1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

Certificate Error -So, so annoying...

Discussion in 'Plesk for Linux - 8.x and Older' started by Rendavid, Jul 16, 2007.

  1. Rendavid

    Rendavid Guest

    What's up, all:

    At my website (www.etherjungle.com), I would like my clients to be able to log in and access their Plesk control panels that I have set up for them. But there is a problem. When clients click on the 'login' link located to the middle, right of the page they are piped over to this address:


    -which I think is to be expected. But they're getting an error message saying that the navigation has been blocked and that there is a certificate error. But I have already installed a certificate for this domain, and everything seems to be okay there. So why do I still have a certificate error showing up? Is there anything I can do to get this straightened out? All I want is for my cleints to be able to login in nice and sweet, like anyone would --->seamless, baby...

    Please help!
  2. faris

    faris Guest

    Is your certificate for www.etherjungle.com or for etherjungle.com?

    If it is for the www then it won't work for the non-www.

    However, your real problem is that you have not loaded the certificate at all for plesk. Plesk is using its default certificate.

    If you go to the Plesk login at that address then in Internet Explorer (and maybe Firefox -- not sure), click on File, Properties, then click on the Certificates button. This will tell you all about the certificate that is loaded.

    There are several topics on the forum about how to install a certificate and make it work. There are several steps involved. You basically login to Plesk, click on Server, then on Certificates.

    Add a new certificate (request, send request to certificate company of your choice, get certificate and CA Certificate, upload).

    Then you put a tick in the line with the certificate and click on Activate. You may want to set it as default too.

    Then back to Servers, this time click on IP addresses.

    Click on the IP address that your domain name is running on for hosting. Select the certificate you just set up. Click on OK.

    Restart Plesk

    And you'll be OK.

    I think you may just have missed out the bit with setting the certificate to work with the IP address.

  3. Rendavid

    Rendavid Guest

    Thanks so much. One further question, however.

    I spoke with the SSL management team of my hosting company, and they said that I had two options. One is to do as you suggested, but the other is supposed to be easier:

    How do you script the Plesk login page to show the "www." in front of "etherjungle.com"? SSL support told me that I can script it to look for the W's and that would do the trick, because the certificate was issued for "www.etherjungle.com" and not "etherjungle.com".

    What do you think?
  4. Rendavid

    Rendavid Guest

    Issue Resolved... Here's the follow up.. Good info here!

    Due to my horrible lack of patience, I went ahead and dumped my previous certificate and got a new one. It turns out that there's been a rather interesting change in the way certificates are issued, which both illuminated the problem and provided the proper fix.

    What I did wrong was that I applied the certificate under my domain rather than under the 'Server' section in plesk. I also set up the certificate as 'www.etherjungle.com' rather than what it should have been, which is 'etherjungle.com'. Here's the issue.

    In the first case, when the certificate is applied directly to the domain rather than under 'Server', it's just as the helpful post above says, the server is running without a certificate, even though the default domain may have been 'etherjungle.com' and was properly pointed to the main, exclusive ip onto which the certificate had been applied and the server was running on. Instead, the certificate should have been set up under 'Server', so that the incomplete default certificate could be switched to it once installed. Setting up the certificate under the domain doesn't allow for this. The new certificate won't show up as an option when switching the default.

    In the second case, when a certificate is issued with the 'www.' before the domain, the certificate will only work for the domain with the 'www.' included. However, if the certificate is issued without the 'www.' (i.e 'etherjungle.com' instead of 'www.etherjungle.com'), the certificate will work for both -with and without the 'www.', which is weird, I know. But that's the way it is, straight from the horse's mouth at the SSL dept. of 'GoDaddy.com'.

    The post just prior to this one is just another way to solve the issue without spending money on another certificate. I didn't know how to do it, so I just went and bought another and trashed the previous one. But I have a feeling that I could have just revoked the certificate and then re-issued it and installed it under 'Server', and everything would have been fine. I think 'GoDaddy.com' bumped me for $40 for the two-year certificate, when they could have just told me about the revoke and re-issue option in my account manager on their site. I'm not sure about this, though. So don't freak out on them if this happens to you. It's just my gut.

    Anyway, if anyone runs into the same problem as I had, I hope this all helps out. Good luck, and thanks...
  5. faris

    faris Guest

    You would not need to reboke and re-issue the certificate.

    The certificate is linked to the Private key. You could therefore basically copy everything from the domain to the server and it would just work. This is how you would transfer a certificate from one server to another (nothing to do with plesk) - we've done it many times. You just need to have the certificate (and CA certificate if appropriate) and matching Private key and you can move them anywhere.

    Regarding the www/no-www, that makes no sense. The certificate is issued for the fully qualified domain. I think you are seeing the www working because of your old certificate? Or Maybe GoDaddy offer special certificates that work with www or non-www -- I don't know. There's nothing stopping them doing so and it would certainly be a useful feature.

    With respect to www or no www for accessing plesk, this isn't really down to Plesk. Plesk is "listening" for connections on port 8443 on all IPs assigned to the server. As long as a domain name -- any domain name - points to an IP on the server you can login from https://whatever.com:8443 or https://ip.add.re.ss:8443

    So really it is down to the code you used on your website for the link to the login page as to whether it ends up being https://www.domain.com or just https://domain.com:8443