• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Resolved Extension catalog doesn't show

H

Henrique Murta

New Pleskian
Hi everyone,

My Plesk doesn't show catalog extension (Internal Server Error, Retry). I saw similar problems in other threads but none solved my problem. I identified that address Plesk Extensions in my Plesk fail when run wget or curl, both return expired certificate.

Follow output:

wget Plesk Extensions

--2022-02-01 10:01:44-- Plesk Extensions
Resolving ext.plesk.com (ext.plesk.com)... 185.246.209.7, 185.93.1.24, 89.187.183.12, ...
Connecting to ext.plesk.com (ext.plesk.com)|185.246.209.7|:443... connected.
ERROR: cannot verify ext.plesk.com's certificate, issued by ‘/C=US/O=Let's Encrypt/CN=R3’:
Issued certificate has expired.
To connect to ext.plesk.com insecurely, use `--no-check-certificate'.

host ext.plesk.com

ext.plesk.com is an alias for 1648825949.rsc.cdn77.org.
1648825949.rsc.cdn77.org has address 185.246.209.11
1648825949.rsc.cdn77.org has address 185.93.1.25
1648825949.rsc.cdn77.org has address 89.187.183.18
1648825949.rsc.cdn77.org has IPv6 address 2a02:6ea0:c600::13
1648825949.rsc.cdn77.org has IPv6 address 2a02:6ea0:c600::12
1648825949.rsc.cdn77.org has IPv6 address 2a02:6ea0:c600::11

ping -c4 ext.plesk.com


PING 1648825949.rsc.cdn77.org (185.93.1.22) 56(84) bytes of data.
64 bytes from chicago-20.cdn77.com (185.93.1.22): icmp_seq=1 ttl=55 time=17.6 ms
64 bytes from chicago-20.cdn77.com (185.93.1.22): icmp_seq=2 ttl=55 time=19.7 ms
64 bytes from chicago-20.cdn77.com (185.93.1.22): icmp_seq=3 ttl=55 time=17.6 ms
64 bytes from chicago-20.cdn77.com (185.93.1.22): icmp_seq=4 ttl=55 time=17.5 ms

--- 1648825949.rsc.cdn77.org ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3004ms
rtt min/avg/max/mdev = 17.566/18.144/19.722/0.916 ms

Plesk details:

Product version: Plesk Onyx 17.8.11 Update #53
Update date: 2021/11/11 23:26
Build date: 2019/04/26 03:53
OS version: Ubuntu 14.04
Revision: 706148610934b3d884437e2d7f635a4038c51cb1
Architecture: 64-bit
Wrapper version: 1.2

Best regards, Henrique Murta.
 

Attachments

  • Plesk_fail.png
    Plesk_fail.png
    40.3 KB · Views: 8
Henrique Murta said:
ERROR: cannot verify ext.plesk.com's certificate, issued by ‘/C=US/O=Let's Encrypt/CN=R3’:
Issued certificate has expired.
Click to expand...

That's your key problem: Your server does not recognize the Let's Encrypt certificate of the ext.plesk.com website because your OS is outdated and can't handle Let's Encrypt certificates anymore since 30 Sept 2021.
For the whole story, see this thread: Resolved - Lets Encrypt root certificate expiration on 30 September 2021

What you can try on your server:
Code: 
sed -i 's/mozilla\/DST_Root_CA_X3.crt/!mozilla\/DST_Root_CA_X3.crt/g' /etc/ca-certificates.conf
update-ca-certificates

This should probably fix your issue.

As a next step I'd highly recommend to migrate your server to a newer OS.
 
Monty said:
That's your key problem: Your server does not recognize the Let's Encrypt certificate of the ext.plesk.com website because your OS is outdated and can't handle Let's Encrypt certificates anymore since 30 Sept 2021.
For the whole story, see this thread: Resolved - Lets Encrypt root certificate expiration on 30 September 2021

What you can try on your server:
Code: 
sed -i 's/mozilla\/DST_Root_CA_X3.crt/!mozilla\/DST_Root_CA_X3.crt/g' /etc/ca-certificates.conf
update-ca-certificates

This should probably fix your issue.

