• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

After 10.4.4 Upgrade SSL Doesn't Work Anymore?

BernieG

Basic Pleskian
Hi,

I upgraded to Plesk 10.4.4, and now the domains that I have SSL pages don't load any of the SSL pages anymore. The homepage loads fine but as soon as I go to an https:// page I receive the following error from FireFox:

ssl_error_rx_record_too_long

I tried following the suggestions in the following links, but my issue stilll occurs:

http://stackoverflow.com/questions/119336/ssl-error-rx-record-too-long-and-apache-ssl
http://kb.parallels.com/en/939

I tried to re-issue all my SSLs and I assigned them to the proper IP addresses, port 443 is open, but the issue still remains. I don't understand this when it was working fine before the upgrade to Plesk 10.4.4.

Can someone please help me fix this SSL issue?

Thank you!
 
I've seen this occur if you let the auto installer install Parallel's hacked up version of apache that tries to implement SNI so you can run multiple certs per IP address. For a workaround, make sure you only have one SSL-enabled site per IP address, then go into the server settings area, IP address list, and click on the '1' on the far right of each ip address line, then set each site in question to be the default for the IP. See if that helps.
 
Ok, thank you!

I have 2 main websites where I setup their own dedicated IP addresses and assigned 1 Trustwave SSL for each of these websites.

One thing that I noticed when I did this is when I go under the "SSL Certificates" page in Plesk that is shows 0 under the "Used" column, but this is strange because I assigned the SSL under the "IP Addresses" page in Plesk.

I then have 6 other websites that just share another IP address and just use the self signed Plesk "default certificate" which the SSL doesn't matter on these sites.

Should I try to install Apache again? Can I disable SNI?

Thank you!
 
Just to verify, does your server have three IP addresses, and one is designated as 'shared' in Plesk, the other two 'exclusive'? That's how you'll want it to keep their server from screwing things up. All your shared non-ssl sites should be on the shared IP, the other two should be one each on the two remaining IP's. Then go into the '1' column under sites in the IP address list and make sure each of those two SSL-based sites are set as the default site for the IP address in question.

If all that's done and it's still not working, try adding the SSL at the site level instead of at the IP level. i.e. go into the server-wide SSL button, copy out the key, cert and CA cert, go into the site in question, go to the web hosting settings tab, to the SSL button, add a new certificate, plug in all the pieces, give it a name, save it. Then go to the domain name down at the bottom of that web hosting settings tab and assign the certificate as the active one for the site. Repeat for the other domain, restart apache, see if that fixes it.
 
Yes, to verify that is the setup I had in place. And this setup worked perfectly before I upgraded to Plesk 10.4.4. So I ended up upgrading to Plesk 11.0.9 and for some reason this setup still didn't work properly.

In Plesk, under the "IP Address" page I don't know why it doesn't let me not select an SSL in the pull down menu; so I ended up selecting my self signed "default certificate" for both my dedicated websites. I then went to the site level like you mentioned and add the SSLs through the site level by re-issuing my SSL using the CSR from the site level page, and now the SSLs seem to be working properly!

However, my question still is why didn't my original setup of having the SSLs setup on the server level not work anymore on Plesk 11?

Thank you!
 
The setup you had previously is still valid; we use that same setup as you when we assign wildcard certificates that need to be set for every site on the same IP, so we install the cert at the server level, assign to the site IP and leave it at that.

My guess is that your upgrade also installed Parallel's version of apache which is where the problem began.
 
Back
Top