• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Resolved Cannot update SSL certificate used o port 8443 for plesk administration

B

bigcookie

New Pleskian
Server operating system version
Debian 10
Plesk version and microupdate number
18.0.49
Dear all,

I run Plesk on a single webserver with one domain and multiple subdomains. I secured all domains with Let's Encrpyt SSL certificates and all works fine. Also mail uses a new SSL certificate.
I made sure that I go to "tools & settings" - "SSL/TSL Certificates", i issued a new certificate from Let's encrypt and used it to secure plesk and mail. Domain name is correct. but still Port 8443 gives me back a SSL certificate with a wrong domain name. I found that certificate in the Let's encrypt archive, but it is not in the "live" folder...
(basically it was the first certificate for the host before connected to domain: h####.stratoserver.net instead of DOMAIN.net)
Any hint where this certificate is configured to be used for port 8443 to troubleshoot more? Or better - howto resolve this?

thanks...
 
In a similar case the solution was to let Plesk reconfigure the general web server configuration files with
# plesk repair web -server
 
Thanks, I tried this (# plesk repair web-server), but didnt work. The config check didnt find any error and issue stays.

Just for clarity:
- Domain and subdomains under MYDOMAIN.net have been secured with a wildcard Let's encrypt certificates, including mail securing using "Websites & Domains -> SSL/TLS certificates"
- Plesk and mail server have been secured with another Let's encrypt certificate using "Tools & Settings -> SSL/TLS certificates"

I checked the listed certificates in Plesk to be issued for the correct domain - this is the case.

Results:
- websites under main domain and subdomains are reachable via https without problems
- mail seems to work properly as well with the SSL certificates
- I checked the ports 465, 993, 443 and 8443 with openssl via
# openssl s_client -showcerts -connect MYDOMAIN.net:465 -servername MYDOMAIN.net
and on the ports 465, 993, 443 all is fine, but checking port 8443 delivers back the old/wrong certificate with the "pre-mydomain-connection" hostname.

-> My hoster assigned me a host h######.stratoserver.net , which I setup completely. Then later on I connected a domain.
-> Please note that I am using an external domain hoster (DNS), in case this might be an issue (but domain and all subdomains are reachable, mail autodiscover works and mail DKIM, SPF, DMARC are also working as expected...

Thanks, regards,

André
 

Attachments

  • Screenshot 2023-01-08 at 15.24.58.png
    Screenshot 2023-01-08 at 15.24.58.png
    89.1 KB · Views: 5
  • Screenshot 2023-01-09 at 09.00.34.png
    Screenshot 2023-01-09 at 09.00.34.png
    85.2 KB · Views: 5
  • Screenshot 2023-01-09 at 09.00.58.png
    Screenshot 2023-01-09 at 09.00.58.png
    58.2 KB · Views: 5
I found weirdly under
/etc/sw-cp-server/conf.d/plesk.conf
the server configuration snippet for port 8443 and it links to a certificate to be found at
/opt/psa/admin/conf/httpsd.pem
and this certificate is issued for the correct MYDOMAIN.net, but it seems not to be used.
 
I tried to restart "sw-cp-server.service" by "sudo service sw-cp-server restart", but it failed. Probably this is the reason. Weirdly, I couldnt find any sw-cp service running at all, but plesk admin web ui is reachable...


These are my checks:


Code: 
# ps ax | grep sw-cp | grep -v grep

Code: 
# /bin/systemctl start sw-cp-server.service
Job for sw-cp-server.service failed because the control process exited with error code.
See "systemctl status sw-cp-server.service" and "journalctl -xe" for details.

Code: 
# systemctl status sw-cp-server.service
● sw-cp-server.service - Startup script for Plesk control panel server
   Loaded: loaded (/lib/systemd/system/sw-cp-server.service; enabled; vendor preset: enabled)
   Drop-In: /lib/systemd/system/sw-cp-server.service.d
          └─respawn.conf
   Active: activating (auto-restart) (Result: exit-code) since Mon 2023-01-09 10:52:56 CET; 1s ago
  Process: 22497 ExecStartPre=/usr/sbin/sw-cp-serverd -q -t (code=exited, status=1/FAILURE)


Jan 09 10:52:56 andrekuhn.net systemd[1]: sw-cp-server.service: Control process exited, code=exited, status=1/FAILURE
Jan 09 10:52:56 andrekuhn.net systemd[1]: sw-cp-server.service: Failed with result 'exit-code'.
Jan 09 10:52:56 andrekuhn.net systemd[1]: Failed to start Startup script for Plesk control panel server.

Code: 
# journalctl -xe
Jan 09 10:46:24 andrekuhn.net systemd[1]: Failed to start Startup script for Plesk control panel server.
-- Subject: A start job for unit sw-cp-server.service has failed
-- Defined-By: systemd
-- Support: https://www.debian.org/support
--
-- A start job for unit sw-cp-server.service has finished with a failure.
--
-- The job identifier is 33457 and the job result is failed.
 
I found the issue. I accidently added an additional fastcgi_buffers config for nginx:
Code: 
fastcgi_buffers 16 16k;
fastcgi_buffers 32 32k;
which should be of course
Code: 
# fastcgi_buffers 16 16k;
fastcgi_buffers 32 32k;
 
You must log in or register to reply here.

Similar threads

nornagest
Question How to secure different access domains for Plesk
Replies
2
Views
961
Peter Debik
P
D
Issue can only create webmail certificates
Replies
1
Views
368
deepnpisgah
D
D
Issue certificate of VPS host still used after SSL configuration for newly added domain
Replies
4
Views
617
deepnpisgah
D
carlsson
Issue Mail on Plesk, web on other provider, how do I create a correct SSL?
Replies
2
Views
147
carlsson
carlsson
B
Resolved Shared hosting with multiple domains SSL/TLS issues
2
Replies
20
Views
2K
bork
B
Back
Top