Replace default certificate

[Andi Stancu]

Hi,

I added a new certificate in the list, but I cannot replace the default certificate with this one. I could secure the admin with the new one, but the website (main domain) is still loading the parallels certificate. I cannot delete the default certificate because it has the usage of all domains, even though I set the new one as default. The new one has the same amount of usage.

I've tried everything I could find on this forum, nothing worked.


Thank you for your help.


Andi

 

[Faris Raouf]

This is easy to resolve, but tricky to explain.

The basics are that you will have specifically assigned the old certificate to your main domain. Making the new one the default will only assign that new one to all the other domains. AND/OR the old certificate has been assigned as the default certificate for a particular IP (maybe exclusive to your main domain?).

Does your old certificate has a "1" un the Used column?

Anyway, try this and see if you get anywhere:

1) Go to your main domain, click on Websites & Email, show advanced options, and in the general tab, you should be able to select an SSL certificate. Change it to the new one.

AND/OR

2) Go to IP addresses, click on the exclusive IP allocated to your main domain, change the certificate there.

Number 2) is a bit of an odd one. It all kind of depends on how things are set up in your panel and how you did x, y or z.

 

[Andi Stancu]

Hi,

I have a certificate list in two places.

First place is in Server > SSL Certificates.
Here I had one "default certificate" with 42 uses. I added a new one, secured the panel with it, and set as default. However, except for the panel, all the websites show the default certificate.
See here: http://l.cq.tl/E2NV

Second place si in Websites and domains > Secure your sites > [Manage] in front of the main domain
Here is where I first tried to add the certificate. It didn't work, so I went to the other place. However, this one has one usage and I cannot remove it. I don't think it's valid any more as I generated a new certificate when I placed it in the other side. http://l.cq.tl/BuQl

Ip addresses
I added the certificate to the shared IP address. http://l.cq.tl/UJ6Y

Domain certificate
If I go to the domain settings, I cannot remove the certificate currently in use http://l.cq.tl/wauZ


With all this, if I go to https://cq.tl I see the Parallels Certificate. If I go to https://cq.tl:8443 I see the good one.

Update 1:
I am also getting some notification via email:

Unable to generate the web server configuration file on the host <cq.tl> because of the following errors:

nginx: [emerg] SSL_CTX_use_certificate_chain_file("/usr/local/psa/var/certificates/cert-HjsuWZ") failed (SSL: error:02001002:system library:fopen:No such file or directory error:20074002:BIO routines:FILE_CTRL:system lib error:140DC002:SSL routines:SSL_CTX_use_certificate_chain_file:system lib)
nginx: configuration file /etc/nginx/nginx.conf test failed


Please resolve the errors in web server configuration templates and generate the file again.

I understand the file is missing, but why ? And should I create it ?



Thank you,
Andi Stancu

 

[Andi Stancu]

Hi. Is there another kind of info I could provide to make progress ?

 

[afcinza]

Thank you very much, Faris. This worked for me. Regards.