Resolved Plesk upgrade to Obsidian extensions fails because invalid SSL certificate on ext.plesk.com

[micheloe]

When upgrading Plesk Onyx 17.8 to Obsidian 18.0.23 in CentOS 7, the upgrade fails partially when updating extensions. The issue seems global though, not related to plesk/OS version. Afterwards, I'm unable to access the extensions catalog. The installation log shows:

ERROR: Upgrade step 2019-08-26-12-07-56_InstallExtensionRepairKit.php failed with code 1 and output:
[2020-02-04 07:05:07.113] ERR [panel] Error in cURL request: Peer's Certificate issuer is not recognized.
[2020-02-04 07:05:07.127] ERR [panel] Error in cURL request: Peer's Certificate issuer is not recognized.
[2020-02-04 07:05:07.141] ERR [panel] Error in cURL request: Peer's Certificate issuer is not recognized.:
0: /usr/local/psa/admin/plib/Upgrade/upgrade.php:44
ERROR: Plesk\Upgrade\Exception: Error in cURL request: Peer's Certificate issuer is not recognized. (upgrade.php:44)

...

ERROR: Upgrade step 2019-08-26-13-15-41_InstallExtensionAdvancedMonitoring.php failed with code 1 and output:
[2020-02-04 07:05:08.100] ERR [panel] Error in cURL request: Peer's Certificate issuer is not recognized.
[2020-02-04 07:05:08.115] ERR [panel] Error in cURL request: Peer's Certificate issuer is not recognized.
[2020-02-04 07:05:08.129] ERR [panel] Error in cURL request: Peer's Certificate issuer is not recognized.:
0: /usr/local/psa/admin/plib/Upgrade/upgrade.php:44
ERROR: Plesk\Upgrade\Exception: Error in cURL request: Peer's Certificate issuer is not recognized. (upgrade.php:44)

SUCCESS: Upgrade step 2019-10-09-11-05-57_SendProductAgreement.php was successfully done.
SUCCESS: Upgrade step 2019-11-11-13-20-40_AddWebPMimeType.php was successfully done.
SUCCESS: Upgrade step 2019-11-14-07-15-09_SetDefaultPasswordStrength.php was successfully done.
SUCCESS: Upgrade step 2019-11-19-09-48-55_ResetThemeToOnyx.php was successfully done.
SUCCESS: Upgrade step 2019-12-01-22-23-14_MoveUserSettings.php was successfully done.
SUCCESS: Upgrade step 2019-12-17-06-50-14_SetGlobalDefaultDoc.php was successfully done.
SUCCESS: Upgrade step 2019-12-20-10-01-36_CreateTempUploadDir.php was successfully done.
Some steps of upgrade failed. Run upgrade with option --repair to rerun failed steps.

Rerunning the failed steps with "plesk repair installation" also fails with the same error.

When trying to access ext.plesk.com, an invalid SSL certificate warning is also shown in the browser.

Debugging this issue on several machines with curl shows the same issue:

curl -v https://ext.plesk.com
* About to connect() to ext.plesk.com port 443 (#0)
* Trying 195.181.172.7...
* Connected to ext.plesk.com (195.181.172.7) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* Server certificate:
* subject: CN=rsc.cdn77.org,O=DataCamp Limited,L=London,C=GB
* start date: Oct 24 00:00:00 2019 GMT
* expire date: Jun 09 12:00:00 2020 GMT
* common name: rsc.cdn77.org
* issuer: CN=DigiCert SHA2 Secure Server CA,O=DigiCert Inc,C=US
* NSS error -12276 (SSL_ERROR_BAD_CERT_DOMAIN)
* Unable to communicate securely with peer: requested domain name does not match the server's certificate.
* Closing connection 0
curl: (51) Unable to communicate securely with peer: requested domain name does not match the server's certificate.

Please fix the SSL certificate on your CDN. Thanks.

 

[micheloe]

Apparently it's solved, thanks!