• Please be aware: Kaspersky Anti-Virus has been deprecated
    With the upgrade to Plesk Obsidian 18.0.64, "Kaspersky Anti-Virus for Servers" will be automatically removed from the servers it is installed on. We recommend that you migrate to Sophos Anti-Virus for Servers.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Issue Problem with activating serverwide Lets Encrypt cert

C

Christoph Thumfart

New Pleskian
Hello

I have a Problem with the activation of a Serverwide Lets Encrypt Certificate.
I already activated it under IP Adresses and under SSL Certificates!
I also secured the mail server with one.
But heres the Problem
When i make an ssl inspect, like that from SSLLabs i get a response that says i have a certification
mismatch.
Like this

Try these other domain names (extracted from the certificates):
  • Parallels Panel (invalid hostname)

For the Information of the Server
Its running Centos 6.9 with the latest Plesk update!

Any Idea?
 
Hi Christoph Thumfart,

pls. note the following "default" certificate locations:

=> HOME > Tools & Settings > IP Addresses > XXX.XXX.XXX.XXX ( "SSL/TLS certificate" and "Default site" )

=> HOME > Tools & Settings > SSL/TLS Certificates ( default certificate should be BOLD )

After you successfully configured the above standarts, you are then able to delete the old standart/default certificate, which has been automatically installed from Plesk.


Afterwards, pls. head over to your depending subscription and change your certificate to the desired one from your server pool ( admin repository ) ( => "NAME_OF_YOUR_CERTIFICATE ( other repository )" ).


If you still experience the described issue, pls. consider to use the Plesk Repair Utility ( => Plesk Repair Utility ) and use the repair option:

Code: 
plesk repair web -y -v
or/and
Code: 
plesk repair web -sslcerts -y -v
... and pls. note, that each repair process creates as well a corresponding log - file ( => /var/log/plesk ), which you are able to inspect, if you experience issues/errors/problems. :)
 
Hello

Thank you for the response!
I tried the Steps above but it didn't worked much, but it seems that one domain has the default certificate installed, i looked it up via SQL with the statement
Code: 
select d.name from domains d inner join hosting h on h.dom_id = d.id where h.certificate_id = 13;

But when i go to the ssl settings for this domain i can't deploy a new cert via lets encrypt for the Domain because everytime i get this error

Code: 
Invalid response from https://acme-v01.api.letsencrypt.org/acme/authz/jF1IDuDgD0GUuJaHKXEoAeO0JUr8AesSpUUGsbzEtJ4.
Details:
Type: urn:acme:error:connection
Status: 400
Detail: Fetching http://sitemanagement.cc/.well-known/acme-challenge/xDd_3KLknXiPtihfsiFQOtpau_mvnumcgBarJY9ByHU: Timeout

Thank you for your help in the meanwhile
 
Hi Christoph Thumfart,

you have a misconfiguration at your DNS - settings for your domain "sitemXXXXXment.cc". It resolves to your corresponding IP "146.XXX.XX.XX", but this resolves back to "wwwXX.sitemXXXXXment.at" and "ipXXXXXXXXXXXX.rev.neXXXs.at". Pls. check your depending log - entries at your "panel.log", where the Plesk Let's Encrypt extensions logs its actions, and you should be able to investigate, that Let's Encrypt can't write into your folder "/var/www/vhosts/sitemXXXXXment.cc/httpdocs/.well-known/acme-challenge/", to verify the challenge. :(


Additional informations:

 
Hello

I figured the cert error out it was as you said one domain had a diffrent ip adress defined in the dns entry i changed that and now i could delete the default plesk cert!
Thank you very much for the help!

But now i tried a ssl test on a IMAP Server for a Domain and i get a certification missmatch is there a way to fix this?

Code: 
Certificate name mismatch
Click here to ignore the mismatch and proceed with the tests
Try these other domain names (extracted from the certificates):

www08.sitemanagement.at
What does this mean?

We were able to retrieve a certificate for this site, but the domain names listed in it do not match the domain name you requested us to inspect. It's possible that:

The web site does not use SSL, but shares an IP address with some other site that does.
The web site no longer exists, yet the domain name still points to the old IP address, where some other site is now hosted.
The web site uses a content delivery network (CDN) that does not support SSL.
The domain name is an alias for a web site whose main name is different, but the alias was not included in the certificate by mistake.
 
You must log in or register to reply here.

Similar threads

M
Resolved Lets Encrypt not issuing certs for subdomains
Replies
2
Views
272
mendip_discovery
M
D
Question Renewing Let's encrypt automatically
Replies
3
Views
494
Kaspar
K
R
Issue SSL/TLS cert for mail server not updating (Lets Encrypt)
Replies
2
Views
888
tessa67
T
R
Issue Let's Encrypt Error 400 on every domain
Replies
1
Views
256
Sebahat.hadzhi
Sebahat.hadzhi
M
Question Domain forwarding, no Lets Encrypt?
Replies
15
Views
922
maniacos
M
Back
Top