• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Issue Cannot download site backup (Cannot read public key)

Olray

Basic Pleskian
I have a severe problem getting backups off the Ubuntu 12.04 with Plesk 12.5.

When trying to download or upload a backup to ftp I keep getting the following error (ftp):

Unable to upload dump to FTP, it remains in server repository and you can manually download and upload it to FTP. Upload diagnostic message: Cannot read public key

or (download):

Fehler: export-dump-as-file error (Error code = 1): == STDOUT ==================== ============================== == STDERR ==================== [32363]: 2017-06-06 13:39:48.557 ERROR a41ef288-89b2-4dc1-8fea-0138df659ac9 Can't export file 'clients/lalala/domains/lalala/backup_info_1705310004.xml' to /tmp/dumpxpi86W.tar. Error code: 1. Cannot read public key [32363]: 2017-06-06 13:39:48.557 ERROR 24d0aed2-5fc3-49fb-84e6-25bd8b90612b The export have been made successfully but can not be exported because of errors above. Runtime error: Export dump failed at /opt/psa/admin/bin/plesk_agent_manager line 1160. [32363]: 2017-06-06 13:39:48.557 ERROR 1333a9a4-5c88-420a-8436-d12320471392 Runtime error: Export dump failed at /opt/psa/admin/bin/plesk_agent_manager line 1160. : at /opt/psa/PMM/agents/shared/Logging.pm line 108, <VERSION> line 2. Logging::error('Runtime error: Export dump failed at /opt/psa/admin/bin/plesk...', 'fatal') called at /opt/psa/admin/bin/plesk_agent_manager line 1323 main::__ANON__('Error::Simple=HASH(0x2e81db8)', 'SCALAR(0x175e5e0)') called at /usr/share/perl5/Error.pm line 340 eval {...} called at /usr/share/perl5/Error.pm line 330 Error::subs::run_clauses('HASH(0x2ca1a78)', 'Export dump failed at /opt/psa/admin/bin/plesk_agent_manager ...', undef, 'ARRAY(0x175eb80)') called at /usr/share/perl5/Error.pm line 427 Error::subs::try('CODE(0xf4b980)', 'HASH(0x2ca1a78)') called at /opt/psa/admin/bin/plesk_agent_manager line 1325 main::main() called at /opt/psa/admin/bin/plesk_agent_manager line 1329 ==============================

I have tested permission problems by temporarily doing a "chmod 777 /opt/psa/var/certificates/*" but I still get the error. I wouldn't mind if Plesk left the keys alone because I can grab new ones with Let's Encrypt anytime.

Any ideas or solutions how to a) add the f.... public key or b) exclude the key from the backup?

Kind regards
Olray
 
Sorry forgot something:

Product version: 12.5.30 Update #67
Update date: 2017/06/06 08:41
Build date: 2016/06/08 09:00
OS version: Ubuntu 14.04
Revision: 344620
Architecture: 64-bit
Wrapper version: 1.2
 
The error message is probably not linked to an SSL certificate, but a key that is used to encrypt or decrypt a backup set. I suggest to check the general backup settings on Tools & Settings > Backup Manager > Settings > Backup Security Settings. In that section, is this set to "Plesk's encryption key"? Then set it to "Specified Password", then retry backup creation.
 
I have set the Backup Security Setting option but the error messages stay exactly the same: Cannot read public key.

The archive is created in /tmp but I never get to download it. I always have to erase these manually because they're not managed by Plesk and stay in /tmp infinitely.
 
Sorry to hear that this did not help. I have not found more details in any knowledge base articles. They all refer to different issues. As I am not sure which key is exactly meant, there are two approaches you could take:
a) Open a support ticket with official Plesk support and let them solve the issue (recommended option)
b) Run
# plesk repair installation
and hope that this will install or correct the missing key.
 
I have to ask STRATO support since the version of Plesk is included with their dedicated server. I think they buy the licenses in bulk and I'm not sure whether I can contact Plesk support for any issues.
I will have to set up my old backup scripts until then.
Thanks for the help.
Markus
 
Hm, fortunately the file "plesk_agent_manager" that throws the exception is in Perl thus allowing me to dig into the code. The plesk_agent_manager" creates a command line to call another tool "pmm-ras" which sadly is binary. BUT it creates a log file in the current directory stating the exact place of the error. I found this information when trying to call the command line found by dumping the command in plesk_agent_manager:

[2017-06-07 22:48:01.030|25602] INFO: SignError[1dc709e1-11c7-4e1e-87ac-b6f8cac0bb2f]: Cannot read public key [./backup_sign.cpp:246]
void plesk::composePublickey(const string&, std::string&, std::string&)
[2017-06-07 22:48:01.030|25602] INFO: pmm-ras finished. Exit code: 1

To find out what causes the problem we need to read the parameters of plesk::composePublickey() which we cannot.
 
Ok whatever happens here is a secret and will stay a secret since STRATO refuses to help with that issue and Plesk refuses to help with OEM licenses.
I will have to buy a new server and move all sites manually, then cancel the old server. Will do that during summer holidays. :(
 
Maybe you should consider to choose a different provider or to lease your license directly from Plesk. Licenses that are obtained from Plesk include Plesk support. You can also subscribe to Plesk support for approximately 10 €/month separate from your OEM license, so that you get full access to official Plesk support. For details see How to get support directly from Plesk?

As far as I recall this, when the issue you encounter is a true bug and not related to a misconfiguration, support price will be reimbursed. Further, there is a 1 month trial period, so in case of an emergency you could open a ticket and then cancel support. This however will be the one and only time then to "try" support.

From my personal experience I can highly recommend official Plesk support. They are highly knowledgeable and motivated and well worth the money. So if you are using Plesk professionally, it is definitely a good idea to invest into it.
 
I actually believe that the Plesk pre-installation by STRATO was missing a public/private key pair that is used to sign a download to prevent tampering or man-in-the-middle-attacks, so a reimbursement is out of question. The problem is clearly caused by the pre-installation. I think so, because there are no reports about my issue on the net.

I have found one private key in /etc/psa/private/secret_key but there is no public_key anywhere. The file is 16 bytes so it's possibly a symmetric encryption key. Wild guess: a SHA-256 checksum is encrypted with that key.
A directory /etc/psa/key.d is empty.

Alas, I have to use the Plesk support.
 
Back
Top