Issue Installation SSL with Let's Encrypt troubles

Devow · Feb 14, 2017

Hi community !

I run Plesk 17.0.17 on a Linux Debian 8.

I try to install a SSL cert with the Let's Encrypts extension :
- No problem to generate the certificate for mydomain.tld, it appears in Hosting Settings after generation
- Unable to run https://mydomain.tld

I'm using Apache2 with Nginx for reverse proxy.

My logs :

Apache :

Code:

[Tue Feb 14 10:50:48.587058 2017] [ssl:warn] [pid 12831:tid 139925821822848] AH01916: Init: (xxx.mydomain.com:443) You configured HTTP(80) on the standard HTTPS(443) port!

[Tue Feb 14 10:50:48.587099 2017] [ssl:warn] [pid 12831:tid 139925821822848] AH01916: Init: (xxx.mydomain.com:443) You configured HTTP(80) on the standard HTTPS(443) port!

[Tue Feb 14 10:50:48.587121 2017] [suexec:notice] [pid 12831:tid 139925821822848] AH01232: suEXEC mechanism enabled (wrapper: /usr/lib/apache2/suexec)

[Tue Feb 14 10:50:48.605723 2017] [auth_digest:notice] [pid 12832:tid 139925821822848] AH01757: generating secret for digest authentication ...

[Tue Feb 14 10:50:48.609616 2017] [ssl:warn] [pid 12832:tid 139925821822848] AH01916: Init: (xxx.mydomain.com:443) You configured HTTP(80) on the standard HTTPS(443) port!

[Tue Feb 14 10:50:48.609636 2017] [ssl:warn] [pid 12832:tid 139925821822848] AH01916: Init: (xxx.mydomain.com:443) You configured HTTP(80) on the standard HTTPS(443) port!

[Tue Feb 14 10:50:48.610237 2017] [mpm_event:notice] [pid 12832:tid 139925821822848] AH00489: Apache/2.4.10 (Debian) mod_fcgid/2.3.9 OpenSSL/1.0.1t configured -- resuming normal operations

[Tue Feb 14 10:50:48.610257 2017] [core:notice] [pid 12832:tid 139925821822848] AH00094: Command line: '/usr/sbin/apache2'

[Tue Feb 14 10:51:40.783562 2017] [mpm_event:notice] [pid 12832:tid 139925821822848] AH00491: caught SIGTERM, shutting down

[Tue Feb 14 10:51:42.055744 2017] [ssl:warn] [pid 13702:tid 140516490676096] AH01916: Init: (preprod.millevista.com:443) You configured HTTP(80) on the standard HTTPS(443) port!

[Tue Feb 14 10:51:42.055779 2017] [ssl:warn] [pid 13702:tid 140516490676096] AH01916: Init: (preprod.millevista.com:443) You configured HTTP(80) on the standard HTTPS(443) port!

[Tue Feb 14 10:51:42.055800 2017] [suexec:notice] [pid 13702:tid 140516490676096] AH01232: suEXEC mechanism enabled (wrapper: /usr/lib/apache2/suexec)

[Tue Feb 14 10:51:42.073838 2017] [auth_digest:notice] [pid 13703:tid 140516490676096] AH01757: generating secret for digest authentication ...

[Tue Feb 14 10:51:42.077614 2017] [ssl:warn] [pid 13703:tid 140516490676096] AH01916: Init: (xxx.mydomain.com:443) You configured HTTP(80) on the standard HTTPS(443) port!

[Tue Feb 14 10:51:42.077634 2017] [ssl:warn] [pid 13703:tid 140516490676096] AH01916: Init: (xxx.mydomain.com:443) You configured HTTP(80) on the standard HTTPS(443) port!

[Tue Feb 14 10:51:42.078170 2017] [mpm_event:notice] [pid 13703:tid 140516490676096] AH00489: Apache/2.4.10 (Debian) mod_fcgid/2.3.9 OpenSSL/1.0.1t configured -- resuming normal operations

[Tue Feb 14 10:51:42.078183 2017] [core:notice] [pid 13703:tid 140516490676096] AH00094: Command line: '/usr/sbin/apache2'

[Tue Feb 14 10:53:28.205169 2017] [mpm_event:notice] [pid 13703:tid 140516490676096] AH00491: caught SIGTERM, shutting down

[Tue Feb 14 10:53:29.542646 2017] [suexec:notice] [pid 20468:tid 140503787739008] AH01232: suEXEC mechanism enabled (wrapper: /usr/lib/apache2/suexec)

[Tue Feb 14 10:53:29.561488 2017] [auth_digest:notice] [pid 20469:tid 140503787739008] AH01757: generating secret for digest authentication ...

