Resolved Cant use SSL on domains

[José María Antón]

Hello,

i just configure a certificate on a domain but the server does not response. SSL Support on this domain is enabled and ssl certificate is selected.

https is working fine on 8443 for plesk, but 443 are not working.

443 port is listening.

Please, help me!

Thanks a lot.

Best regards.

 

[UFHH01]

Hi José María Antón,

pls. make sure that your webserver(s) are up and running. Check the services for example with the following commands over your ssh - command line ( logged in as user "root" ):

service apache2 status ( on Ubuntu/Debian - based systems )
service nginx status​

Consider to step out of the anonymity, by providing the domain name, so that people willing to help you have something to start with possible investigations.

 

[José María Antón]

Hi,

thanks for your response. Services are running:
root@xxx:~# service apache2 status
* apache2 is running
root@xxx:~# service nginx status
* nginx is running

Domain is: www.weldyiberian.com

I wish that SSL works fine asap.

Thanks.

 

[UFHH01]

Hi José María Antón,

pls. go to

HOME > Domains > weldyiberian.com > Hosting Settings​

... and check your settings. Consider to make a screenshot, so you could post the settings here.
At the moment, there are "no secure protocols supported", which leads to an immidiate close of the connections, when trying to connect on port 443.

 

[José María Antón]

Hi,

here is the screenshot:

And also...


Thanks!

 

[UFHH01]

Hi José María Antón,

first, I recommend to restart your webserver(s) with for example:

service apache2 restart ( on Ubuntu/Debian - based systems )
service nginx restart​

Second, pls. investigate your corresponding log - files ( "/var/log/apache2/" and "/var/log/nginx" - on Ubuntu/Debian - based systems and keep as well in mind the domain - specific log - files at: "/var/www/vhosts/system/weldyiberian.com/logs" ) for possible issue(s)/error(s)/problem(s).


In some cases, it might be helpfull to re-create the webserver - configuration files with the example commands:

plesk repair web
or
/usr/local/psa/admin/sbin/httpdmng --reconfigure-all​

Pls. report any possible issue(s)/error(s)/problem(s) from your logs or the command line for further investigations or if you desire help from people willing to help you.

 

[José María Antón]

Hello,

i restarted both services.

On logs, i can see:
You configured HTTP(80) on the standard HTTPS(443) port!
on some domains, but not at weldyiberian (the only domain with certificate)

What can i search?

plesk repair web, will affect other domains, clients and resellers?

Thanks.

 

[UFHH01]

Hi José María Antón,

Plesk commands are well well documented, so is the command "plesk repair":

Plesk Repair Utility: Web ( Plesk 12.5 online documentation - Administrator's Guide )

Pls. choose for yourself, which repair - command you would like to choose, to repair your configuration files. ​

 

[José María Antón]

Hi,

after did it... nothing:
root@xxxx:~# plesk repair web weldyiberian.com

Repairing web server configuration
Repairing web server configuration for the domain weldyiberian.com[OK]

Error messages: 0; Warnings: 0; Errors resolved: 0

--- DOES NOT WORK HTTPS, ONLY HTTP. Then... I ran this:

root@xxxx:~# plesk repair web -sslcerts

Repairing web server configuration
Reinstalling SSL certificates ................................... [OK]
Applying the default SSL certificate to all IP addresses ........ [OK]

Error messages: 0; Warnings: 0; Errors resolved: 0

--- NOTHING.

Can you help me? THAAAANKS!

 

[Bitpalast]

Did you run
/usr/local/psa/admin/sbin/httpdmng --reconfigure-all
as @UFHH01 suggested? It should reconfigure all web server configuration files and remove the duplicate port issue.

If the issue persists despite having run "httpdmng --reconfigure-all", verify that port 80 is used by nginx or httpd
# netstat -plnt | grep ':80'
then go through all web server configuraton files (excluding the vhost configurations) in /etc/httpd to find the false entry.

 

[José María Antón]

Good morning,

after running those commands... there is no news

root@xxxx:~# /usr/local/psa/admin/sbin/httpdmng --reconfigure-all
root@xxxx:~# netstat -plnt | grep ':80'
tcp 0 0 85.214.34.91:80 0.0.0.0:* ESCUCHAR 24129/nginx
tcp6 0 0 :::8080 :::* ESCUCHAR 8139/java
tcp6 0 0 :::8081 :::* ESCUCHAR 6559/java
tcp6 0 0 :::8019 :::* ESCUCHAR 6559/java
tcp6 0 0 127.0.0.1:8006 :::* ESCUCHAR 6559/java
root@xxxx:~# netstat -plnt | grep ':443'
tcp 0 0 85.214.34.91:443 0.0.0.0:* ESCUCHAR 24129/nginx

What config files should I check?
/var/www/vhosts/system/ALL_DOMAINS.com/conf ?

Example, for weldyiberian.com, first lines:
<IfModule mod_ssl.c>

<VirtualHost 85.214.34.91:7081 >
ServerName "weldyiberian.com:443"
ServerAlias "www.weldyiberian.com"
ServerAlias "ipv4.weldyiberian.com"
ServerAdmin "xxx"
UseCanonicalName Off
[...]

I dont know!

Thanks a lot!

