• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Issue Certificate problems

R

Robert van D

New Pleskian
I've been having some problems with connection to a website through FTP. Here are the steps I've been through.

=======

  1. Wanted to connect to a website with FileZilla to upload some files. FileZilla says that the certificate is expired a couple of months ago.

  2. I found out that in Plesk (version 12) I can create a self-signed certificate under Server --> SSL certificates --> Add. I find it a little strange that I have to fill in one domain name while I have a server with multiple domainnames, but he I don't know exactly, so I only fill in the domainname that I now have trouble with and press self-signed.

  3. I check the new certificate and click "Make it default".

  4. After that, I don't know why, but a colleague once adviced, I go to Server Management --> Services Management and restart 'Reverse Proxy Server (nginx)'.

  5. I go to FileZilla and want to connect to the domainname and it still gives a certfication notification, but this this it says it's not expired any more and used the new one I created.

  6. So I hope to have a FTP-connection right now, but not :(. It says that the login data is incorrect. Strange because they are correct. Changed the password a few times, tried to login with a different account. Nothing helps.

  7. I opened the error-log and it says "[ssl:warn] [pid 21972] AH01909: RSA certificate configured for domain.com does NOT include an ID which matches the server name."

  8. Can't figure out what the problem is. Even tried as last to restart the server, but it didn't help.

=======

So these are the steps I've been through. Can somebody pleeeeeeeeease help me with this, because I'm trying to work on a website. :(
 
Hi Robert van D,

Answers:

to 1: Pls. be informed, that ProFTPD uses for example the configuration:

at: /etc/proftpd.conf
Code: 
...
    TLSRSACertificateFile /opt/psa/admin/conf/httpsd.pem
    TLSRSACertificateKeyFile /opt/psa/admin/conf/httpsd.pem
...
or
Code: 
...
    TLSRSACertificateFile /usr/local/psa/admin/conf/httpsd.pem
    TLSRSACertificateKeyFile /usr/local/psa/admin/conf/httpsd.pem
...


If you changed the initial certificate as mentioned for example at

... you have to make sure, that you restart as well the service "xinetd", so that the NEW certificate is used, instead of the old one ( which should have been renamed "httpsd.pem.sav" ):

=> /etc/init.d/xinetd restart
to 2: Pls. be informed that each certificate has to have ( one or more ) defined domain - name(s) in order to work. It would not make sense to create a certificate with a nonsense wildcard as for example "*.*" .

At "Home > Tools & Settings > SSL/TLS Certificates" you would normally create certificates for your used IP(s) and the corresponding "hostnames" ( pls. see as well your unique configuration at "/etc/hostname" and "/etc/hosts" ! )
At "Home > Subscriptions > YOUR-DOMAIN.COM > SSL/TLS Certificates" you would normally create certificates for your corresponding domain(s).
to 3: You would never choose the certificate to be marked/defined as "default", if it has been created for a single domain - name, when you host different domains on your server. You would only mark/define a certificate as "default", when the reverse DNS - entry for your IP points to the exact used FQDN in your created certificate. Pls. check your reverse entry ( = PTR ) at for example: => https://www.dnswatch.info/dns/dnslookup?la=en&host=XXX.XXX.XXX.XXX&submit=Resolve ( where XXX.XXX.XXX.XXX has to be replaced with your unique IP ).


to 4: The restart of apache and/or nginx is irrelevant for your FTP - server, but it doesn't harm doing that, after you changed a certificate, because these services as well need a reload/restart, to load the new certificate from the depending configuration files. ;)


to 5+6: Pls. POST any ( possible ) notification(s), because we can not guess it, even if you try to describe them as accurate as possible. Pls. note, that the FTP -user and -password has got absolute nothing to do with a certificate. If you ever receive such a information, then you can be sure, that either the used name, or the used password is just wrong. Pls. inspect here as well your log - files for further investigations and POST the corresponding entries ( hint: All log - files are located at "/var/log/" on linux - systems! ;) )



to 7: As you can see, this is a WARNING and no ERROR - message. It can be safely ignored ( In fact, it is a bit misleading, because it should not even be a warning, than rather an INFORMATION, the fact that you use a certificate without using an "ID" is not relevant for the working state of your webserver. )
Again, you made a very big mistake in comparing your WEBSERVER ( apache and/or nginx ), with the FTP - server. You can't reach your webserver on port 21 ( the standard FTP - port ) for example. Here's an example link for you, where you can inform yourself about the port - usage with Plesk on your server:



to 8: If you restarted the complete server, then all services loaded the ( changed ) certificate, when you followed answer no. 1 . It is really important now for you to read again answer no. 5+6 .

 
You must log in or register to reply here.

Similar threads

N
Question Where are the automatic website backups of Pleks stored on the server ?
Replies
1
Views
140
Peter Debik
P
Azurel
Resolved Mail for "Let`s Encrypt certificates for ***** have been issued/renewed" missing?
Replies
2
Views
285
Azurel
Azurel
mazterizes
Issue SSL Certificate Renewal Woes - Seeking Expert Advice
Replies
0
Views
517
mazterizes
mazterizes
R
Issue Unable to access PLESK admin because of full hard drive
Replies
1
Views
8K
Huraira112200
H
D
Issue certificate of VPS host still used after SSL configuration for newly added domain
Replies
4
Views
647
deepnpisgah
D
Back
Top