As a next step I'd highly recommend to migrate your server to a newer OS.
Click to expand...
i have the same problem, but unfortunately your method didn't work

[root@plesk ~]# sed -i 's/mozilla\/DST_Root_CA_X3.crt/!mozilla\/DST_Root_CA_X3.crt/g' /etc/ca-certificates.conf
sed: can't read /etc/ca-certificates.conf: No such file or directory



[root@plesk ~]# wget Plesk Extensions
--2022-04-28 20:25:09-- Plesk Extensions
Resolving ext.plesk.com... 212.102.55.131, 212.102.55.139, 2a02:6ea0:d500::5, ...
Connecting to ext.plesk.com|212.102.55.131|:443... connected.
ERROR: cannot verify ext.plesk.com’s certificate, issued by “/C=US/O=Let's Encrypt/CN=R3”:
Issued certificate has expired.
To connect to ext.plesk.com insecurely, use ‘--no-check-certificate’.


[root@plesk ~]# host ext.plesk.com
ext.plesk.com is an alias for 1648825949.rsc.cdn77.org.
1648825949.rsc.cdn77.org has address 212.102.55.130
1648825949.rsc.cdn77.org has address 212.102.55.139
1648825949.rsc.cdn77.org has IPv6 address 2a02:6ea0:d500::6
1648825949.rsc.cdn77.org has IPv6 address 2a02:6ea0:d500::5


[root@plesk ~]# ping -c4 ext.plesk.com
PING 1648825949.rsc.cdn77.org (212.102.55.130) 56(84) bytes of data.
64 bytes from unn-212-102-55-130.cdn77.com (212.102.55.130): icmp_seq=1 ttl=55 time=8.44 ms
64 bytes from unn-212-102-55-130.cdn77.com (212.102.55.130): icmp_seq=2 ttl=55 time=8.51 ms
64 bytes from unn-212-102-55-130.cdn77.com (212.102.55.130): icmp_seq=3 ttl=55 time=8.46 ms
64 bytes from unn-212-102-55-130.cdn77.com (212.102.55.130): icmp_seq=4 ttl=55 time=8.46 ms
--- 1648825949.rsc.cdn77.org ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3013ms
rtt min/avg/max/mdev = 8.447/8.473/8.516/0.115 ms
[root@plesk ~]#


Plesk details:
OS: ‪CentOS 6.6 (Final)‬
Plesk Onyx V. 17.8.11 Update #94
 
@KeTa The procedure mentioned by me is for Ubuntu 14 but you are on CentOS 6.6, so the workaround is different there.

Your OS is severly outdated (CentOS 6.6) but I have access to a CentOS 6.10 server and the extension catalog works there.

So you should update to CentOS 6.10 and then try again:

Note: As CentOS 6 has been archived, the yum repositories URLs have changed. So in order to apply the last updates for CentOS 6, you’ll have to perform those steps first:

1) Edit the file /etc/yum.repos.d/CentOS-Base.repo

2) Change the content of the file as follows:
Code: 
[base]
name=CentOS-$releasever - Base
baseurl=http://vault.centos.org/6.10/os/$basearch/
gpgcheck=1
gpgkey=http://vault.centos.org/RPM-GPG-KEY-CentOS-6

#released updates
[updates]
name=CentOS-$releasever - Updates
baseurl=http://vault.centos.org/6.10/updates/$basearch/
gpgcheck=1
gpgkey=http://vault.centos.org/RPM-GPG-KEY-CentOS-6

#additional packages that may be useful
[extras]
name=CentOS-$releasever - Extras
baseurl=http://vault.centos.org/6.10/extras/$basearch/
gpgcheck=1
gpgkey=http://vault.centos.org/RPM-GPG-KEY-CentOS-6

#additional packages that extend functionality of existing packages
[centosplus]
name=CentOS-$releasever - Plus
baseurl=http://vault.centos.org/6.10/centosplus/$basearch/
gpgcheck=1
enabled=0
gpgkey=http://vault.centos.org/RPM-GPG-KEY-CentOS-6

3) Run „yum update“ and apply all updates.
4) Reboot and try to access the extension catalog again

Note: You should plan a migration to a recent OS (such as AlmaLinux 8) in the near future, as CentOS 6 is EOL since some time already.
 
