Issue HTTPS not working on non-standard IP sites

[thr3]

Hello,

I've run into a problem with my Plesk Installation. The only way I can get https working for my single domain is if I set it as my default site in the IP address configuration. In both cases, the IP certificate is set to the self-signed default certificate (only option anyway).

IPv4 Default Site set to example.com => HTTPS works, SSL certificate is valid
IPv4 Default Site set to none => No HTTPS access, HTTP works. Chrome outputs ERR_SSL_PROTOCOL_ERROR and aborts the page load. Trying to establish a connection with openssl on the command line prints: CONNECTED(00000003) 8496:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown

The example.com SSL certificate is configured in the domain configuration of the site. Plesk Admin panel is secured with the default certificate.
I've already tried to reconfigure all configuration files via command line. All configuration files are still untouched.
The server had Apparmor installed, which I've removed due to some support documents hinting at compatibility problems with Plesk 12.

System:
Plesk v12.0.5
Ubuntu 14.04
Nginx disabled (enabling nginx didn't solve the problem)

Does anyone have any idea where the problem might be? I have no ideas left.

Thanks in advance
Andreas

 

[bivaswap]

What is the IP address type ? Shared or Dedicated ?

 

[thr3]

The IP address is shared. I'm planning on adding additional domains to the server in the future.

Don't know if it helps, but the hostname of the server is different than the domain of the site.

 

[UFHH01]

Hi thr3,

on Debian/Ubuntu - based systems, you are able to use the commands "a2ensite SITE-NAME" and "a2dissite SITE-NAME", to "ENABLE", or to "DISABLE" standard sites, defined at "/etc/apache2/sites-available" for your apache2 - webserver.

If you missed to setup a standard - site for your apache2 - webserver, then the connection with HTTPS can't be established ( that's why you received the error - message "error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown" ) ( additional personal note: actually, this error should be more precisely: "unknown protocol" )
A request for a HTTPS - connection requires port 443 ( or/and 7081 if you use a combination for apache2+nginx on your server with Plesk! ) and a valid certificate. The apache - log ( "/var/log/apache2" ) may have further informations for you, in case of possible misconfigurations/issues/problems. Consider as well to use another debug - level, to get a more verbose and detailed output.

Trying to establish a connection with openssl on the command line

Pls. consider to use the optional "--debug" option string, when you use the command "openssl s_client ...." , so that the output is more verbose and detailed for investigation purposes. It would help as well, if you provide the information about the exact used command.

 

[thr3]

Hello UFHH01,

thanks your for input. It does sound logical.

/etc/apache2/sites-available contains the 000-default.conf and default-ssl.conf file. I've tried enabling default-ssl.conf as well, but nothing changed. The contents look like they were shipped with apache to begin with and are not used.

The actual configuration for the domain seems to be located under /var/www/vhosts/system/example.com/conf/httpd.conf. At least that file contains VirtualHost directives for port 80 and 443 with ssl certificates attached. If I set the site to be the default site for the IP, this file is empty.
The configuration appears to be identical to other Plesk configured servers with https domains I own.

I'm comparing configuration files between the broken server and other working ones and I haven't found any missing files or configuration yet. Are there any other directories besides /etc/apache2/ and /var/www/vhosts/ that I might have missed? (nginx disabled)

Deleting the site and creating it from scratch didn't help either. I'm contemplating if staring over on a blank server might be worth a shot. Maybe there is a problem in one configuration file that Plesk can't correct itself.

---
i've used the command: openssl s_client -debug -connect example.com:443 -servername example.com . It did say :unknown protocol:.Must have missed that part when copying.