[Tue Feb 14 10:53:29.568046 2017] [mpm_event:notice] [pid 20469:tid 140503787739008] AH00489: Apache/2.4.10 (Debian) mod_fcgid/2.3.9 OpenSSL/1.0.1t configured -- resuming normal operations

[Tue Feb 14 10:53:29.568089 2017] [core:notice] [pid 20469:tid 140503787739008] AH00094: Command line: '/usr/sbin/apache2'

[Tue Feb 14 11:04:44.998811 2017] [mpm_event:notice] [pid 20469:tid 140503787739008] AH00491: caught SIGTERM, shutting down

[Tue Feb 14 11:04:46.336947 2017] [suexec:notice] [pid 23876:tid 140179608405888] AH01232: suEXEC mechanism enabled (wrapper: /usr/lib/apache2/suexec)

[Tue Feb 14 11:04:46.355827 2017] [auth_digest:notice] [pid 23877:tid 140179608405888] AH01757: generating secret for digest authentication ...

[Tue Feb 14 11:04:46.362125 2017] [mpm_event:notice] [pid 23877:tid 140179608405888] AH00489: Apache/2.4.10 (Debian) mod_fcgid/2.3.9 OpenSSL/1.0.1t configured -- resuming normal operations

[Tue Feb 14 11:04:46.362155 2017] [core:notice] [pid 23877:tid 140179608405888] AH00094: Command line: '/usr/sbin/apache2'

[Tue Feb 14 11:04:59.813415 2017] [mpm_event:notice] [pid 23877:tid 140179608405888] AH00491: caught SIGTERM, shutting down

[Tue Feb 14 11:05:08.377919 2017] [suexec:notice] [pid 28679:tid 140636991784832] AH01232: suEXEC mechanism enabled (wrapper: /usr/lib/apache2/suexec)

[Tue Feb 14 11:05:08.398452 2017] [auth_digest:notice] [pid 28680:tid 140636991784832] AH01757: generating secret for digest authentication ...

[Tue Feb 14 11:05:08.405239 2017] [mpm_event:notice] [pid 28680:tid 140636991784832] AH00489: Apache/2.4.10 (Debian) mod_fcgid/2.3.9 OpenSSL/1.0.1t configured -- resuming normal operations

[Tue Feb 14 11:05:08.405265 2017] [core:notice] [pid 28680:tid 140636991784832] AH00094: Command line: '/usr/sbin/apache2'

[Tue Feb 14 11:05:17.961954 2017] [mpm_event:notice] [pid 28680:tid 140636991784832] AH00493: SIGUSR1 received.  Doing graceful restart

[Tue Feb 14 11:05:21.981524 2017] [auth_digest:notice] [pid 28680:tid 140636991784832] AH01757: generating secret for digest authentication ...

[Tue Feb 14 11:05:21.983017 2017] [mpm_event:notice] [pid 28680:tid 140636991784832] AH00489: Apache/2.4.10 (Debian) mod_fcgid/2.3.9 OpenSSL/1.0.1t configured -- resuming normal operations

[Tue Feb 14 11:05:21.983036 2017] [core:notice] [pid 28680:tid 140636991784832] AH00094: Command line: '/usr/sbin/apache2'

[Tue Feb 14 11:05:32.931922 2017] [mpm_event:notice] [pid 28680:tid 140636991784832] AH00491: caught SIGTERM, shutting down

[Tue Feb 14 11:05:34.242217 2017] [suexec:notice] [pid 30664:tid 139791609165696] AH01232: suEXEC mechanism enabled (wrapper: /usr/lib/apache2/suexec)

[Tue Feb 14 11:05:34.260172 2017] [auth_digest:notice] [pid 30665:tid 139791609165696] AH01757: generating secret for digest authentication ...

[Tue Feb 14 11:05:34.266517 2017] [mpm_event:notice] [pid 30665:tid 139791609165696] AH00489: Apache/2.4.10 (Debian) mod_fcgid/2.3.9 OpenSSL/1.0.1t configured -- resuming normal operations

[Tue Feb 14 11:05:34.266545 2017] [core:notice] [pid 30665:tid 139791609165696] AH00094: Command line: '/usr/sbin/apache2'

[Tue Feb 14 11:09:19.549199 2017] [mpm_event:notice] [pid 30665:tid 139791609165696] AH00491: caught SIGTERM, shutting down

[Tue Feb 14 11:09:20.678159 2017] [suexec:notice] [pid 31396:tid 139658428528512] AH01232: suEXEC mechanism enabled (wrapper: /usr/lib/apache2/suexec)

[Tue Feb 14 11:09:20.701179 2017] [auth_digest:notice] [pid 31397:tid 139658428528512] AH01757: generating secret for digest authentication ...

[Tue Feb 14 11:09:20.708383 2017] [mpm_event:notice] [pid 31397:tid 139658428528512] AH00489: Apache/2.4.10 (Debian) mod_fcgid/2.3.9 OpenSSL/1.0.1t configured -- resuming normal operations

[Tue Feb 14 11:09:20.708426 2017] [core:notice] [pid 31397:tid 139658428528512] AH00094: Command line: '/usr/sbin/apache2'

[Tue Feb 14 11:25:41.469109 2017] [suexec:notice] [pid 1635:tid 139734838843264] AH01232: suEXEC mechanism enabled (wrapper: /usr/lib/apache2/suexec)

[Tue Feb 14 11:25:41.541124 2017] [auth_digest:notice] [pid 1733:tid 139734838843264] AH01757: generating secret for digest authentication ...