Monty said:
@KeTa The procedure mentioned by me is for Ubuntu 14 but you are on CentOS 6.6, so the workaround is different there.

Your OS is severly outdated (CentOS 6.6) but I have access to a CentOS 6.10 server and the extension catalog works there.

So you should update to CentOS 6.10 and then try again:

Note: As CentOS 6 has been archived, the yum repositories URLs have changed. So in order to apply the last updates for CentOS 6, you’ll have to perform those steps first:

1) Edit the file /etc/yum.repos.d/CentOS-Base.repo

2) Change the content of the file as follows:
Code: 
[base]
name=CentOS-$releasever - Base
baseurl=http://vault.centos.org/6.10/os/$basearch/
gpgcheck=1
gpgkey=http://vault.centos.org/RPM-GPG-KEY-CentOS-6

#released updates
[updates]
name=CentOS-$releasever - Updates
baseurl=http://vault.centos.org/6.10/updates/$basearch/
gpgcheck=1
gpgkey=http://vault.centos.org/RPM-GPG-KEY-CentOS-6

#additional packages that may be useful
[extras]
name=CentOS-$releasever - Extras
baseurl=http://vault.centos.org/6.10/extras/$basearch/
gpgcheck=1
gpgkey=http://vault.centos.org/RPM-GPG-KEY-CentOS-6

#additional packages that extend functionality of existing packages
[centosplus]
name=CentOS-$releasever - Plus
baseurl=http://vault.centos.org/6.10/centosplus/$basearch/
gpgcheck=1
enabled=0
gpgkey=http://vault.centos.org/RPM-GPG-KEY-CentOS-6

3) Run „yum update“ and apply all updates.
4) Reboot and try to access the extension catalog again

Note: You should plan a migration to a recent OS (such as AlmaLinux 8) in the near future, as CentOS 6 is EOL since some time already.
Click to expand...
first, thank you so much for replying with all the steps ♥
updating that server scares me terribly .. :p
as well as its reboot hahaha Hasn't been restarted for 4 years.
Is a production server with around 30 web / mail domains.

I would not like running all updates to lead to incompatibilities.
Perhaps I should work on a new updated server and proceed with the "Plesk Migration Tool" performed directly from the new server.
I have a second server that I use for testing with these characteristics:
OS: CentOS Linux 7.9.2009 (Core)
Plesk Obsidian: V 18.0.42 Update # 1, 30/Mar/2022 16.04
 
I'd definitely recommend to migrate, yes, because at one point you'll need to do it anyway. And I'd recommend to go for AlmaLinux 8 directly, as CentOS 7 will be EOL mid-2024.
 
Last edited:
Monty said:
I'd definitely recommend to migrate, yes, because at one you'll need to do it anyway. And I'd recommend to go for AlmaLinux 8 directly, as CentOS 7 will be EOL mid-2024.
Click to expand...
actually on my cloud provider the template "AlmaLinux OS 8.x 64-bit - Plesk" is also available.
At this point I could eliminate the one with CentOS 7 and start from scratch with AlmaLinux.
AlmaLinux is an OS that I have never used. Does using it with Plesk require the same hardware resources as an installation on CentOS 7? Just to understand if I have to foresee a more performing hardware.
 
You must log in or register to reply here.

Similar threads

L
Issue Again I cant update from autoinstall.plesk.com
Replies
5
Views
2K
lepe
L
S
Issue All servers dying upon reboot: Cannot assign requested address
Replies
2
Views
1K
trialotto
T
Back
Top