Issue 421 Misdirected Request

[nMLxTMJTZ]

for fix CVE-2025-23048 the SSLStrictSNIVHostCheck directive is now enabled by default and proxy must send host to apache

 

[gary_za]

Thanks for the Command line fix, however users that are using Webmail and roundcube still get the same error and cannot access their mail

 

[nisamudeen97]

Misdirected Request​

The client needs a new connection for thisrequest as the requested host name does not matchthe Server Name Indication (SNI) in use for thisconnection.


We are facing this issue with all our plesk servers

the fix suggested in the post worked for me in my four servers.

echo -e "proxy_ssl_server_name on;\nproxy_ssl_name \$host;" > /etc/nginx/conf.d/fixssl.conf && service nginx restart

 

[delefant]

Command applied and some websites work but others throw error 400

Bad Request​

Your browser sent a request that this server could not understand.


If i disable Proxy mode inside apache settings, the webstie is working...

Any global solution?

 

[nisamudeen97]

Solution is already there in this thread and it is working. Please read the updates above.

 

[delefant]

Shared solution does not fix all my subscriptions.

 

[Bitpalast]

Is this an Ubuntu-only issue?

 

[Sebahat.hadzhi]

Everyone, the issue occurred due to the latest Apache update with the CVE-2025-23048 security fix. By default Nginx doesn’t pass server name through SNI when establishing a connection with the proxied HTTPS server, which interferes with the update. The official workaround is the one you already found in:

• https://support.plesk.com/hc/en-us/...-recent-Apache-update-421-Misdirected-Request

In the meantime, our team is working on a hotfix that will be released soon.

 

[mr-wolf]

Everyone, the issue occurred due to the latest Apache update with the CVE-2025-23048 security fix. By default Nginx doesn’t pass server name through SNI when establishing a connection with the proxied HTTPS server, which interferes with the update. The official workaround is the one you already found in:

• https://support.plesk.com/hc/en-us/...-recent-Apache-update-421-Misdirected-Request

In the meantime, our team is working on a hotfix that will be released soon.

 

[delefant]

I have several subscriptions in my Plesk

A lot of domains fail, if i access the domain log its shows

AH02032: Hostname domain1.com provided via SNI and hostname www.domain.com provided via HTTP are different
AH02032: Hostname domain2.com provided via SNI and hostname www.domain.com provided via HTTP are different

Its mixing domains thats whi is not working

 

[mr-wolf]

I don't understand why Server Name Indication wasn't always turned on with the proper host by Nginx anyhow, when connecting with Apache's SSL socket...
Just because Apache didn't care... is not enough.

Now it cares!

 

[mr-wolf]

I have several subscriptions in my Plesk

A lot of domains fail, if i access the domain log its shows

AH02032: Hostname domain1.com provided via SNI and hostname www.domain.com provided via HTTP are different
AH02032: Hostname domain2.com provided via SNI and hostname www.domain.com provided via HTTP are different

Its mixing domains thats whi is not working

Are you seeing this after you applied the hotfix?
If so, you should write that here...
If not, look at the hotfix provided....

echo -e "proxy_ssl_server_name on;\nproxy_ssl_name \$host;" > /etc/nginx/conf.d/fixssl.conf

Then restart nginx

Home -> Tools & Settings -> Services Management

 

[delefant]

Are you seeing this after you applied the hotfix?
If so, you should write that here...
If not, look at the hotfix provided....

echo -e "proxy_ssl_server_name on;\nproxy_ssl_name \$host;" > /etc/nginx/conf.d/fixssl.conf

Then restart nginx

Home -> Tools & Settings -> Services Management

Yes, i see it after hotfix is applied

 

[Janko1000]

TheHotfix does not work properly for Ubuntu <22.

 

[mdc]

Solution:

echo -e "proxy_ssl_server_name on;\nproxy_ssl_name \$host;" > /etc/nginx/conf.d/fixssl.conf && service nginx restart

Thank you! Instantly fixed after running this command!

Shame on Plesk.

 

[urki]

I run Apache from a non-official repository so I can control updates myself and get the latest versions if needed, and encountered this issue as well a few days ago.

I wrote to Plesk support on July 14th asking when they'd support the latest update, and they dismissed me with "we do not support custom repositories" nonsense. Ubuntu adopted the Apache update a few days later, as is usually the case (Change log : apache2 package : Ubuntu).

It's frustrating to see Plesk only care about such things when they break - the Apache update was pushed out on July 10th, which should have provided enough time for Plesk to test one of the main packages most Plesk users run on their servers before the Apache update is pushed out.

 

[MerchantMan]

Hi All,
This has hapen to us just as my web developer has gone on holiday for two weeks!
I can acsess SSH via plex but am struggling to know what to put in this part of the fix: "proxy_ssl_server_name on;\nproxy_ssl_name \$host;" >
Our host name is XXXXXXXXXXV.online-server.cloud but not sure what needs to go where.

We are running Plesk 18.0.69.3
Ubuntu 22.04 x86_64
Dedicated server through Ionos

I know my way round the web interface but am far from an expert in it. Any guidance would be greatly appriciated

P.s. Our web no longer shows the 421 error just shows as unreachable.

Thanks in advance

 

[NucliServer]

Solution:

echo -e "proxy_ssl_server_name on;\nproxy_ssl_name \$host;" > /etc/nginx/conf.d/fixssl.conf && service nginx restart

Thanks @PalmtreeRoundabout,
Works for me in a: Plesk Obsidian 18.0.71 - Ubuntu 22.04.5 LTS

 

[rammstein]

@PalmtreeRoundabout

This morning, I had an appointment very early when the monitoring alert went off.

I quickly stepped aside into a separate room and was able to resolve the issue within 10 minutes using just my iPhone — all thanks to your contribution.

Thank you so much for that!

 

[andyxyz]

this is not working in 20.04