• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Resolved 503 Service Unavailable

Chris Lemmer

Chris Lemmer

New Pleskian
Hi there,

I run a Plesk server with about 20 clients. The major issue I have is that every time a client makes a simple change, like updating their site PHP settings or even just changing an FTP login, everything on Plesk gets a temp 502. Now with sites that have about 4-5k visits daily, this isn't very nice.

I want to know if this is normal? Should everything get a 502 every time a client makes a change?

Thanks
Chris
 
Last edited:
Hello,
yes - this is due to webserver being restarted to apply the changes.

In order to minimize the problem you can choose to schedule a restart interval (to have all changes applied at once) in
Tools & Settings -> Apache Web Serever -> Apache restart interval
 
Do you mean 502 Bad Gateway Error for Plesk interface or for customer's sites? Have you tried solutions from Plesk KB articles about this error? Any results?
 
Thanks guys, I was just about to ask if one cannot enable graceful restart! Thanks so much for the quick reply.

Regards
Chris
 
Hi there,

Did the above, confirmed that the field updated. Must I restart Plesk or something for it to take effect?

Still getting: Error 503 Service Unavailable Nginx.

Could it be because some of the sites are set to serve static files directly by Nginx?

Thanks
Chris
 
I am not sure whether this requires a restart of the psa service like
# service psa stopall
# service psa start
I think it does not, but it cannot harm to try that.

If you have graceful restarts enabled, make sure that the Apache restart interval (Apache settings in Plesk) is set to at least 120 seconds. On systems with many domains, make it much longer, e.g. 600 seconds.

If the issue persists afterwards, please check your /var/log/httpd/error_log file and find out, how Apache is actually restarted and maybe if there is only one or several overlapping restarts at that time. Some users are seeing a second or third "restart" of the service while the first one has not finished. That can be caused by log rotation settings in additional modules or in /etc/logrotate.d/httpd. In the later, check whether the line for post rotate settings says "reload". If not, change it to "reload" instead of "restart", else it can very well happen, that the first restart is graceful as you need it, and a second one is a service restart that interrrupts communication between Nginx and Apache (which leads to the 503 error).
 
Hi there,

Thanks for your reply. I checked the log and this is what I'm seeing. Seems like only 1 restart is happening here.

