How to override a stuck default SSL certificate

[Highland]

I got tired of Plesk 8's inability to properly assign a SSL certificate so I have a workaround for those of you who want one. This fix works for both subdomains and base TLDs.

1. Add your SSL certificate to Plesk. Make sure it is properly installed and recognized by Plesk. Also be sure your domain/subdomain is enabled for SSL.
2.Do the following in SSH

#ls -la /usr/local/psa/var/certificates

Take note of the file with today's date and copy it (to copy in Putty just highlight it). Paste this somewhere for now (I opened Notepad)
3. Go to /var/www/vhosts/domains.com/conf and open httpd.include in your text editor. Find the section that describes your domain or subdomain. It will start with

<VirtualHost XX.XX.XX.XX:443>
ServerName sub.domain.com:443

Copy everything between (and including) the <IfModule mod_ssl.c> tags.
4. Head over to your /etc/httpd/conf.d directory. Make a file name like z0-subdomain.conf You can name it whatever you like provided you have the z0 at the start and a .conf extension. It needs to be loaded last but before zz010_psa_httpd.conf
5. Paste your block from step 3 into this file using a text editor. Once it's pasted look for this line

SSLCertificateFile /usr/local/psa/var/certificates/certxxxxxx

This is the file that currently loads when you go to https://sub.domain.com. Remember your file copy I told you to paste from step 2? Copy that and paste it over the certxxxxxx file name. Save your file.
6. Restart apache.

#service httpd restart

if you've done this correctly Apache should restart with no errors and your SSL cert should be the one you added in step 1. If Apache fails to restart check the file and make sure you copied everything and that all the tags have matching closing tags.

 

[grimbergen]

It works! THANK YOU THANK YOU THANK YOU!!!

 

[mortimermouse]

Didn't work for me, but this did....

I also had a default cert "stuck"... site was setup on exclusive IP... real cert was installed correctly... but site kept using the "default" cert.

Solution:
Went to site > Setup. In my drop-down list of available certs to use, I had two: Site1 and Site2.

Site1 was selected as it should have been, so just for kicks, I changed it to Site2, which was already working correctly on that site. Then reloaded the secure webpage on the website itself, and viewed details of the cert. LO and behold, it was correct.

So I went back and changed Plesk to use Site1 again, and the website stayed the same... stayed correct.

Just needed to be toggled I guess...

 

[grimbergen]

Cool... the problem for me is that I only have 1 IP and 1 site so i couldn't toggle.

 

[psingh]

i cannot run any service related command : " #service httpd restart "

i get following return :


[root@ip-myIP admin]#
[root@ip-myIP admin]# service httpd restart
bash: service: command not found
[root@ip-myIP admin]#

I wonder why can't i user "service " command : do i need to enable something ? ?

 

[Pagemakers]

Highland. Brilliant.

I would have got it 4 hours ago but I was typing 0 instead of O.

Bugger!

 

[petrocket]

Another solution...

I had a similiar problem where the certificate wouldn't "take" on the main domain. I had to switch the domain to a different ip - then the certificate worked and I switched it back to the origional ip.

Also for the subdomain on this site I used Highlands brilliant solution so that a child subdomain could use a different certificate than the parent domain. I called Plesk support and they said there is no way to do this in Plesk yet, but that it should be a feature of Plesk 9.0