• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

SSL renewal doesn't work

T

tutt

Guest
In Plesk 8.1, I've got a shared SSL certificate that I have installed as the server cert. I renewed it today using the CSR displayed for the cert in the server area of Plesk admin. I pasted the new cert into the upload cert area, and then even went into /etc/httpd/conf/ssl.crt and pasted it into server.crt. This is the only file I see referenced from any of the config files in /etc/httpd/conf.d/. However, it is STILL USING THE OLD, expired cert. I have restarted plesk, httpd, etc to no avail. I even rebooted the machine.

WHERE could the certificate file be stored on the machine? WHY is it not updating? Neither the plesk SSL cert at https://myserver:8443 has updated, nor has the shared SSL cert for Apache. This is confusing the heck out of me!
 
If Plesk is installed within a Virtuozzo, then port 8443 will use the Certificate on the Virtuozzo...
 
It is not installed within Virtuozzo. Can anyone tell me where the actual certificate file should reside on the server?
 
Originally posted by tutt
In Plesk 8.1, I've got a shared SSL certificate that I have installed as the server cert. I renewed it today using the CSR displayed for the cert in the server area of Plesk admin. I pasted the new cert into the upload cert area, and then even went into /etc/httpd/conf/ssl.crt and pasted it into server.crt. This is the only file I see referenced from any of the config files in /etc/httpd/conf.d/. However, it is STILL USING THE OLD, expired cert. I have restarted plesk, httpd, etc to no avail. I even rebooted the machine.

WHERE could the certificate file be stored on the machine? WHY is it not updating? Neither the plesk SSL cert at https://myserver:8443 has updated, nor has the shared SSL cert for Apache. This is confusing the heck out of me!
Click to expand...

You should install SSL certificate on client apache through Plesk Control Panel. Below is step by step instruction how to install SSL certificate on a domain domain.tld through Plesk control panel.

You may install SSL certificate either into administrator repository or into domain certificate repository, then install the certificate to IP of the domain from the appropriate repository. Remember, certificate is been installed to IP address but not to domain, also you can only have one SSL certificate per IP address.
If you want domain uses its own SSL certificate you need to assign the domain on an separate IP address and install SSL certificate on this IP.

1. SSL certificate installation into administrator repository.

* Login to Plesk as admin and change to 'Server' -> 'Certificates'.
* Click the 'Add New Certificate' button and type in a new Certificate name.
* Enter the Private Key and the Certificate text into the appropriate fields in the 'Upload Certificate As Text' section.
* Click the 'Send Text' button.

Now that the certificate is in administrator certificate repository, you will need to associate it with an IP address. Here is how to do this:

* Login to Plesk as admin and change to 'Server' -> 'IP Addresses'.
* In the IP Address list click on the IP address that you wish to associate with your SSL certificate. It should be the IP address that is handling the do main for which you got a cert.
* In the 'SSL Certificate' drop down box, select the name of the certificate that you just uploaded to the repository. Click 'Ok'.

2. SSL certificate installation into domain's repository.

* Login to Plesk as admin or domain administrator of domain.tld and change to 'Domains' -> domain.tld -> 'Certificates' or 'Home' -> 'Certificates'.

Then install the certificate as described in point 1.

Now that the certificate in domain's certificate repository, you will need to associate it with domain's IP address.

* Login to Plesk as admin and change to 'Clients' -> client-owner of domain.tld -> 'IP Pool'
* Select domain's IP address from the list.

You can verify that the cert is installed for your domain by clicking on the domain hosting 'Setup' button, you should see your Certificate in the list. At this point you might want to also make sure that the 'SSL Support' checkbox is checked.

Concerning admin apache, Plesk control panel uses its own apache, so use another location for Plesk SSL certificate.
Install Plesk admin SSL certificate through Server -> Certificates -> *select* -> Setup (or Secure control panel).

./anb
 
Also don't forget to restart apache and clear your browser's cache. When dealing with a cert for plesk itself, also restart plesk.

Faris.
 
The only way I was able to fix the shared ssl was to find the .pem files mentioned in the config file.

I have still not found a way to replace the freakin plesk certificate at :8443. I have placed the cert into every place in Plesk that it could possibly go. If there is a path to where Plesk is reading it from, that would help me tons.
 
This is where the certs were stored:

Files such as:

/usr/local/psa/var/certificates/certdW15485

Now I have the same certificate that I want Plesk itself to us. It is just a renewed certificate.. same key as before, etc. All I should need to do is update the cert in Plesk, but it doesn't work. It still shows the expired certificate (yes, I have cleared my cache, restarted psa, and even rebooted the server several times).
 
Found it:

/usr/local/psa/admin/conf/httpsd.pem


I don't know WHAT Plesk is doing in the control panel, but it certainly is not modifying the certificates correctly. I had to manually edit all of the certificate files and it works like a charm.
 
You must log in or register to reply here.

Similar threads

K
Question Assistance Installing 3rd Party SSL Certificate
Replies
4
Views
2K
learning_curve
learning_curve
QWeb Ric
Issue Server pool SSL not showing for selection
Replies
0
Views
399
QWeb Ric
QWeb Ric
R
Issue SSL/TLS cert for mail server not updating (Lets Encrypt)
Replies
2
Views
2K
tessa67
T
futureweb
Question Issues with SSL Certificate Renewal for Mail Services in Plesk: Seeking Automated Solution via CLI or API
Replies
8
Views
3K
futureweb
futureweb
M
Issue curl: (60) SSL: no alternative certificate subject name matches target host name
Replies
2
Views
3K
AYamshanov
AYamshanov
Back
Top