• Please be aware: Kaspersky Anti-Virus has been deprecated
    With the upgrade to Plesk Obsidian 18.0.64, "Kaspersky Anti-Virus for Servers" will be automatically removed from the servers it is installed on. We recommend that you migrate to Sophos Anti-Virus for Servers.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Issue Certificate problem in Plesk

P

paddaone1

New Pleskian
Server operating system version
Debian 11.11
Plesk version and microupdate number
18.0.60 #1
Hello everyone,

I have a problem trying to configure a certificate in plesk on a dedicated hosted server working on debian 11 with a hoster called IKOULA for a sub domain of a domain set up in plesk.

Root domain is, let's say "mydomain.com".
Plesk is accessible with https://server101.mydomain.com
Webmail for the domain is https://webmail.mydomain.com

mydomain.com + www DNS setup in cloudflare, proxied. Certificate used is cloudflare at full strict.
Server101.mydomain.com is not proxied and covered by a let's encrypt certificate setup in plesk.
mail server (mx record) point to server IP, not proxied and secured by let's encrypt certificate.

This setup is working so far.

Now I have a Synology NAS server I host in-house on my local network with a public IP address. Let's call it "nas.mydomain.com" and a DNS record is setup in cloudflare
Public_IP_of localserver "A" NAS. That record is NOT proxied.
This server is used among other things to backup the plesk server every night via SSH.

On pfsense firewall on local network, nat is set up to redirect traffic from public IP from the hosted server to the local NAS server on port 22. Works; plesk can see the backups on the nas.

I can ping nas.mydomain.com from a terminal SSH in plesk, or from anywhere else outside, no problem there... normal, security of the connexion is elsewhere.

But now for some reason, i cannot access the nas server via https://nas.mydomain.com; says it is not secured and error is ERR_CONNECTION_TIMED_OUT.

So no connexion possible to the home server via https but I can ping it, SSH it but no https.

What am I forgetting????
I'm sure there is missing information one may need to troubleshoot this configuration and I'll try to answer as best as possible.
Thank you for your help!!! It's killing me as my understanding is not the best there is.
 

Attachments

  • cloudflare-plesk.png
    cloudflare-plesk.png
    188.3 KB · Views: 5
If you want to secure the HTTP connection to your NAS, you'll need to configure that on your NAS, not in Plesk. Refer to the documentation of the NAS manufacture to see how to secure the connection with an SSL certificate.
 
Kaspar said:
If you want to secure the HTTP connection to your NAS, you'll need to configure that on your NAS, not in Plesk. Refer to the documentation of the NAS manufacture to see how to secure the connection with an SSL certificate.
Click to expand...
Thank you for your answer, I've done that already as shown in attached image. Could the problem be that cloudflare issued a certificate for *.mydomain.com and nas.mydomain.com has a let's encrypt certificate declared on the synology?
I tried to turn off the cloudflare certificate and use only a let's encrypt created in plesk but nothing works after that.
I don't understand why it was working before and not now. I don't believe anything changed.
 

Attachments

  • Capture d'écran 2024-10-09 111803.png
    Capture d'écran 2024-10-09 111803.png
    148.9 KB · Views: 2
paddaone1 said:
Could the problem be that cloudflare issued a certificate for *.mydomain.com and nas.mydomain.com has a let's encrypt certificate declared on the synology?
Click to expand...
No, those domains work independent of each other. Besides nas.mydomain.com isn't proxied right?

paddaone1 said:
I tried to turn off the cloudflare certificate and use only a let's encrypt created in plesk but nothing works after that.
I don't understand why it was working before and not now. I don't believe anything changed.
Click to expand...
The ERR_CONNECTION_TIMED_OUT error usually implies that the connecting gets blocked. Maybe there is a firewall rule some where blocking the connection? Maybe on your NAS or on your own computer?
 
Kaspar said:
No, those domains work independent of each other. Besides nas.mydomain.com isn't proxied right?


The ERR_CONNECTION_TIMED_OUT error usually implies that the connecting gets blocked. Maybe there is a firewall rule some where blocking the connection? Maybe on your NAS or on your own computer?
Click to expand...
Thank you for your answer. nas... is proxied. Firewall rules have not change so should not come from it. NAT is setup to redirect properly in pfsense (stand alone firewall on LAN)
 
You must log in or register to reply here.

Similar threads

P
Resolved PLESK 18.0.60 Problems to configure mails / Certificates, etc.
Replies
8
Views
751
mow
M
micneon
Issue Problems to del certificate with cli
Replies
0
Views
131
micneon
micneon
T
Issue Forwarded domain can't be secured
Replies
3
Views
484
TomBoB
T
M
Issue SSL certificate to secure Plesk IP address issue (Not Lets Encrypt)
Replies
5
Views
747
Kaspar@Plesk
Kaspar@Plesk
defcon8
Issue SMTP SSL Certificate Expired
Replies
2
Views
594
defcon8
defcon8
Back
Top