Resolved How to create/set a valid certificate for my Plesk "domain"?

[King555]

My Plesk operates under a specific ip/port combination, which does not has a real domain, but something like this:

x-x-x-x.server.hoster.com

My certificates are generated via the Let's Encrypt extension.

When I choose the cert. of the main domain, which is also the hostname of the server, my browser (of course) tells me that the cert. is not valid for the current domain (because I open Plesk via x-x-x-x.server.hoster.com and the cert. is for example.com).

It works, but it's not nice. So I created a new website with Plesk with a new certificate (for x-x-x-x.server.hoster.com). Afterwards I chose this cert. in the setttings of Plesk.

But my browser still uses the old cert. What am I doing wrong? Calling x-x-x-x.server.hoster.com with https:// reveals that the cert. is correct.

 

[UFHH01]

Hi King555,

don't make it too complicated, because actually, it isn't ^^

Just consider to CHANGE the hostname to a subdomain which YOU control, because you registered it. In your Control Panel from your server hoster, you should have the option to redirect the IP to another FQDN of your choice. Pls. contact your server provider if you experience issues/problems here.

 

[King555]

What exactly do you mean? Really changing the hostname of the server or create a subdomain for accessing Plesk?

 

[UFHH01]

Hi King555,

Really changing the hostname

... is the fastest way to solve all your previous described issues, when you have a standart server-hoster-domain setup as hostname.

or create a subdomain for accessing Plesk?

... is as well an option, but still not "best practice".

 

[King555]

But I see a problem when changing the hostname: This will be the mail sending domain. And I do not want that domain (i.e. the IP) to be published. That's why I have a specific IP for Plesk (for security reasons).

I will try creating a new subdomain, but I do not understand why the certificate for the Plesk hostname works when calling the website, but not when using Plesk. I remember that this worked in Plesk 12.5.

EDIT:

when you have a standart server-hoster-domain setup as hostname

I hope there is not a misunderstanding here. My hostname is of course a normal domain, like example.com. But I do not access Plesk via this domain.

 

[UFHH01]

Hi King555,

And I do not want that domain (i.e. the IP) to be published.

Sorry, but do you think that you are "anonymous", when you use the service-provider-hostname instead of the FQDN, which you registered with the possibility for everyone to investigate the Admin-C ? - ... where both match the very same IP ? Well, sorry to inform you, but it is certainly possible to investigate IPs and there corresponding domains for each IP. Here is no anonymity. Pls. consider as well to have a closer look at your eMail headers and you will notice that everyone is certainly able to see the source of your eMails.

My hostname is of course a normal domain, like example.com. But I do not access Plesk via this domain.

And could you now explain, WHY you don't use https://SUBDOMAIN-JUST-AS-SETUP-AS-HOSTNAME.YOUR-DOMAIN.COM:8443 ?

 

[King555]

Sorry, but do you think that you are "anonymous"

Yes, I think that. And I highly doubt that anyone will be able to guess my Plesk IP at this moment. It's one of my thirty IPs and it never has been published, as well as the hostname of that IP.

you will notice that everyone is certainly able to see the source of your eMails

Yes, the hostname of my server, not the hostname for accessing Plesk. And the server's hostname is my main domain, which is of couse known to everyone. It's also part of my mail address.

And could you now explain, WHY you don't use

I will try that, but your first recommendation was changing the hostname of the server. The subdomain was your second idea. But, as I said, I wonder why it does not work with the provider's hostname for the IP.

Meanwhile I think it's just a bug in Plesk. When you set a certificate once for Plesk it can never be changed again (it changes on the page, but not really at webserver level). Maybe someone can confirm this (or not) for Plesk Onyx 17.5.3.

 

[UFHH01]

Hi King555,

When you set a certificate once for Plesk it can never be changed again

Absolutely not confirmed on any servers I administrate.

I'm able to change the certicate at any time and I'm able to create new ones at any time and Plesk correctly re-creates the depending configuration files in it's sw-cp-server - webserver - configuration files.

 

[King555]

OK, thanks for testing that. I hope you used the same version as I use (17.5.3).

I will make some more tests. But the problem definitively is that I cannot change the certificate anymore. No matter which certificate I choose, it's always the one I chose weeks ago.

EDIT: How do I restart the Plesk webserver? Is it still the service "sw-cp-server" or "psa"?

 

[UFHH01]

Hi King555,

I hope you used the same version as I use (17.5.3).

I tested on Plesk version 12.5 / 17.0.17 and 17.5.30 on several Debian/Ubuntu/CentOS based systems with the Plesk Let's Encrypt version 2.0.3-31.

EDIT: How do I restart the Plesk webserver? Is it still the service "sw-cp-server" or "psa"?

The current KB - article

=> Plesk for Linux services logs and configuration files

=> ( direct - link to PLESK - services: ) Plesk for Linux services logs and configuration files​

is "up-to-date" ( last modified: 2017-05-15 13:55:30 UTC ), where you are always able to inform yourself about Plesk related log - file - locations, configuration file - locations and related service commands.

 

[King555]

Thanks. A little question while I'm still analyzing my problem: What is "sw-cp-server"? I ask because this service exists. Is it there for compatibility reasons (I think this was the plesk webserver in older versions)?

 

[UFHH01]

Hi King555,

What is "sw-cp-server"?

Is it there for compatibility reasons

(I think this was the plesk webserver in older versions)?

The "sw-cp-server" is indeed the Plesk webserver, a combination of "LightSpeed" webserver ( LiteSpeed - Home ) and "NGINX".

 

[King555]

I found the solution!
I did this: Plesk is down. Service sw-cp-server failed to start and now the certificate is active!

It was this problem all the time!

Thank you!