• Please be aware: Kaspersky Anti-Virus has been deprecated
    With the upgrade to Plesk Obsidian 18.0.64, "Kaspersky Anti-Virus for Servers" will be automatically removed from the servers it is installed on. We recommend that you migrate to Sophos Anti-Virus for Servers.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Plesk resets SSL directory settings in httpd.conf

L

lnxmtl

Guest
Hi,

I'm having a problem with Plesk (7.5.2 / Fedora Core 2) since I installed a SSL certificate for my main domain.

the https://mydomain.com page points to the Plesk default page instead of the httpsdocs directory of the domain.

Here is the relevant part in /etc/httpd/conf/httpd.include :

<VirtualHost xxx.xxx.xxx.xxx:443 >
ServerName default-xxx-xxx-xxx-xxx
UseCanonicalName Off
DocumentRoot /home/httpd/vhosts/default/httpsdocs
ScriptAlias /cgi-bin/ "/home/httpd/vhosts/default/cgi-bin/"
SSLEngine on
SSLVerifyClient none
SSLCertificateFile /usr/local/psa/var/certificates/cert-xxxxxx
SSLCACertificateFile /usr/local/psa/var/certificates/cert-xxxxxx
<Directory "/home/httpd/vhosts/default/cgi-bin/">
AllowOverride None
Options None
Order allow,deny
Allow from all
</Directory>
<Directory /home/httpd/vhosts/default/httpsdocs>
SSLRequireSSL
</Directory>
</VirtualHost>


I tried to edit it manually to change the following items :

DocumentRoot /home/httpd/vhosts/mydomain.com/httpsdocs
<Directory /home/httpd/vhosts/mydomain.com/httpdocs>
SSLRequireSSL
Options +Includes +ExecCGI
AddHandler cgi-script .cgi
</Directory>

It worked, but during the night, a plesk internal cron job did overwrite the file and reverted my changes (naturally, same thing happens if a new site is added).

Since this is in the main httpd.include file, the 'vhost.conf' trick won't work.

I saw elsewhere on the board some people had trouble with IP moved from shared to exclusive, so I installed the site on a newly added exclusive IP and the result was no better.

I finally tried to find where is the data in the database but could not find it.

Do you know how to correct this problem, or the location where the data used by Plesk to rebuild /etc/httpd/conf/httpd.include is stored ?

Thanks !
 
All modifications to the httpd.include, should be added to a vhost.conf or vhost_ssl.conf file. The httpd.include files are overwritten by Plesk. You should search on this forum, a lot of people faced this issue.
 
Thanks hardweb, but I was talking about the main httpd.include, the one in /etc/httpd/conf/httpd.include, not the domain's private httpd.include.

In the domain's private httpd.include there is no <VirtualHost xxx.xxx.xxx.xxx:443 > directive, so the vhost_ssl.conf is not included when the
"/usr/local/psa/admin/sbin/websrvmng --reconfigure-vhost --vhost-name=myDomain.com" command is executed.

Also, what I need to do is not only to add directives, but to change the wrong settings made by Plesk, namely DocumentRoot parameters and the content of the <Directory> directive.

I temporarily solved the problem by moving the whole section out of Plesk's reach (at least I hope so!), in httpd.conf, just before the
"Include /etc/httpd/conf/httpd.include" command since the first VirtualHost command have precedence over subsequently defined VirtualHost directives for the same IP/Port.

---

The problem is the lack of any SSL related configuration for the domain, despite the facts that in the control panel, everything seems to be ok (in the customer's IP pool, the certificate properly appears for the right IP and usage count for the certificate is properly set to 1).
The certificate was installed at the server level, so that the myDomain.com:8443 access to the panel could use the same certificate (that part works well).
It correctly appears in the serverwide cert repository, but not in the domain's repository (I have no previous experience with plesk SSL, so I don't know if this is the expected behavior).

AFAIK, Plesk did not properly update it's tables to reflect the fact that this domain have a SSL certificate attached to it's (exclusive) IP address.

Even if my 'dirty' fix does the job for now, I would rather make it work the normal, intended way.

Any idea about what could cause Plesk to skip SSL configuration for a domain ?
 
Be aware that all htttp.include files, the domain ones or the global one are eventually rewritten. All custom configs must go outside these files.
 
In the control panel, go to Domains, Setup.

Make sure there is a checkmark in 'SSL support'. If there is already, then uncheck it, click Ok, then go back in and checkmark it again and click Ok again. This will force the changes to occur to the httpd.conf file, Plesk may have gotten confused.

This does not happen often, but I have seen it happen with Plesk products, as well as some MS products.
 
You must log in or register to reply here.

Similar threads

M
Issue hosting update is failed: vhostmng-structure failed: Cannot create directory /httpdocs/Master/Production/current/public: No such file or directory
Replies
3
Views
563
Kaspar@Plesk
Kaspar@Plesk
LTUser
Issue server.conf / access_compat / Order allow,deny / Plesk 17.8.11
Replies
0
Views
598
LTUser
LTUser
T
Question Apache 2.4 - every page in my site works, expect home
Replies
3
Views
3K
ahmad314
A
H
Issue Apache dies due to missing SSL certs
Replies
5
Views
2K
danami
danami
D
Default Parallels Plesk Page
Replies
4
Views
3K
serverpoint_tom
S
Back
Top