Issue Plesk Hostingpanel SSL Certificate Appearing in SSL Test for My Domain

[nmrtec]

Server operating system version

Ubuntu 24.04 x86_64

Plesk version and microupdate number

Plesk Obsidian 18.0.65.1

Hello everyone,

I'm experiencing an issue with my Plesk server related to SSL certificates, and I'm hoping someone can assist.

I have a domain —let's call it shop-domain.com— hosted on a Plesk server. The Plesk hosting panel is accessible via another domain, which we'll refer to as plesk.plesk-domain.com.

When I run an SSL test on shop-domain.com using Qualys SSL Labs, I notice that a second SSL certificate is being presented alongside the correct certificate for shop-domain.com. This second certificate is for plesk.plesk-domain.com and is marked as "Not Trusted" due to a domain mismatch.

Here's what the SSL test reports:

• Certificate #1:
  • Subject: shop-domain.com
  • Status: Trusted and valid
  • Issued by: Let's Encrypt
• Certificate #2:
  • Subject: plesk.plesk-domain.com
  • Status: Not Trusted (domain mismatch)
  • Issued by: Let's Encrypt

It seems that the server is serving both SSL certificates when accessing shop-domain.com, which is causing confusion and potential trust issues.

I'm unsure why the plesk.plesk-domain.com certificate is being presented when testing or accessing shop-domain.com. Has anyone encountered a similar issue or can guide me on how to prevent the Plesk certificate from appearing alongside my main domain's certificate?

Any insights or suggestions would be greatly appreciated!

Thank you in advance.

 

[Vitali]

I have a similar problem and I don't know how to solve it. I have already been reading possible solutions, some say that you have to wait but I have already waited more than a week and the problem is not corrected. Others say that you have to restart plesk or repair web in ssh but the provider does not give me those options. were you able to solve it?

 

[nmrtec]

im not quite sure anymore how i fixed this since it was quite a while ago. but if i remember correctly i bought a seperate ip adress for each domain wich resolved the issue

 

[learning_curve]

~~ if i remember correctly i bought a seperate ip adress for each domain wich resolved the issue

IF separate IP addresses wasn't a priority for you (as opposed to a work-around) and... depending on how many levels of sub-domain you use / will use... Instead of the IP addresses, you could have taken a Multi-Domain / Wildcard / SAN SSL Certificate, which covered all of the domains (IF an easily manageable number say 20 or 30) that you were hosting and then, used that to cover all of the SSL requirements from the hosting sub-domain (and/or domain) that you were/are using for Plesk. You still need individual domain SSL Certificates (as you already have experienced) but that specific config would remove all of your Qualys SSL Labs / Not Trusted / Domain Mismatch issues (we've used this config ourselves, so this is real data from previous experience). Plus, all of those SSL's (even the Multi-Domain / Wildcard / SAN SSL Certificate) can be obtained from Let's Encrypt, for free, too, IF you're also looking for Value For Money. It takes quite a bit of setup time (as it's for both Plesk and Plesk Mail remember) and... the Multi-Domain / Wildcard / SAN SSL Certificate needs to be sourced from outside of Plesk, but once configured (IF you use API's for all of your SSL's, it takes a lot less time) & FWIW It's a sensible, alternative method to adding more IP addresses.

 

[learning_curve]

@nmrtec / @Vitali It's heavily sanitized / redacted obviously (as this forum's content is in the public domain) but here's an example (image), taken earlier today, of where we have a server, that is using the specific config described in the previous post. None of the Qualys SSL Labs issues that you have described are present and Plesk works perfectly on this server / all of it's hosted domains.