• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion
  • Please beaware of a breaking change in the REST API on the next Plesk release (18.0.62).
    Starting from Plesk Obsidian 18.0.62, requests to REST API containing the Content-Type header with a media-type directive other than “application/json” will result in the HTTP “415 Unsupported Media Type” client error response code. Read more here

Resolved Plesk 18.0.61 Login Problem w/ Google Auth/MFA & Cloudflare

J.Wick

J.Wick

Regular Pleskian
Server operating system version
Rocky Linux
Plesk version and microupdate number
Version 18.0.61 Update #1
Hello,

I upgraded Plesk to 18.0.61 today and was prevented from fully logging into Plesk and getting an SSL_ERROR page.

To regain access, I had to disable Google Authenticator using the CLI. This was necessary as the system was now attempting to use port 8880 (HTTP).

I'm running a custom Plesk URL on a subdomain secured with a Cloudflare Origin SSL certificate.

I uninstalled Google Authenticator and installed the current MFA option. Once again, upon activation, I was locked out of Plesk with the same error, requiring me to disable the extension from the CLI.

This extension needs to work on port 443 or it's going to mess up a lot of servers that use Cloudflare.

Please let me know if there's a fix for this.
 
I also just noticed that Graphana is also not accessible in this setup.

domain.net:8880/modules/grafana/service/login/generic_oauth produces another SSL error: ERR_SSL_PROTOCOL_ERROR

This is probably the cause why the monitoring dashboard won't work.
 
We are aware of both (MFA & Grafana) issues. Unfortunately there is no ETA on a permanent fix yet. The suggested workaround is to access Plesk via port 8443. Does that work for you?
 
@Kaspar@Plesk The big problem behind this issue is, that our clients cannot handle it and this triggers support requests. If there is no fast patch release with version 18.0.61 Update #2 addressing this issue, the whole 18.0.61 release should get a red flag and not rolled out anymore.
 
Hangover2 said:
@Kaspar@Plesk The big problem behind this issue is, that our clients cannot handle it and this triggers support requests. If there is no fast patch release with version 18.0.61 Update #2 addressing this issue, the whole 18.0.61 release should get a red flag and not rolled out anymore.
Click to expand...
Whilst empathizing with the difficulties and problems that you / your clients are having, it's not the same for everybody who has upgraded to Obsidian 18.0.61.

We (as an example) have zero problems with MFA and / or Grafana and / or anything else, since the upgrade to Obsidian 18.0.61 / 18.0.61 Update #1 on our cloud servers. It sounds like these might be conditional bugs that only cause these issues, if, certain criteria are met within the configuration / setup / OS choice etc. That's far from ideal obviously, but usually Plesk are reasonably fast at providing fixes when this occurs. Hopefully you'll see Obsidian 18.0.61 Update #2
 
@learning_curve This bug is a clear indicator, that Plesk does not make a proper (automatic) testing before new releases are deployed. It just cannot be, that the admin panel gets inaccessible after a normal update. We do not have a fancy setup, we are just using the normal options, the admin panel offers to us. In this case "Customizing Plesk URL".

We did install version 18.0.61 Update #1 on our development servers and within 3 minutes my developers were affected by this bug. How can Plesk not be aware of these problems before deploying new updates to their clients? We had this discussion already several times for some of the latest releases.

I expect from Plesk to make an intensive automatic and manual testing before every new release. This is just not the case. There seems to be no real test-driven development - at least not for all official features.

I make this annotations because we like to have the best Plesk server panel possible. Maybe if this lack of testing is discussed more often by us - the paying clients - Plesk will focus more on that to have much more stable releases. The hosting business is hard enough and doesn't allow too much mistakes.

For us this release is dead with this bug as we do want to have this "login-failure-discussions" with our own clients. On our test-/development servers we do not care too much as we have workarounds in place. But it shows again, disabling automatic-updates for Plesk servers in live systems is a must-to-have nowadays.
 
Hangover2 said:
~~~ But it shows again, disabling automatic-updates for Plesk servers in live systems is a must-to-have nowadays.
Click to expand...
Everyone's experience & demands differ, but as posted, can empathise with your current predicament. The extract from your post quoted above, fully agree with FWIW. We've only manually run all of the Plesk updates for the past 5 years now. It's a far more controlled process this way (back-ups/test upgrades et al)
 
Kaspar@Plesk said:
We are aware of both (MFA & Grafana) issues. Unfortunately there is no ETA on a permanent fix yet. The suggested workaround is to access Plesk via port 8443. Does that work for you?
Click to expand...
I'm able to log in using the customized Plesk URL, which goes through port 443 and works with Cloudflare. If I were to open my server to use port 8443, I'd have to use a Let's Encrypt certificate and expose the server IP address to the world, breaking a part of our security.

This change to use port 8880 is causing the problem. Everything needs to run through 443 to be Cloudflare compatible, which I'm shocked it wasn't considered or tested for before pushing out this release.
 
Sad to see that this issue has a low priority.


Screenshot 2024-05-21 113722.png

Based on the weekly update release strategy of Plesk we have to live with it for at least one more week or even more.
 
It's actually not a low priority. The issues with MFA and Monitoring are still (actively) being worked on.

We wanted to release an update for the issues mentioned in the Update 2 as those where already fixed.
 
Same issue here: after the update to Obsidian v18.0.61 the Grafana can not access serverport 8880 anymore. I am using Cloudflare DNS. MFA extension is installed but not activated yet. A fix would be greatly appreciated since I love watching the Grafana dashboard :)
 
This issue did also disappear in other affected areas (e.g. PHPMyAdmin / [...]).

And most important: we have special domains that are reverse proxying the Plesk admin panel to have individual login URLs for our clients and resellers. This was not working anymore since Plesk 18.0.61, when the proxy_pass URL was different from the individual login URL. With Update 3 for Plesk 18.0.61 the problem was luckily washed away too.

Please take care this issue when you make a new run for HTTP/3. Thanks in advance @Plesk Heroes!
 
You must log in or register to reply here.

Similar threads

P
Forwarded to devs Multi-Factor Authentication (MFA) extension does not remember device
Replies
3
Views
261
Kaspar@Plesk
Kaspar@Plesk
Lenny
Resolved Seeking Assistance with API Communication Issues via SSL on Plesk
Replies
4
Views
915
Lenny
Lenny
D
Issue Hello, I would like to login to my Plesk, however there is a problem that I cannot determine.
Replies
2
Views
4K
dakrueger
D
Michael Lauwereys
Resolved WWW, HTTPS, and Cloudflare
Replies
3
Views
5K
Mark Bailey
Mark Bailey
Nilbud
Question Google Compute Engine
Replies
0
Views
1K
Nilbud
Nilbud
Back
Top