[Tue Mar 14 22:01:08 2017] [notice] caught SIGTERM, shutting down
[Tue Mar 14 22:01:13 2017] [notice] SELinux policy enabled; httpd running as context system_u:system_r:httpd_t:s0
[Tue Mar 14 22:01:13 2017] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Tue Mar 14 22:01:14 2017] [warn] RSA server certificate wildcard CommonName (CN) `*.mydomain.xyz' does NOT match server name!?
[Tue Mar 14 22:01:14 2017] [warn] RSA server certificate wildcard CommonName (CN) `*.mydomain.xyz' does NOT match server name!?
[Tue Mar 14 22:01:14 2017] [warn] RSA server certificate wildcard CommonName (CN) `*.mydomain.xyz' does NOT match server name!?
[Tue Mar 14 22:01:14 2017] [warn] RSA server certificate wildcard CommonName (CN) `*.mydomain.xyz' does NOT match server name!?
[Tue Mar 14 22:01:14 2017] [warn] RSA server certificate wildcard CommonName (CN) `*.mydomain.xyz' does NOT match server name!?
[Tue Mar 14 22:01:14 2017] [warn] RSA server certificate wildcard CommonName (CN) `*.mydomain.xyz' does NOT match server name!?
[Tue Mar 14 22:01:14 2017] [warn] RSA server certificate wildcard CommonName (CN) `*.mydomain.xyz' does NOT match server name!?
[Tue Mar 14 22:01:14 2017] [warn] RSA server certificate wildcard CommonName (CN) `*.mydomain.xyz' does NOT match server name!?
[Tue Mar 14 22:01:14 2017] [warn] RSA server certificate wildcard CommonName (CN) `*.mydomain.xyz' does NOT match server name!?
[Tue Mar 14 22:01:14 2017] [warn] RSA server certificate wildcard CommonName (CN) `*.mydomain.xyz' does NOT match server name!?
[Tue Mar 14 22:01:14 2017] [warn] RSA server certificate wildcard CommonName (CN) `*.mydomain.xyz' does NOT match server name!?
[Tue Mar 14 22:01:14 2017] [warn] RSA server certificate wildcard CommonName (CN) `*.mydomain.xyz' does NOT match server name!?
[Tue Mar 14 22:01:14 2017] [warn] RSA server certificate wildcard CommonName (CN) `*.mydomain.xyz' does NOT match server name!?
[Tue Mar 14 22:01:14 2017] [warn] RSA server certificate wildcard CommonName (CN) `*.mydomain.xyz' does NOT match server name!?
[Tue Mar 14 22:01:14 2017] [warn] RSA server certificate wildcard CommonName (CN) `*.mydomain.xyz' does NOT match server name!?
[Tue Mar 14 22:01:14 2017] [warn] RSA server certificate wildcard CommonName (CN) `*.mydomain.xyz' does NOT match server name!?
[Tue Mar 14 22:01:14 2017] [warn] RSA server certificate wildcard CommonName (CN) `*.mydomain.xyz' does NOT match server name!?
[Tue Mar 14 22:01:14 2017] [warn] RSA server certificate wildcard CommonName (CN) `*.mydomain.xyz' does NOT match server name!?
[Tue Mar 14 22:01:14 2017] [warn] RSA server certificate wildcard CommonName (CN) `*.mydomain.xyz' does NOT match server name!?
[Tue Mar 14 22:01:14 2017] [warn] RSA server certificate wildcard CommonName (CN) `*.mydomain.xyz' does NOT match server name!?
[Tue Mar 14 22:01:14 2017] [warn] Init: Name-based SSL virtual hosts only work for clients with TLS server name indication support (RFC 4366)
[Tue Mar 14 22:01:14 2017] [notice] ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/) configured.
[Tue Mar 14 22:01:14 2017] [notice] ModSecurity: APR compiled version="1.3.9"; loaded version="1.3.9"
[Tue Mar 14 22:01:14 2017] [notice] ModSecurity: PCRE compiled version="7.8 "; loaded version="7.8 2008-09-05"
[Tue Mar 14 22:01:14 2017] [notice] ModSecurity: LUA compiled version="Lua 5.1"
[Tue Mar 14 22:01:14 2017] [notice] ModSecurity: YAJL compiled version="2.1.0"
[Tue Mar 14 22:01:14 2017] [notice] ModSecurity: LIBXML compiled version="2.7.6"
[Tue Mar 14 22:01:14 2017] [notice] ModSecurity: Original server signature: Apache
[Tue Mar 14 22:01:14 2017] [notice] ModSecurity: Status engine is currently disabled, enable it by set SecStatusEngine to On.
[Tue Mar 14 22:01:14 2017] [notice] Digest: generating secret for digest authentication ...
[Tue Mar 14 22:01:14 2017] [notice] Digest: done
[Tue Mar 14 22:01:15 2017] [warn] RSA server certificate wildcard CommonName (CN) `*.mydomain.xyz' does NOT match server name!?
[Tue Mar 14 22:01:15 2017] [warn] RSA server certificate wildcard CommonName (CN) `*.mydomain.xyz' does NOT match server name!?
[Tue Mar 14 22:01:15 2017] [warn] RSA server certificate wildcard CommonName (CN) `*.mydomain.xyz' does NOT match server name!?
[Tue Mar 14 22:01:15 2017] [warn] RSA server certificate wildcard CommonName (CN) `*.mydomain.xyz' does NOT match server name!?
[Tue Mar 14 22:01:15 2017] [warn] RSA server certificate wildcard CommonName (CN) `*.mydomain.xyz' does NOT match server name!?
[Tue Mar 14 22:01:15 2017] [warn] RSA server certificate wildcard CommonName (CN) `*.mydomain.xyz' does NOT match server name!?
[Tue Mar 14 22:01:15 2017] [warn] RSA server certificate wildcard CommonName (CN) `*.mydomain.xyz' does NOT match server name!?
[Tue Mar 14 22:01:15 2017] [warn] RSA server certificate wildcard CommonName (CN) `*.mydomain.xyz' does NOT match server name!?
[Tue Mar 14 22:01:15 2017] [warn] RSA server certificate wildcard CommonName (CN) `*.mydomain.xyz' does NOT match server name!?
[Tue Mar 14 22:01:15 2017] [warn] RSA server certificate wildcard CommonName (CN) `*.mydomain.xyz' does NOT match server name!?
[Tue Mar 14 22:01:15 2017] [warn] RSA server certificate wildcard CommonName (CN) `*.mydomain.xyz' does NOT match server name!?
[Tue Mar 14 22:01:15 2017] [warn] RSA server certificate wildcard CommonName (CN) `*.mydomain.xyz' does NOT match server name!?
[Tue Mar 14 22:01:15 2017] [warn] RSA server certificate wildcard CommonName (CN) `*.mydomain.xyz' does NOT match server name!?
[Tue Mar 14 22:01:15 2017] [warn] RSA server certificate wildcard CommonName (CN) `*.mydomain.xyz' does NOT match server name!?
[Tue Mar 14 22:01:15 2017] [warn] RSA server certificate wildcard CommonName (CN) `*.mydomain.xyz' does NOT match server name!?
[Tue Mar 14 22:01:15 2017] [warn] RSA server certificate wildcard CommonName (CN) `*.mydomain.xyz' does NOT match server name!?
[Tue Mar 14 22:01:15 2017] [warn] RSA server certificate wildcard CommonName (CN) `*.mydomain.xyz' does NOT match server name!?
[Tue Mar 14 22:01:15 2017] [warn] RSA server certificate wildcard CommonName (CN) `*.mydomain.xyz' does NOT match server name!?
[Tue Mar 14 22:01:15 2017] [warn] RSA server certificate wildcard CommonName (CN) `*.mydomain.xyz' does NOT match server name!?
[Tue Mar 14 22:01:15 2017] [warn] RSA server certificate wildcard CommonName (CN) `*.mydomain.xyz' does NOT match server name!?
[Tue Mar 14 22:01:15 2017] [warn] Init: Name-based SSL virtual hosts only work for clients with TLS server name indication support (RFC 4366)
[Tue Mar 14 22:01:15 2017] [notice] Apache/2.2.15 (Unix) DAV/2 mod_ssl/2.2.15 OpenSSL/1.0.1e-fips Apache mod_fcgid/2.3.9 PHP/5.3.3 configured -- resuming normal operations

