VE and control guests from here PVE 9 apparmor errors driver usb for windows 7 System startup error and no network: Failed to start ifupdown2-pre.service - Helper to synchronize boot up for ifupdown. PBS backup space grow up constantly Proxmox Datacenter Manager 1.1 released! IPv4 not available in newly created VM Recommended Setup for Offsite Proxmox Backups? Hetzner Storage Box & Remote PBS Challenges duplicate, please delete this passthrought an USB device "by ID" to CT PDM Installer Freezes at 66% Tried PDM for the first time (version 1.1) - had issues PDM 1.1 automated install Suche Server-Provider für Proxmox connecting sdn to edge firewall SDN, IPAM & DHCP Migrating from read-only file system Ubuntu 26.04 installation fails for unknown reason Status Unbekannt nach Cluster Join NEW: Proxmox in a Docker container (testers wanted) Installing Proxmox Backup Server on Mac Mini (Late 2012) kernel 7.0 performance issue with zfs pools PVE becomes unreachable via ethernet but OS is running [SOLVED] - New 9.2 install - can't find 7.0.2-6-pve , not all the time [SOLVED] - Backup and dedupe a VM with LUKS

Workaround needed for default PVE self-signed CA/certs and python3.13's new strict cert checking

invalid@exam · 2026-05-31 · via Proxmox Support Forum

This is probably a pretty simple one, but how to I influence the various certificate attributes when creating node/api certs with:

Code:

pvecm updatecerts

?

With a recent move to python3.13 and its new strict cert checking the normal certs as used by PVE are causing problems:

Here's the difference between python3.13:

Code:

Python 3.13.5 (main, May  5 2026, 21:05:52) [GCC 14.2.0] on linux
>>> import ssl
>>> ssl.create_default_context().verify_flags
<VerifyFlags.VERIFY_X509_STRICT|VERIFY_X509_TRUSTED_FIRST|VERIFY_X509_PARTIAL_CHAIN: 557088>

vs the older 3.12:

Code:

Python 3.12.13 (main, Mar 18 2026, 06:45:42) [Clang 19.1.7 ] on openbsd7
>>> import ssl
>>> ssl.create_default_context().verify_flags
<VerifyFlags.VERIFY_X509_TRUSTED_FIRST: 32768>

The actual error I'm getting is when using the ansible uri module (but it's the same for anything using ssl's defaults and cert validation):

Code:

"Request failed: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: CA cert does not include key usage extension (_ssl.c:1029)>"

I'm running the latest PVE 9.2.3 and have naively run pvecm updatecerts --force on all my nodes.

What's the real solution to have PVE include this attribute as python now expects?

Thanks in advance!

此内容由惯性聚合(RSS阅读器)自动聚合整理，仅供阅读参考。原文来自 — 版权归原作者所有。