• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Resolved Almalinux 9 Plesk Obsidian license issue

E

enduser

Basic Pleskian
Username:

TITLE

Almalinux 9 Plesk Obsidian license issue

PRODUCT, VERSION, OPERATING SYSTEM, ARCHITECTURE

AlmaLinux release 9.1
Plesk Obsidian 18.0.49

PROBLEM DESCRIPTION

Cannot install Plesk license on AlmaLinux 9

CLI:
plesk sbin keymng --install --source-file trial.key
Install failed: Certificate signature verification failed; error info:
error:03000098:digital envelope routines::invalid digest
error:06880006:asn1 encoding routines::EVP lib
exit status 1

GUI:
Certificate signature verification failed; error info: error:03000098:digital envelope routines::invalid digest error:06880006:asn1 encoding routines::EVP lib (Error code: 2)

STEPS TO REPRODUCE

fresh install Plesk on AlmaLinux 9
plesk sbin keymng --install --source-file trial.key

ACTUAL RESULT

Install failed: Certificate signature verification failed; error info:
error:03000098:digital envelope routines::invalid digest
error:06880006:asn1 encoding routines::EVP lib
exit status 1

EXPECTED RESULT

no error and install the license key successfully.

ANY ADDITIONAL INFORMATION

Discussion in forum

YOUR EXPECTATIONS FROM PLESK SERVICE TEAM

Confirm bug
 
Developers were not able to reproduce the issue. From test engineer:

Could not reproduce the issue on two different infrastructure platforms with fresh Almalinux 9 or upgraded from 8 using ELevate.
Please provide access to a fresh server with Almalinux 9 where Plesk can be installed to reproduce the issue.
Additionally, what is the 'trial.key' file that is used for license installation? Can it be also reproduced when installing license using activation key?
The issue seems to be related to the SHA-1 handling in the OS release, as per the changelog:
  • The use of SHA-1 for signatures is restricted in the default crypto policy. Please be aware that this may cause issues using SSH to access older systems, such as RHEL/CentOS 6. To allow SHA-1 you can run:
update-crypto-policies --set DEFAULT:SHA1
Click to expand...

If the hints in the feedback do no help to solve the issue, please open a ticket with official Plesk support and provide SSH access to your server for support using the Plesk SSH support extension. Please also refer to PPS-13782 that support staff can reproduce the issue directly on your server.
 
Now this is interesting ....

In the LXC image of Almalinux 9 there is no crypto-policies-scripts installed .

In order to fix the issue, it was needed to :
Code: 
dnf -y install crypto-policies-scripts

then
Code: 
update-crypto-policies --set DEFAULT:SHA1

reboot

and now the Plesk trial key can be installed.

 
You must log in or register to reply here.

Similar threads

J
Issue Almalinux 9 Plesk Obsidian license issue
Replies
9
Views
2K
enduser
E
A
Question Upgrade Almalinux 8 to 9 with Plesk installed
Replies
2
Views
390
ansgar
A
nethubonline
Resolved Plesk install failure on AlmaLinux 9
Replies
3
Views
1K
nethubonline
nethubonline
brainforge
Resolved System updates have started failing.
Replies
2
Views
349
brainforge
brainforge
U
Resolved NO_PUBKEY BD11A6AA914BDF7E
2
Replies
23
Views
11K
We are Borg
We are Borg
Back
Top