As for this file: /etc/logrotate.d/httpd.

The setting is already set to "reload" and not "restart" so that seems fine.

[user@plesk-host01 ~]# cat /etc/logrotate.d/httpd
/var/log/httpd/*log {
missingok
notifempty
sharedscripts
delaycompress
postrotate
/sbin/service httpd reload > /dev/null 2>/dev/null || true
endscript
}
[user@plesk-host01 ~]#

Thanks
Chris
 
Chris Lemmer said:
[Tue Mar 14 22:01:08 2017] [notice] caught SIGTERM, shutting down
Click to expand...
... does not really read like a "reload", but rather a "restart". It seems that for some reason graceful restart has not been enabled properly or something else is messing with it.
 
Hi there,

Any other ideas on how I can solve this?

I can confirm the values are updated:

param: value:
restart_apache_gracefully true
restart_apache_interval 600

Thanks
Chris
 
Running this command works perfectly: apachectl -k graceful

So it's something about the way Plesk is performing the task.

Thanks
Chris
 
Thanks! It's actually shocking that the Plesk support guys on the forum doesn't even know about this bug. In this case, enabling Graceful restart, it's recommended at all.

Is there a way to prevent Plesk from ever restarting after a change has been made? I will go into shell and do a graceful restart manually until it's fixed.

Thanks
Chris
 
Fix of PPP-27119 is scheduled on next major Plesk update.
 
Thanks, and when will that be?

Can I please ask if you can reply to my question, I feel like I'm wasting a lot of time asking the same questions twice.

Do we have a workaround?

Is there a way to prevent Plesk from ever restarting after a change has been made? I will go into shell and do a graceful restart manually until it's fixed.

Thanks
Chris
 
As far as I know, at the moment there is no workaround because the root cause of this problem in too low timeout in apache_control_adapter of check that apache graceful restart failed.

Maybe @mizar has any recommendations?
 
That's pretty hectic.

This basically makes Plesk un-suitable for major hosting providers.

Any ETA on the next major update?

Thanks
Chris
 
IgorG said:
As far as I know, at the moment there is no workaround because the root cause of this problem in too low timeout in apache_control_adapter of check that apache graceful restart failed.

Maybe @mizar has any recommendations?
Click to expand...

Where can change like "PPP-27119" can be shown?
 
You must log in or register to reply here.

Similar threads

B
Resolved 503 error after changing php_handler_id for site
Replies
6
Views
2K
bbeckford
B
Tim_Wakeling
Issue Firewall suddenly took Plesk down overnight
2
Replies
23
Views
2K
Peter Debik
P
H
Resolved Wildcard SSL Certificate Auto Renewals not Working for Let's Encrypt with External DNS
Replies
6
Views
3K
NickSick
N
T
Issue After moving subscription, users receive message "Your subscription was removed", Cannot create new webspace.
Replies
2
Views
1K
thespark
T
T
Issue Acronis backup memory leak/kernel panic issue causing server crash
Replies
1
Views
1K
AcronisDennis
A
Back
Top