• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Issue New to Plesk and I messed up trying to fix an SSL issue.

T

titodj

New Pleskian
I got a cloud server after the hosting company that I was with start having serious issues, while looking at options I learned about Plesk and I decided to go unmanaged and install Plesk.
And, boy I'm glad, setup was a breeze and after reading a bit and watching some videos I managed to move almost all the sites and set them up.
This morning I was trying to make Let's encrypt or Symantec SSL to work, couldn't get the padlock
And the browser gave me this "ERR_SPDY_INADEQUATE_TRANSPORT_SECURITY"

After looking for a while I found this to disable TLS 1
PCI Complaince Plesk Disable TLS SSL

So I did this:


Enable 'nginx' web server support.
/usr/local/psa/admin/bin/nginxmng --enable

Create a custom domain template for 'nginx':
mkdir -p /usr/local/psa/admin/conf/templates/custom/domain/

cp /usr/local/psa/admin/conf/templates/default/domain/nginxDomainVirtualHost.php /usr/local/psa/admin/conf/templates/custom/domain


Edit the following file:

'/usr/local/psa/admin/conf/templates/custom/domain/nginxDomainVirtualHost.php', (So far so good)

locate the lines with 'ssl_protocols' and 'ssl_ciphers' directives and replace these lines with the following:

But that file did not had those lines... I tried to enable the SSL function on hosting settings for one site and now the site cannot be displayed on any browser...

This site can’t be reached
The webpage at TuRedVirtual | Otro sitio realizado con WordPress might be temporarily down or it may have moved permanently to a new web address.

ERR_SPDY_INADEQUATE_TRANSPORT_SECURITY


TuRedVirtual | Otro sitio realizado con WordPress
 
titodj said:
I missed this...
I ran this too

plesk bin server_pref -u -ssl-protocols 'TLSv1.2, TLSv1.1'
Click to expand...

Hello,
It's because this guide is for Plesk 12.5, only the last lines of the guide apply to Plesk Onyx.
Remove the custom templates you have added, and then follow the Plesk documentation instructions : Tune Plesk to Meet PCI DSS on Linux

Try to not follow instructions from a third-party tutorial if you don't understand the instructions impact.
 
Last edited:
Thank you !!!
"Try to not follow instructions from a third-party tutorial if you don't understand the instructions impact." Lesson learned !!
 
When I ran the command, plesk sbin pci_compliance_resolver --enable


I got this answer
service courier-imap is not installed, skip modifying.

If I go and install courier (and that removes Dovecot using the Plesk add remove component utility)

The I get this after running the command
service dovecot is not installed, skip modifying.
 
titodj said:
When I ran the command, plesk sbin pci_compliance_resolver --enable


I got this answer
service courier-imap is not installed, skip modifying.

If I go and install courier (and that removes Dovecot using the Plesk add remove component utility)

The I get this after running the command
service dovecot is not installed, skip modifying.
Click to expand...

Yes, you have the choice between courier or dovecot as mail server software. But the command plesk sbin "pci_compliance_resolver --enable" try to enable settings to all services, so it's normal if it display this notice.
 
You must log in or register to reply here.

Similar threads

A
Question custom nginx config
Replies
6
Views
304
andyxyz
A
G
Issue Error when renewing Let's Encrypt certificate on each domain
Replies
12
Views
2K
Kaspar
K
M
Question nginxDomainVirtualHost.php - configure ipv6
Replies
3
Views
696
MartinT
M
Lenny
Resolved Seeking Assistance with API Communication Issues via SSL on Plesk
Replies
4
Views
691
Lenny
Lenny
tkalfaoglu
Resolved the SSL certificate for mailman
Replies
8
Views
1K
Bitpalast
Bitpalast
Back
Top