• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Plesk resets SSL directory settings in httpd.conf

L

lnxmtl

Guest
Hi,

I'm having a problem with Plesk (7.5.2 / Fedora Core 2) since I installed a SSL certificate for my main domain.

the https://mydomain.com page points to the Plesk default page instead of the httpsdocs directory of the domain.

Here is the relevant part in /etc/httpd/conf/httpd.include :

<VirtualHost xxx.xxx.xxx.xxx:443 >
ServerName default-xxx-xxx-xxx-xxx
UseCanonicalName Off
DocumentRoot /home/httpd/vhosts/default/httpsdocs
ScriptAlias /cgi-bin/ "/home/httpd/vhosts/default/cgi-bin/"
SSLEngine on
SSLVerifyClient none
SSLCertificateFile /usr/local/psa/var/certificates/cert-xxxxxx
SSLCACertificateFile /usr/local/psa/var/certificates/cert-xxxxxx
<Directory "/home/httpd/vhosts/default/cgi-bin/">
AllowOverride None
Options None
Order allow,deny
Allow from all
</Directory>
<Directory /home/httpd/vhosts/default/httpsdocs>
SSLRequireSSL
</Directory>
</VirtualHost>


I tried to edit it manually to change the following items :

DocumentRoot /home/httpd/vhosts/mydomain.com/httpsdocs
<Directory /home/httpd/vhosts/mydomain.com/httpdocs>
SSLRequireSSL
Options +Includes +ExecCGI
AddHandler cgi-script .cgi
</Directory>

It worked, but during the night, a plesk internal cron job did overwrite the file and reverted my changes (naturally, same thing happens if a new site is added).

Since this is in the main httpd.include file, the 'vhost.conf' trick won't work.

I saw elsewhere on the board some people had trouble with IP moved from shared to exclusive, so I installed the site on a newly added exclusive IP and the result was no better.

I finally tried to find where is the data in the database but could not find it.

Do you know how to correct this problem, or the location where the data used by Plesk to rebuild /etc/httpd/conf/httpd.include is stored ?

Thanks !
 
All modifications to the httpd.include, should be added to a vhost.conf or vhost_ssl.conf file. The httpd.include files are overwritten by Plesk. You should search on this forum, a lot of people faced this issue.
 
Thanks hardweb, but I was talking about the main httpd.include, the one in /etc/httpd/conf/httpd.include, not the domain's private httpd.include.

In the domain's private httpd.include there is no <VirtualHost xxx.xxx.xxx.xxx:443 > directive, so the vhost_ssl.conf is not included when the
"/usr/local/psa/admin/sbin/websrvmng --reconfigure-vhost --vhost-name=myDomain.com" command is executed.

Also, what I need to do is not only to add directives, but to change the wrong settings made by Plesk, namely DocumentRoot parameters and the content of the <Directory> directive.

I temporarily solved the problem by moving the whole section out of Plesk's reach (at least I hope so!), in httpd.conf, just before the
"Include /etc/httpd/conf/httpd.include" command since the first VirtualHost command have precedence over subsequently defined VirtualHost directives for the same IP/Port.

---

The problem is the lack of any SSL related configuration for the domain, despite the facts that in the control panel, everything seems to be ok (in the customer's IP pool, the certificate properly appears for the right IP and usage count for the certificate is properly set to 1).
The certificate was installed at the server level, so that the myDomain.com:8443 access to the panel could use the same certificate (that part works well).
It correctly appears in the serverwide cert repository, but not in the domain's repository (I have no previous experience with plesk SSL, so I don't know if this is the expected behavior).

AFAIK, Plesk did not properly update it's tables to reflect the fact that this domain have a SSL certificate attached to it's (exclusive) IP address.

Even if my 'dirty' fix does the job for now, I would rather make it work the normal, intended way.

Any idea about what could cause Plesk to skip SSL configuration for a domain ?
 
Be aware that all htttp.include files, the domain ones or the global one are eventually rewritten. All custom configs must go outside these files.
 
In the control panel, go to Domains, Setup.

Make sure there is a checkmark in 'SSL support'. If there is already, then uncheck it, click Ok, then go back in and checkmark it again and click Ok again. This will force the changes to occur to the httpd.conf file, Plesk may have gotten confused.

This does not happen often, but I have seen it happen with Plesk products, as well as some MS products.
 
Back
Top