 

[Bitpalast]

You configured HTTP(80) on the standard HTTPS(443) port!
on some domains, but not at weldyiberian (the only domain with certificate)

Neglect weldyiberian, check the "on some domain". Which domains are affected? A reconfigure-all should have rebuild their configuration files. Do you have any additional directives in the Apache configuration section for these additional domains?

 

[José María Antón]

Neglect weldyiberian, check the "on some domain". Which domains are affected? A reconfigure-all should have rebuild their configuration files. Do you have any additional directives in the Apache configuration section for these additional domains?

All domains on this server are affected. Only works https on plesk. If I open any https://domain, browser said that ERROR CONNECTION CLOSED.

I did not configure any addiotional directives in Apache for any domain.

I will burn the server!!!

Thanks!

 

[Bitpalast]

It's just not specific enough and the information given is contradictory.

On logs, i can see:
You configured HTTP(80) on the standard HTTPS(443) port!
on some domains, but not at weldyiberian (the only domain with certificate)

What log file exactly does show this error? Is this message related to a specific domain as you write "on some domains"? Before you stated "on some domains", your latest version however is "All domains ... are affected". Which one is correct, "some" or "all"? This makes a huge difference in what the problem can be.

When you have reconfigured all domains through the Plesk "repair web -y" or "httpmng --reconfigure-all" and there are no additional directives in any domains, the Plesk web server configuration files will be alright, so it is unthinkable that you still have a "You configured ... on the standard ... port" error, unless you have additional web server configuration files in /etc/httpd or descending directories that are not from the Plesk installation. Did you go through /etc/httpd as suggested before?

 

[José María Antón]

Hi,

i dont have /etc/http:


After re-run:
root@xxxx:~# service apache2 restart
* Restarting web server apache2 [ OK ]
root@xxxx:~# service nginx restart
* Restarting NGINX nginx

Please, check logs in the attachment (too large to post it here).

I prefer paste all logs to check everything.

Thanks in advance!

 

[Bitpalast]

In your operating system, the /etc/httpd is probably named /etc/apache2. Do you have a /etc/apache2/sites-available and /etc/apache2/sites-enabled directory?

Could you please post the output of
# /usr/local/psa/admin/sbin/nginxmng -s
? I would like to make sure that Nginx is actually "in use" as reverse proxy.

Normally, Apache should neither use port 80, nor port 443 if you have Nginx enabled as reverse proxy. Your log files show, that Apache IS using ports 443 and 80. We have already ruled out a Plesk configuration issue with the files that Plesk generates. When Nginx is enabled (# /usr/local/psa/admin/sbin/nginxmng -e), Apache is configured to serve ports 7080 and 7081, but not 80, neither 443. In the previous steps the web server configuration was reconfigured, so there cannot be any file for ports 80 and 443 that originates from Plesk.

So what is left is only an additional configuraton file that resides in /etc/apache2/sites-available and was enabled by a2ensite. In that file you will likely find the misconfiguration. It can simply be a default Apache configuration file that was added by a manual update of Apache. Have you ever updated Apache through apt-get? It can be a special web server configuration file, too, that was brought in by an add-on beyond Plesk.

 

[José María Antón]

Hi,

root@h2515711:/etc/apache2# ls -ltr
total 92
-rw-r--r-- 1 root root 31063 ene 3 2014 magic
-rw-r--r-- 1 root root 1782 ene 3 2014 envvars
drwxr-xr-x 2 root root 4096 dic 29 2015 sites-enabled
-r-------- 1 root root 3050 dic 29 2015 httpd.pem
-rw-r--r-- 1 root root 324 dic 29 2015 ports.conf
-rw-r--r-- 1 root root 7280 may 10 2016 apache2.conf
drwxr-xr-x 2 root root 4096 may 10 2016 mods-enabled
drwxr-xr-x 2 root root 4096 ago 9 2016 sites-available
drwxr-xr-x 2 root root 16384 feb 15 09:38 mods-available
drwxr-xr-x 2 root root 4096 feb 15 09:38 conf-available
drwxr-xr-x 7 root root 4096 mar 8 08:22 plesk.conf.d
drwxr-xr-x 2 root root 4096 mar 9 04:49 conf-enabled
root@h2515711:/etc/apache2# /usr/local/psa/admin/sbin/nginxmng -s
Enabled
root@h2515711:/etc/apache2#

And, about apt-get, yes, server was updated with apt-get.

Do you need any file at /etc/apache2 ?


Thanks.

 

[Bitpalast]

Did you understand the reason for the false behavior of the server as explained before? Have you checked the files in sites-available and sites-enabled for a wrong port configuration in one or more of these files? You probably have a file in sites-available that was enabled by a2ensite that contains the wrong configuration of the SSL-Section on port 80. You need to identify that file and a2dissite it.

 

[José María Antón]

Good morning,

I feel a little lost... I did not see port 443, port 80, ...

I had upload default-ssl.conf and 000-desfault-conf at sites-available (only the two files inside) and 000-default.conf at sites-enabled.

It seems not modified since server installation date.

Thanks!

 

[José María Antón]

Good morning,

Good news! All was easier... the way to fix it was add a new ssl certificate trough plesk. Until today, default certificate was present and without all data. Now, https is working!

Thanks.