• Please be aware: Kaspersky Anti-Virus has been deprecated
    With the upgrade to Plesk Obsidian 18.0.64, "Kaspersky Anti-Virus for Servers" will be automatically removed from the servers it is installed on. We recommend that you migrate to Sophos Anti-Virus for Servers.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.

Resolved Domain name issue -- certificate for a domain uses server domain. But can't see how or why

M

MHC_1

New Pleskian
Server operating system version
Ubuntu 22
Plesk version and microupdate number
Obsidian v18.0.61
We have multiple domains on the server.

One domain works fine and has the certificate set up and the domain loads correctly with the correct certificate for the correct URL.

Another domain says the certificate is invalid because somehow the certificate is loaded for the Plesk Server domain rather than the website domain.

The "SSL It!" / Lets Encrypt are both set up the same so from the Plesk interface I can't see why it's different and can;t see how to resolve this.

Pictures below:

ERRORS on browser (2:)

SMYR_opera_error_1.png

SMYR_opera_error_2.png

Certificate set up on Plesk:

SMYR_cerificate_plesk_2.png

Another website on the same server using the same certification system (SSL it!):

DESG_works_ok.png

DESG_cert_ok.png

Why is this different? How can we fix this so all domains on the server work like the DESG?

The cause may be related to this bug? --> Resolved - SSL It - HSTS appearing twice in headers ? Any help appreciated.

BONUS QUESTION:

Also, bonus question; How can we manually set the HSTS on a domain to zero to force the HSTS refresh (eg "Strict-Transport-Security: max-age=0") ? Plesk doesn't give this option and can't find the relevant lines in .htaccess or in any of the httpd.conf.
 

Attachments

  • SMYR_cert_1.png
    SMYR_cert_1.png
    115.2 KB · Views: 5
Hi, is the right certificate selected in the hosting settings of the domain?
Screenshot 2024-07-07 181026.png
As for setting HSTS max age, you can click the slides icon to configure this (although the minimum available option is 1 minute).
Screenshot 2024-07-07 181416.png
 
Kaspar@Plesk said:
Hi, is the right certificate selected in the hosting settings of the domain?
View attachment 26577
As for setting HSTS max age, you can click the slides icon to configure this (although the minimum available option is 1 minute).
Click to expand...

Hello
Yes the correct certificate is set here (NB: This is Hosting & DNS --> Hosting Settings ) for all domains.

re: HSTS yes, but this isn't really configurable more that it gives a few (3) basic options, not involving setting age=0. But I've found the issue with HSTS was it was being set twice by WP.
 
If you are positive the right certificate has been selected in the hosting settings, you can run the repair utility via command line to see if that fixes the issue.

plesk repair web example.com -sslcerts -y
(replace example.com with your domain)
 
Kaspar@Plesk said:
If you are positive the right certificate has been selected in the hosting settings, you can run the repair utility via command line to see if that fixes the issue.

plesk repair web example.com -sslcerts -y
(replace example.com with your domain)
Click to expand...

Thanks. This ha been done.

repair_1_2024-07-08.png

Should I await any sort of propagation?

Clearing web history and cache on browsers results in no change at the browser end. Same issue remains.
 
MHC_1 said:
Should I await any sort of propagation?
Click to expand...
Any repairs should be instant, although a browser restart might be needed to clear cache.

Since the repair utility did not found any errors I am not sure what is causing the issue. I recommend opening a ticket with our support team and let them investigate the issue on your server. To sign-in to support and open a ticket go to https://support.plesk.com.

If you got your license from a reseller, your reseller should provide support for you. If the reseller does not provide support, here is an alternative to get support directly from Plesk: https://support.plesk.com/hc/en-us/articles/12388090147095-How-to-get-support-directly-from-Plesk
 
There currently seems to be an issue with (re)issuing certificates. We are investigating this issue. More info:

Issue - SSL create and renew errors on random domains / possibly a Let's Encrypt issue, but maybe only in combination with Plesk

We are seeing some random create and renewal errors of Let's Encrypt as described in https://community.letsencrypt.org/t/failed-reissue-on-plesk-due-to-could-not-obtain-directory-curl-error-35-encountered-end-of-file/221455/3 This only occurs on some domain names while other domains on the...
talk.plesk.com talk.plesk.com
 
Reissuing the certificate again after the Let's Encrypt issue cleared seems to have resolved this issue. Thanks.
 
You must log in or register to reply here.

Similar threads

futureweb
Question Issues with SSL Certificate Renewal for Mail Services in Plesk: Seeking Automated Solution via CLI or API
Replies
8
Views
1K
futureweb
futureweb
P
Question Sync SSL certificates between 2 servers
Replies
7
Views
586
Kaspar@Plesk
Kaspar@Plesk
F
Question Going from a temporary plesk.page domain name to the actual domain name
Replies
6
Views
1K
Kaspar
K
carlsson
Issue Can't issue SSL certificate!? Help!
Replies
5
Views
783
Peter Debik
P
D
Issue certificate of VPS host still used after SSL configuration for newly added domain
Replies
4
Views
1K
deepnpisgah
D
Back
Top