• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Can't remove SNI SSL from client subscription panel

A

AdelM

Basic Pleskian
Am I doing something wrong ? Is it an known issue ? Is there a way to remove this certificate from the client's panel straight from Plesk ? Or should I follow the method used in this thread
http://forum.parallels.com/showthread.php?t=209929

Best Regards

PRODUCT, VERSION, OPERATING SYSTEM, ARCHITECTURE

Version Parallels Plesk Panel v11.0.9_build110120608.16 os_Debian 6.0
OS Debian 6.0.4
Panel version 11.0.9 Update #8

PROBLEM DESCRIPTION AND STEPS TO REPRODUCE

I added an SSL certificate on a client's domain using SNI. We decided then to use a dedicated IP. When I want to delete this certificate from thes client supscription panel, I have the following error, Error: Unable to remove certificates: one or several certificates are assigned to the IP addresses/domains.

ACTUAL RESULT

EXPECTED RESULT

ANY ADDITIONAL INFORMATION

Succeded to add thes same certificate to the panel and bind it to the new IP in Home>Tools & Settings>IP addresses management>
 
Deleting an SSL

You need first to un-bind the SSL from the IP through Tools & Settings -> IP address -> click on the IP address -> give it a NONE or a different default SSL, then you can again try deleting it.
 
Hi Abdi, thanks for your reply.

I've already tried what you suggested but it doesn't work.

I also tried this :

- Un-bind the IP adress here Home>Tools & Settings>IP addresses management>
- Uncheck "Enable SSL support" in client's subscription panel
- remove SSL certificate in "SSL Certificates" in client's subscription panel

Doesn't work.
 
You can try to use following workaround:

mysql> select dom_id,certificate_id from hosting where dom_id=xxx;
+--------+----------------+
| dom_id | certificate_id |
+--------+----------------+
| xxx | yyy |
+--------+----------------+

mysql> update hosting set certificate_id=0 where dom_id=xxx;

mysql> select dom_id,certificate_id from hosting where dom_id=xxx;
+--------+----------------+
| dom_id | certificate_id |
+--------+----------------+
| xxx | 0 |
+--------+----------------+

After that you will be able to remove certificate.
 
After restarting apache this afternoon I got the following error:

Syntax error on line 55 of /var/www/vhosts/mydomain.com/conf/13449678050.31729500_httpd_ip_default.include:
SSLCertificateFile: file '/opt/psa/var/certificates/cert-sED6Ys' does not exist or is empty
Action 'configtest' failed.
The Apache error log may have more information.
failed!

Followed by two emails

Unable to generate the web server configuration file on the host <myserver.com> because of the following errors:
nginx: [emerg] SSL_CTX_use_certificate_chain_file("/opt/psa/var/certificates/cert-sED6Ys") failed (SSL: error:02001002:system library:fopen:No such file or directory error:20074002:BIO routines:FILE_CTRL:system lib error:140DC002:SSL routines:SSL_CTX_use_certificate_chain_file:system lib)
nginx: configuration file /etc/nginx/nginx.conf test failed

Please resolve the errors in web server configuration templates and generate the file again.


AND


Unable to generate the web server configuration file on the host <myserver.com> because of the following errors:
Syntax error on line 55 of /var/www/vhosts/mydomain.com/conf/13449678050.31729500_httpd_ip_default.include:
SSLCertificateFile: file '/opt/psa/var/certificates/cert-sED6Ys' does not exist or is empty

Please resolve the errors in web server configuration templates and generate the file again.


cert-sED6Ys is the certificate I first added to the domain using SNI; I removed this certificate from the database thinking it's no more used.

After these errors, I checked configuration file "13449678050.31729500_httpd_ip_default.include" and found that the certificate cert-sED6Ys were still used in domain instead of the certificate I add and bound to the IP.

So I removed in domain configuration file the reference to cert-sED6Ys, Plesk complained about a misconfiguration and proposed me to reconfigure domains, after a while everything were back to normal.
I checked again the domain config file, it's pointing to the right certificate files indicated in the database.
 
Thank you - this worked for me (setting the cert id to zero with mysql).
Now isn't this a pretty major bug that needs to be reported? Once you've selected a certificate for a domain, you may not ever select "none" again only a different certificate. Therefore you can't go back from SNI to either no certificate at all or to using IP based certificate w/o this major hack.
 
You must log in or register to reply here.

Similar threads

nornagest
Question How to secure different access domains for Plesk
Replies
2
Views
936
Peter Debik
P
P
Forwarded to devs SSL It! - inconsistent Let’s Encrypt branding
Replies
2
Views
1K
AYamshanov
AYamshanov
Lenny
Resolved Seeking Assistance with API Communication Issues via SSL on Plesk
Replies
4
Views
643
Lenny
Lenny
B
Issue Default Page Certificate issue (no new cert)
Replies
1
Views
796
Peter Debik
P
Azurel
Resolved SSL Certificate urgent issue with timezones
Replies
1
Views
864
Azurel
Azurel
Back
Top