Adding SSL Certificate doesn't work

[Johannes P.]

Hello,

i'm having trouble getting a SSL Certificate (issued by RapidSSL) to work on the following system:

OS: Ubuntu 14.04.3 LTS
Plesk 12.5.30

When i try the following steps: "Domains" -> "[Domainname]" -> "SSL Certificate" -> "Add SSL Certificate" and enter all the relevant data (Name of Certificate, private key, certificate and intermediate certificate) and submit the form i get the following error message:

"Error: Unable to find row with id 0 in certificates table."



I searched the web, this forum, the plesk knowledge base but couldn't find any information about this issue.

Has anyone ever encountered a similar problem or has an idea how i could fix this issue?

Thank you
Johannes

 

[alexonb]

hi, you need read docs from rapidSSL or geotrust by step, very easy...
you associate your SSL by dedicated IP with your domain name

 

[Lloyd_mcse]

Hi Johannes P.
have you tried to run...

# plesk repair db

See if that helps
Kind regards

Lloyd

 

[Johannes P.]

Hello Alex, hello Lloyd,

thank you for your answers. I followed the RapidSSL Docs very closely but still got the mentioned error message.
I was able to resolve the problem (at least i think that's what did the trick) by fixing some inconsistencies in the psa database. In the "domains" table i checked the entry for the corresponding domain and found that "cert_rep_id" was filled (with a number > 0) despite there not being a corresponding entry in the "Repository" table with this id. There were also some old entries in the "certificates" table.

Afterwards i was able to complete the installation of the SSL certificate.

Could you do me a favor and check with https://cryptoreport.rapidssl.com/checker/views/certCheck.jsp (Domainname is "farbenkollektiv.de") if everything is looking good to you?

Another question: i installed the SSL certificate for the domain (via Domains -> Domainname in Plesk), but i could also add it in "Tools & Settings" -> "SSL Certificates".
Should i do that instead and set the certificate as "standard" (removing the default certificate)? What is beste practice?

Thank you very much
Johannes

 

[alexonb]

me i prefered here https://www.ssllabs.com/ssltest/analyze.html?d=farbenkollektiv.de&latest

Miss some part of additionnal certificat,
so regerate news (via Domains -> Domainname in Plesk first after Tools & Settings" -> "SSL Certificates and then domain and ssl/IP dedicated) CSR exemple https://www.namecheap.com/support/knowledgebase/article.aspx/9447/0/plesk-12
activate and install news and took CA-bundle have tools for testing if you correctly install it on https://www.sslchecker.com/
is plaisure for help.

 

[Lloyd_mcse]

Hi Johannes P.
it looks like you have the default SHA1 root, to get all the options for your certificate, eg Certificate Transparency, SHA256 Root etc go here...

https://products.geotrust.com/orders/orderinformation/authentication.do

As for where to install your certificate, I usually install under the domain, and assign it, then upload it to Tools & Settings > SSL Certificates so I can assign it to be default on the IP address, and panel.

I hope that helps

Regards

Lloyd

EDIT: And yeah, I also recommend https://www.ssllabs.com/ssltest/index.html for SSL Testing.
And if you need any help getting your ciphers sorted out, just post back.

 

[Johannes P.]

Hello Alex, hello Lloyd,

thank you again for your answers and links. I added a certificate bundle instead of just an intermediate certificate (should already work) now.

I also added the missing CSR (although it is not needed for the certificate to work, right?) manually by doing the following steps:

1) Connect do database "psa"
2) Update column "csr" in table "certificates" with the CSR (i had a backup). I used a URL-Encoder (http://meyerweb.com/eric/tools/dencoder/) to bring it into the correct format.
3) Go to "Domains" -> "Domainname" in Plesk and save the certificate again, so the information gets stored on the filesystem as well
4) I checked the certificate on the filesystem under "/usr/local/psa/var/certificates" and everything is there

I also checked out your link to Geotrust, Lloyd, unfortunately i don't have too much options there (see attached screenshot). There is no way to show additional data like organization etc. with a DV-certificate though, right? Also the field "hashing algorithm" states "SHA256 with RSA or DSA and SHA-1 root" so i probably can't add a SHA256 root?

I tested everything with the tool you recommend, ssllabs, and it seems to be mostly working as expected now.

Thank you very much
Johannes

 

[Lloyd_mcse]

On the left hand side of the RapidSSL page you should have "Re-issue" to recreate the certificate with SHA256 RSA chain. And then add the new one to Plesk.

Regards

Lloyd

 

[marjusch]

Hi.
It's very old but the only one thread with description of similar problem as I have.

I'm trying to add commercial SSL certificate to one of the websites: Website & Domains -> [Domainname] -> SSL/TLS Certificates -> Advanced settings -> Add SSL/TLS Certificate.
Doesn't matter whether I upload certificate files or upload certificate as a text - result is the same : "Error: Unable to find row with id 0 in certificates table"
I did the "plesk repair db" - no success.
I also analysed psa database as Johannes P. but it looks different in my case - I have corresponding entry in the "Repository" table.

Could you please help me to solve this issue?

I'm using Product: Plesk Obsidian 18.0.38 Update #2 on Debian 9.13

 

[ame]

Hi marjusch, did you ever resolve the issue? I have the same problem, trying to add a new SSL certificate and receive that error. My server:

- Plesk Obsidian 18.0.52 Update #3
- Ubuntu 22.04.2 LTS
- DigiCert Certificate: Private key, Certificate and CA certificate

Any help highly appreciated.
Thank you, Andreas

 

[Peter Debik]

@ame Please

• Check if '*-ca.crt' part specified correctly and try installing the certificate without '*-ca.crt' part.

OR

• Download the CA certificate in .crt format and install it.

 

[ame]

Thank you @Peter Debik that worked.