• Please be aware: Kaspersky Anti-Virus has been deprecated
    With the upgrade to Plesk Obsidian 18.0.64, "Kaspersky Anti-Virus for Servers" will be automatically removed from the servers it is installed on. We recommend that you migrate to Sophos Anti-Virus for Servers.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Issue Certificate problems

R

Robert van D

New Pleskian
I've been having some problems with connection to a website through FTP. Here are the steps I've been through.

=======

  1. Wanted to connect to a website with FileZilla to upload some files. FileZilla says that the certificate is expired a couple of months ago.

  2. I found out that in Plesk (version 12) I can create a self-signed certificate under Server --> SSL certificates --> Add. I find it a little strange that I have to fill in one domain name while I have a server with multiple domainnames, but he I don't know exactly, so I only fill in the domainname that I now have trouble with and press self-signed.

  3. I check the new certificate and click "Make it default".

  4. After that, I don't know why, but a colleague once adviced, I go to Server Management --> Services Management and restart 'Reverse Proxy Server (nginx)'.

  5. I go to FileZilla and want to connect to the domainname and it still gives a certfication notification, but this this it says it's not expired any more and used the new one I created.

  6. So I hope to have a FTP-connection right now, but not :(. It says that the login data is incorrect. Strange because they are correct. Changed the password a few times, tried to login with a different account. Nothing helps.

  7. I opened the error-log and it says "[ssl:warn] [pid 21972] AH01909: RSA certificate configured for domain.com does NOT include an ID which matches the server name."

  8. Can't figure out what the problem is. Even tried as last to restart the server, but it didn't help.

=======

So these are the steps I've been through. Can somebody pleeeeeeeeease help me with this, because I'm trying to work on a website. :(
 
Hi Robert van D,

Answers:

to 1: Pls. be informed, that ProFTPD uses for example the configuration:

at: /etc/proftpd.conf
Code: 
...
    TLSRSACertificateFile /opt/psa/admin/conf/httpsd.pem
    TLSRSACertificateKeyFile /opt/psa/admin/conf/httpsd.pem
...
or
Code: 
...
    TLSRSACertificateFile /usr/local/psa/admin/conf/httpsd.pem
    TLSRSACertificateKeyFile /usr/local/psa/admin/conf/httpsd.pem
...


If you changed the initial certificate as mentioned for example at

... you have to make sure, that you restart as well the service "xinetd", so that the NEW certificate is used, instead of the old one ( which should have been renamed "httpsd.pem.sav" ):

=> /etc/init.d/xinetd restart
to 2: Pls. be informed that each certificate has to have ( one or more ) defined domain - name(s) in order to work. It would not make sense to create a certificate with a nonsense wildcard as for example "*.*" .

At "Home > Tools & Settings > SSL/TLS Certificates" you would normally create certificates for your used IP(s) and the corresponding "hostnames" ( pls. see as well your unique configuration at "/etc/hostname" and "/etc/hosts" ! )
At "Home > Subscriptions > YOUR-DOMAIN.COM > SSL/TLS Certificates" you would normally create certificates for your corresponding domain(s).
to 3: You would never choose the certificate to be marked/defined as "default", if it has been created for a single domain - name, when you host different domains on your server. You would only mark/define a certificate as "default", when the reverse DNS - entry for your IP points to the exact used FQDN in your created certificate. Pls. check your reverse entry ( = PTR ) at for example: => https://www.dnswatch.info/dns/dnslookup?la=en&host=XXX.XXX.XXX.XXX&submit=Resolve ( where XXX.XXX.XXX.XXX has to be replaced with your unique IP ).


to 4: The restart of apache and/or nginx is irrelevant for your FTP - server, but it doesn't harm doing that, after you changed a certificate, because these services as well need a reload/restart, to load the new certificate from the depending configuration files. ;)


to 5+6: Pls. POST any ( possible ) notification(s), because we can not guess it, even if you try to describe them as accurate as possible. Pls. note, that the FTP -user and -password has got absolute nothing to do with a certificate. If you ever receive such a information, then you can be sure, that either the used name, or the used password is just wrong. Pls. inspect here as well your log - files for further investigations and POST the corresponding entries ( hint: All log - files are located at "/var/log/" on linux - systems! ;) )



to 7: As you can see, this is a WARNING and no ERROR - message. It can be safely ignored ( In fact, it is a bit misleading, because it should not even be a warning, than rather an INFORMATION, the fact that you use a certificate without using an "ID" is not relevant for the working state of your webserver. )
Again, you made a very big mistake in comparing your WEBSERVER ( apache and/or nginx ), with the FTP - server. You can't reach your webserver on port 21 ( the standard FTP - port ) for example. Here's an example link for you, where you can inform yourself about the port - usage with Plesk on your server:



to 8: If you restarted the complete server, then all services loaded the ( changed ) certificate, when you followed answer no. 1 . It is really important now for you to read again answer no. 5+6 .

 
You must log in or register to reply here.

Similar threads

P
Resolved PLESK 18.0.60 Problems to configure mails / Certificates, etc.
Replies
8
Views
818
mow
M
P
Issue Certificate problem in Plesk
Replies
5
Views
369
Raul A.
R
defcon8
Issue SMTP SSL Certificate Expired
Replies
2
Views
633
defcon8
defcon8
L
Issue ( authorization token is unavailable ) Could not issue/renew Let`s Encrypt certificates
Replies
7
Views
462
Leta
L
P
Question Sync SSL certificates between 2 servers
Replies
7
Views
748
Kaspar@Plesk
Kaspar@Plesk
Back
Top