• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Issue Let's Encrypt SSL cert created, but apache/nginx not using it to serve site?

yabado

yabado

Regular Pleskian
Create a Let's Encrypt cert for a site, no errors and all looks good in web host admin.

Problem is, the site does not use the new cert to serve the site, the default ssl cert is used instead.

Tried restarting the server to no avail :(

Anyone have any ideas why this has started happening?


CloudLinux Server 6.10 (Vladimir Lyakhov)

Plesk Obsidian
Version 18.0.30 Update #3
 
- Have you checked the optional "www" checkbox on the "Let's Encrypt" dialog page when you installed or renewed the certificate?
- Have you selected the domain certificate on the "Hosting Settings" dialog page?
 
Peter Debik said:
- Have you checked the optional "www" checkbox on the "Let's Encrypt" dialog page when you installed or renewed the certificate?
- Have you selected the domain certificate on the "Hosting Settings" dialog page?
Click to expand...
Yes, I always do both.
 
I think it is an impossible error. When a cert exists and the cert is selected, the domain must use it, because the web server configuration files include it. If they don't the issue would be that no new webserver configuration files were created, but in that case you'd see an error on that.

How do you know that the website is not using the correct certificate?
 
It is obvious to know when a web site is not using the correct SSL cert, I am not sure I understand why you would ask?

There appears to be some sort of disconnect between the plesk admin and the actual web server using the newly created Let's Encrypt cert assignment.

I will continue to plug around and see if I can figure it out.

If anyone else has had experience with this , then your input would be appreciated.
 
Load site in browser, dump cache and check the certificate browser is seeing. Tested on multiple browsers.
 
First step to solve this issue is to verify what is really in the web server configuration files and what the certificate referenced there really contains as DN. Please:

1) Read certificate file name from web server configuration file, e.g.
# grep ssl_certificate /var/www/vhosts/system/<domain name>/conf/nginx.conf

2) Verify what that certificate protects, e.g.
# openssl req -noout -text -verify -in /usr/local/psa/var/certificates/<certificate file name> | grep DNS:
where "<certificate file name>" is replaced by the certificate file name obtained from step (1).

Does the certificate reflect your domain names or does it reflect the host name/the default?
 
You must log in or register to reply here.

Similar threads

L
Issue When Mail Domain SSL Renews The Cert Reverts To domain.tld
Replies
5
Views
2K
Ladylinux
L
S
Issue Let's Encrypt/SSL It! empty domain name error
Replies
8
Views
1K
SilentWarrior
S
R
Issue SSL/TLS cert for mail server not updating (Lets Encrypt)
Replies
2
Views
2K
tessa67
T
H
Resolved Problem with install Let's Encrypt SSL/TLS certificate
Replies
6
Views
2K
HungLuu
H
Bitpalast
Resolved SSL create and renew errors on random domains / possibly a Let's Encrypt issue, but maybe only in combination with Plesk
Replies
11
Views
2K
Change Maker
C
Back
Top