[Tue Feb 14 11:25:41.551688 2017] [mpm_event:notice] [pid 1733:tid 139734838843264] AH00489: Apache/2.4.10 (Debian) mod_fcgid/2.3.9 OpenSSL/1.0.1t configured -- resuming normal operations

[Tue Feb 14 11:25:41.551716 2017] [core:notice] [pid 1733:tid 139734838843264] AH00094: Command line: '/usr/sbin/apache2'

Nginx :

Code:

2017/02/14 11:36:43 [error] 1600#0: *227 no "ssl_certificate" is defined in server listening on SSL port while SSL handshaking, client: 90.xxx.xxx.182, server: 188.xxx.xxx.39:443

2017/02/14 11:36:43 [error] 1600#0: *228 no "ssl_certificate" is defined in server listening on SSL port while SSL handshaking, client: 90.xxx.xxx.182, server: 188.xxx.xxx.39:443

2017/02/14 11:36:43 [error] 1600#0: *229 no "ssl_certificate" is defined in server listening on SSL port while SSL handshaking, client: 90.xxx.xxx.182, server: 188.xxx.xxx.39:443

2017/02/14 11:36:43 [error] 1600#0: *230 no "ssl_certificate" is defined in server listening on SSL port while SSL handshaking, client: 90.xxx.xxx.182, server: 188.xxx.xxx.39:443

2017/02/14 11:36:43 [error] 1600#0: *231 no "ssl_certificate" is defined in server listening on SSL port while SSL handshaking, client: 90.xxx.xxx.182, server: 188.xxx.xxx.39:443

I try to renew certificate, to delete it and recreate it, disable/enable SSL support.
Likewhise, i tried to repair with :
/usr/local/psa/admin/sbin/httpdmng --reconfigure-all
and
/usr/local/psa/bootstrapper/pp12.0.18-bootstrapper/bootstrapper.sh repair

But no changes...

Thanks for your help

Bitpalast · Feb 14, 2017

This seems to be due to a wrong configuration in one of the files in /usr/local/psa/admin/conf/templates/* . Have you ever edited the web server configuration template files or created custom files? You will need to check for duplicate port 80 or port 443 directives where they don't belong.

Devow · Feb 15, 2017

Thanks for your reply !

No I have never edited files in this folder...
Can you tell me in which folder theses directives are declared ?

Content in /usr/local/psa/admin/conf/templates/ :

Code:

drwxr-xr-x 6 root root 4096 févr. 10 16:25 .
drwxr-xr-x 4 root root 4096 févr. 10 15:35 ..
drwxr-xr-x 3 root root 4096 févr. 10 16:25 domain
-rw-r--r-- 1 root root  995 oct.  25 11:43 domainForwardingIpDefault.php
-rw-r--r-- 1 root root  995 oct.  25 11:43 domainForwarding.php
-rw-r--r-- 1 root root  987 oct.  25 11:43 domainVhostIpDefault.php
-rw-r--r-- 1 root root  987 oct.  25 11:43 domainVhost.php
-rw-r--r-- 1 root root  834 oct.  25 11:43 nginxDomainForwardingIpDefault.php
-rw-r--r-- 1 root root  818 oct.  25 11:43 nginxDomainForwarding.php
-rw-r--r-- 1 root root 1322 oct.  25 11:43 nginxDomainVhostIpDefault.php
-rw-r--r-- 1 root root 1329 oct.  25 11:43 nginxDomainVhost.php
-rw-r--r-- 1 root root  826 oct.  25 11:43 nginx.php
drwxr-xr-x 2 root root 4096 févr. 10 16:25 server
-rw-r--r-- 1 root root 3137 oct.  25 11:43 server.php
drwxr-xr-x 2 root root 4096 févr. 10 16:25 service
drwxr-xr-x 2 root root 4096 févr. 10 16:25 webmail

Bitpalast · Feb 15, 2017

If you have not changed anything manually in any of these files, it does not make sense to investigate this point deeper.

Instead please check whether you are using Nginx as the reverse proxy:
# /usr/local/psa/admin/sbin/nginxmng -s
From your Apache logs it appears that you are currently not using Nginx.
If this returns "Disabled" I suggest the following dirty solution attempt:
Enable Nginx reverse proxy by
# /usr/local/psa/admin/sbin/nginxmng -e
This will reconfigure all Apache virtual hosts to ports 7080 and 7081 and let Nginx serve the port 80 and 443.

However, if it returns "Enabled", do:
# /usr/local/psa/admin/sbin/nginxmng -d
followed by
# /usr/local/psa/admin/sbin/nginxmng -e

The idea of this approach is to force Apache configuration files to use ports 7080 and 7081 instead of 80 and 443. If there is an error in some configuraton file of Apache, it will circumvent the 80/443 issue.

This dirty solution can be reverted by disabling Nginx and returning to Apache-only
# /usr/local/psa/admin/sbin/nginxmng -d

Issue Installation SSL with Let's Encrypt troubles

Devow

New Pleskian

Attachments

Bitpalast

Plesk addicted!

Devow

New Pleskian

Bitpalast

Plesk addicted!

Similar threads