Issue Let's Encrypt SSL cert created, but apache/nginx not using it to serve site?

[yabado]

Create a Let's Encrypt cert for a site, no errors and all looks good in web host admin.

Problem is, the site does not use the new cert to serve the site, the default ssl cert is used instead.

Tried restarting the server to no avail

Anyone have any ideas why this has started happening?


CloudLinux Server 6.10 (Vladimir Lyakhov)

Plesk Obsidian
Version 18.0.30 Update #3

 

[Bitpalast]

- Have you checked the optional "www" checkbox on the "Let's Encrypt" dialog page when you installed or renewed the certificate?
- Have you selected the domain certificate on the "Hosting Settings" dialog page?

 

[yabado]

- Have you checked the optional "www" checkbox on the "Let's Encrypt" dialog page when you installed or renewed the certificate?
- Have you selected the domain certificate on the "Hosting Settings" dialog page?

Yes, I always do both.

 

[Bitpalast]

I think it is an impossible error. When a cert exists and the cert is selected, the domain must use it, because the web server configuration files include it. If they don't the issue would be that no new webserver configuration files were created, but in that case you'd see an error on that.

How do you know that the website is not using the correct certificate?

 

[yabado]

It is obvious to know when a web site is not using the correct SSL cert, I am not sure I understand why you would ask?

There appears to be some sort of disconnect between the plesk admin and the actual web server using the newly created Let's Encrypt cert assignment.

I will continue to plug around and see if I can figure it out.

If anyone else has had experience with this , then your input would be appreciated.

 

[Bitpalast]

It is obvious to know

Well, no. I have asked, because that might be the crucial point.

 

[yabado]

Load site in browser, dump cache and check the certificate browser is seeing. Tested on multiple browsers.

 

[Bitpalast]

First step to solve this issue is to verify what is really in the web server configuration files and what the certificate referenced there really contains as DN. Please:

1) Read certificate file name from web server configuration file, e.g.
# grep ssl_certificate /var/www/vhosts/system/<domain name>/conf/nginx.conf

2) Verify what that certificate protects, e.g.
# openssl req -noout -text -verify -in /usr/local/psa/var/certificates/<certificate file name> | grep DNS:
where "<certificate file name>" is replaced by the certificate file name obtained from step (1).

Does the certificate reflect your domain names or does it reflect the host name/the default?