• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Missing certificates after upgrade

ilijamt

Basic Pleskian
After upgrading to Plesk 12.5 from 12.0.18, some of the certificates are missing.

I ran

Code:
# /usr/local/psa/admin/sbin/httpdmng --reconfigure-server
# nginx -t
nginx: [emerg] BIO_new_file("/opt/psa/var/certificates/cert-T5CvaQ") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/opt/psa/var/certificates/cert-T5CvaQ','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx: configuration file /etc/nginx/nginx.conf test failed

I tracked the configuration file and the domain in question has it's own SSL certificate, but in /opt/psa/var/certificates the file is missing.

How can I regenerate this files?
Or even fix them.

Code:
# grep -hr "ssl_certificate" /var/www/vhosts/system | sort | uniq -c
     35     ssl_certificate_key         /opt/psa/var/certificates/cert-4YU1xi;
      1     ssl_certificate_key         /opt/psa/var/certificates/cert-cl8U3l;
     12     ssl_certificate_key         /opt/psa/var/certificates/cert-RXFhan;
      2     ssl_certificate_key         /opt/psa/var/certificates/cert-T5CvaQ;
      1     ssl_certificate_key         /opt/psa/var/certificates/cert-WbsLZ6;
     35     ssl_certificate             /opt/psa/var/certificates/cert-4YU1xi;
      1     ssl_certificate             /opt/psa/var/certificates/cert-cl8U3l;
     12     ssl_certificate             /opt/psa/var/certificates/cert-RXFhan;
      2     ssl_certificate             /opt/psa/var/certificates/cert-T5CvaQ;
      1     ssl_certificate             /opt/psa/var/certificates/cert-WbsLZ6;

Code:
# ls -laH /opt/psa/var/certificates
total 80K
drwxr-xr-x  2 root   root   4.0K Oct 18 03:34 .
drwxr-xr-x 12 psaadm psaadm 4.0K Oct 17 21:59 ..
-rw-r--r--  1 root   root   3.0K Oct 18 03:21 cert-4YU1xi
-rw-r--r--  1 root   root   7.6K Oct 18 03:21 cert-cl8U3l
-rw-r--r--  1 root   root   5.5K Oct 18 03:21 cert-D2IfBN
-rw-r--r--  1 root   root   4.1K Oct 18 03:21 cert-jQHCHk
-rw-r--r--  1 root   root   9.1K Oct 18 03:21 cert-Oolw3c
-rw-r--r--  1 root   root   5.5K Oct 18 03:21 cert-r9h9L2
-rw-r--r--  1 root   root   3.0K Oct 18 03:32 cert-RXFhan
-rw-r--r--  1 root   root    11K Oct 18 03:21 cert-WbsLZ6
-rw-r--r--  1 root   root   3.0K Oct 18 03:21 cert-Whdr8E
-rw-r--r--  1 root   root   3.0K Oct 18 03:34 cert-XKGZH0

I tried running plesk repair all, but it didn't fix the problem.
 
Since no one from Plesk bothered to respond, and help me fix this.

This is how I sorted them out.

First thing pull a list of all the certificates you have.
This will give you a list of certificates and the files.

Code:
$ plesk db
select id, name, cert_file, ca_file from certificates

Will show you which certificates are used for which domain so you know which ones are used in your system.

Code:
$ plesk db
select d.name, h.certificate_id, c.name from domains d inner join hosting h on h.dom_id = d.id inner join certificates c on c.id = h.certificate_id order by h.certificate_id asc

Make a backup of /opt/psa/var/certificates/ and delete all the files that are not present in the database, and are used.

You can go over the certificates
Code:
SSRC=T5CvaQ
TRPL=i4dQXs
find /etc/nginx/ -type f -name "*.conf" -exec grep -q '$SSRC' {} \; -print | xargs -I {} sed -i 's/$SSRC/$TRPL/g' {}
find /var/www/vhosts/system/ -type f -name "*.conf" -exec grep -q '$SSRC' {} \; -print | xargs -I {} sed -i 's/$SSRC/$TRPL/g' {}

At the end I just ran the rebuild command for the web configuration.
Code:
$ plesk repair web -y

After this, both apache and nginx work correctly.
 
Back
Top