Issue Duplicate value TLSv1 / certificate had names "parallels panel"

[Huguesdek]

Hello,
I have installed let's encrypt with this tuto : How To Secure Nginx with Let's Encrypt on CentOS 7 | DigitalOcean
I have only plesk 12.0.18 and the modul let's encrypt is only avaible until 12.5 (im scard about updating)
And i have this error :

nginx: [warn] duplicate value "TLSv1.1" in /etc/nginx/plesk.conf.d/server.conf:37
nginx: [warn] duplicate value "TLSv1.2" in /etc/nginx/plesk.conf.d/server.conf:37
nginx: [warn] duplicate value "TLSv1.1" in /etc/nginx/plesk.conf.d/server.conf:56
nginx: [warn] duplicate value "TLSv1.2" in /etc/nginx/plesk.conf.d/server.conf:56
nginx: [warn] duplicate value "TLSv1.1" in /etc/nginx/plesk.conf.d/webmail.conf:16
nginx: [warn] duplicate value "TLSv1.2" in /etc/nginx/plesk.conf.d/webmail.conf:16
nginx: [warn] duplicate value "TLSv1.1" in /etc/nginx/plesk.conf.d/webmail.conf:40
nginx: [warn] duplicate value "TLSv1.2" in /etc/nginx/plesk.conf.d/webmail.conf:40

What can i do ?

PS Sorry for my english

 

[IgorG]

Run following command on your server

# grep -R 'TLSv1.1' /etc/nginx/*

By default TLSv1.1 and TLSv1.2 protocols should be defined only in /etc/nginx/conf.d/ssl.conf file. So, remove line with this definition from all config files except /etc/nginx/conf.d/ssl.conf file and then check, that all is OK with command

# nginx -t

 

[Huguesdek]

Hi IgorG.
Thank you for your answer.
Indeed, doing this, that works But In the beginning of plesk config file, that say :
#
#DO NOT MODIFY THIS FILE BECAUSE IT WAS GENERATED AUTOMATICALLY,
#SO ALL YOUR CHANGES WILL BE LOST THE NEXT TIME THE FILE IS GENERATED.

So i dont know if this solution will always work...

 

[Bitpalast]

If the line was found in a virtual host configuration file of Plesk, then maybe it was added in the custom Nginx directives in a subscription.

 

[Huguesdek]

Hi.
I have a new error :

 - The following errors were reported by the server:

   Domain: lxxxxxxx.com
   Type:   unauthorized
   Detail: Incorrect validation certificate for tls-sni-01 challenge.
   Requested
   b2193a3d7204bbe3e62f8cc45df72b.1e2c37ea94ac5073b2e0a3546d72f6.acme.invalid
   from 193.70.45.113:443. Received 1 certificate(s), first
   certificate had names "parallels panel"

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address.

my dns config in the upload file.

Thanks you guys

 

[Ryan Dines]

I would listen to nginx over some guy on the internet. I put all of my ssl information in its own server block in the /etc/ssl/conf.d/ directory. You can put it anywhere you want, as long as you only do it once among all the configuration files that nginx checks. So if you move conf.d/ssl.conf to let's say conf.d/sll.conf.bak, it will use your custom ssL directives, as they only appear once. Overriding the standard configuration by putting your configuration in conf.d/ directory is pretty standard among RHEL system services, with the caveat being that some lines of code must be unique among all the configuration files. As far as your second question, looks like you have your common name wrong when you did the initial step of generating a CSR. When it asks for a "COMMON NAME" or CN, instead of typing "parallels panel", type iDontKnowHowToSetupAWebserver.com or whatever you decided to call your website. Contact me on seniordevops.com if you have other deployment issues.