• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:
    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Issue Let's Encrypt SSL cert created, but apache/nginx not using it to serve site?

yabado

yabado

Regular Pleskian
Create a Let's Encrypt cert for a site, no errors and all looks good in web host admin.

Problem is, the site does not use the new cert to serve the site, the default ssl cert is used instead.

Tried restarting the server to no avail :(

Anyone have any ideas why this has started happening?


CloudLinux Server 6.10 (Vladimir Lyakhov)

Plesk Obsidian
Version 18.0.30 Update #3
 
- Have you checked the optional "www" checkbox on the "Let's Encrypt" dialog page when you installed or renewed the certificate?
- Have you selected the domain certificate on the "Hosting Settings" dialog page?
 
Peter Debik said:
- Have you checked the optional "www" checkbox on the "Let's Encrypt" dialog page when you installed or renewed the certificate?
- Have you selected the domain certificate on the "Hosting Settings" dialog page?
Click to expand...
Yes, I always do both.
 
I think it is an impossible error. When a cert exists and the cert is selected, the domain must use it, because the web server configuration files include it. If they don't the issue would be that no new webserver configuration files were created, but in that case you'd see an error on that.

How do you know that the website is not using the correct certificate?
 
It is obvious to know when a web site is not using the correct SSL cert, I am not sure I understand why you would ask?

There appears to be some sort of disconnect between the plesk admin and the actual web server using the newly created Let's Encrypt cert assignment.

I will continue to plug around and see if I can figure it out.

If anyone else has had experience with this , then your input would be appreciated.
 
Load site in browser, dump cache and check the certificate browser is seeing. Tested on multiple browsers.
 
First step to solve this issue is to verify what is really in the web server configuration files and what the certificate referenced there really contains as DN. Please:

1) Read certificate file name from web server configuration file, e.g.
# grep ssl_certificate /var/www/vhosts/system/<domain name>/conf/nginx.conf

2) Verify what that certificate protects, e.g.
# openssl req -noout -text -verify -in /usr/local/psa/var/certificates/<certificate file name> | grep DNS:
where "<certificate file name>" is replaced by the certificate file name obtained from step (1).

Does the certificate reflect your domain names or does it reflect the host name/the default?
 
You must log in or register to reply here.

Similar threads

R
Issue SSL/TLS cert for mail server not updating (Lets Encrypt)
Replies
2
Views
1K
tessa67
T
Bitpalast
Resolved SSL create and renew errors on random domains / possibly a Let's Encrypt issue, but maybe only in combination with Plesk
Replies
11
Views
1K
Change Maker
C
J
Resolved WordPress Network setup on Alias -- how to add alternative domains with Lets Encrypt SSL Certs?
Replies
3
Views
2K
joell
J
D
Issue 502 Bad Gateway - New Install - Restored from Backup
Replies
10
Views
643
MartinT
M
T
Resolved Lets Encrypt renewal - wildcard seems to want to use http challenge
Replies
2
Views
2K
TomBoB
T
Back
Top