1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

After 10.4.4 Upgrade SSL Doesn't Work Anymore?

Discussion in 'Plesk 10.x for Linux Issues, Fixes, How-To' started by BernieG, Jul 4, 2012.

  1. BernieG

    BernieG Basic Pleskian

    16
     
    Joined:
    May 16, 2011
    Messages:
    32
    Likes Received:
    0
    Hi,

    I upgraded to Plesk 10.4.4, and now the domains that I have SSL pages don't load any of the SSL pages anymore. The homepage loads fine but as soon as I go to an https:// page I receive the following error from FireFox:

    ssl_error_rx_record_too_long

    I tried following the suggestions in the following links, but my issue stilll occurs:

    http://stackoverflow.com/questions/119336/ssl-error-rx-record-too-long-and-apache-ssl
    http://kb.parallels.com/en/939

    I tried to re-issue all my SSLs and I assigned them to the proper IP addresses, port 443 is open, but the issue still remains. I don't understand this when it was working fine before the upgrade to Plesk 10.4.4.

    Can someone please help me fix this SSL issue?

    Thank you!
     
  2. Hostasaurus.Com

    Hostasaurus.Com Regular Pleskian

    30
    68%
    Joined:
    Oct 8, 2009
    Messages:
    465
    Likes Received:
    8
    I've seen this occur if you let the auto installer install Parallel's hacked up version of apache that tries to implement SNI so you can run multiple certs per IP address. For a workaround, make sure you only have one SSL-enabled site per IP address, then go into the server settings area, IP address list, and click on the '1' on the far right of each ip address line, then set each site in question to be the default for the IP. See if that helps.
     
  3. BernieG

    BernieG Basic Pleskian

    16
     
    Joined:
    May 16, 2011
    Messages:
    32
    Likes Received:
    0
    Ok, thank you!

    I have 2 main websites where I setup their own dedicated IP addresses and assigned 1 Trustwave SSL for each of these websites.

    One thing that I noticed when I did this is when I go under the "SSL Certificates" page in Plesk that is shows 0 under the "Used" column, but this is strange because I assigned the SSL under the "IP Addresses" page in Plesk.

    I then have 6 other websites that just share another IP address and just use the self signed Plesk "default certificate" which the SSL doesn't matter on these sites.

    Should I try to install Apache again? Can I disable SNI?

    Thank you!
     
  4. Hostasaurus.Com

    Hostasaurus.Com Regular Pleskian

    30
    68%
    Joined:
    Oct 8, 2009
    Messages:
    465
    Likes Received:
    8
    Just to verify, does your server have three IP addresses, and one is designated as 'shared' in Plesk, the other two 'exclusive'? That's how you'll want it to keep their server from screwing things up. All your shared non-ssl sites should be on the shared IP, the other two should be one each on the two remaining IP's. Then go into the '1' column under sites in the IP address list and make sure each of those two SSL-based sites are set as the default site for the IP address in question.

    If all that's done and it's still not working, try adding the SSL at the site level instead of at the IP level. i.e. go into the server-wide SSL button, copy out the key, cert and CA cert, go into the site in question, go to the web hosting settings tab, to the SSL button, add a new certificate, plug in all the pieces, give it a name, save it. Then go to the domain name down at the bottom of that web hosting settings tab and assign the certificate as the active one for the site. Repeat for the other domain, restart apache, see if that fixes it.
     
  5. Hostasaurus.Com

    Hostasaurus.Com Regular Pleskian

    30
    68%
    Joined:
    Oct 8, 2009
    Messages:
    465
    Likes Received:
    8
    I haven't found a way to get rid of their apache on the servers where we mistakenly installed it instead of redhat's.
     
  6. BernieG

    BernieG Basic Pleskian

    16
     
    Joined:
    May 16, 2011
    Messages:
    32
    Likes Received:
    0
    Yes, to verify that is the setup I had in place. And this setup worked perfectly before I upgraded to Plesk 10.4.4. So I ended up upgrading to Plesk 11.0.9 and for some reason this setup still didn't work properly.

    In Plesk, under the "IP Address" page I don't know why it doesn't let me not select an SSL in the pull down menu; so I ended up selecting my self signed "default certificate" for both my dedicated websites. I then went to the site level like you mentioned and add the SSLs through the site level by re-issuing my SSL using the CSR from the site level page, and now the SSLs seem to be working properly!

    However, my question still is why didn't my original setup of having the SSLs setup on the server level not work anymore on Plesk 11?

    Thank you!
     
  7. Hostasaurus.Com

    Hostasaurus.Com Regular Pleskian

    30
    68%
    Joined:
    Oct 8, 2009
    Messages:
    465
    Likes Received:
    8
    The setup you had previously is still valid; we use that same setup as you when we assign wildcard certificates that need to be set for every site on the same IP, so we install the cert at the server level, assign to the site IP and leave it at that.

    My guess is that your upgrade also installed Parallel's version of apache which is where the problem began.
     
Loading...