• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion
  • Inviting everyone to the UX test of a new security feature in the WP Toolkit
    For WordPress site owners, threats posed by hackers are ever-present. Because of this, we are developing a new security feature for the WP Toolkit. If the topic of WordPress website security is relevant to you, we would be grateful if you could share your experience and help us test the usability of this feature. We invite you to join us for a 1-hour online session via Google Meet. Select a convenient meeting time with our friendly UX staff here.

Issue Problem with activating serverwide Lets Encrypt cert

C

Christoph Thumfart

New Pleskian
Hello

I have a Problem with the activation of a Serverwide Lets Encrypt Certificate.
I already activated it under IP Adresses and under SSL Certificates!
I also secured the mail server with one.
But heres the Problem
When i make an ssl inspect, like that from SSLLabs i get a response that says i have a certification
mismatch.
Like this

Try these other domain names (extracted from the certificates):
  • Parallels Panel (invalid hostname)

For the Information of the Server
Its running Centos 6.9 with the latest Plesk update!

Any Idea?
 
Hi Christoph Thumfart,

pls. note the following "default" certificate locations:

=> HOME > Tools & Settings > IP Addresses > XXX.XXX.XXX.XXX ( "SSL/TLS certificate" and "Default site" )

=> HOME > Tools & Settings > SSL/TLS Certificates ( default certificate should be BOLD )

After you successfully configured the above standarts, you are then able to delete the old standart/default certificate, which has been automatically installed from Plesk.


Afterwards, pls. head over to your depending subscription and change your certificate to the desired one from your server pool ( admin repository ) ( => "NAME_OF_YOUR_CERTIFICATE ( other repository )" ).


If you still experience the described issue, pls. consider to use the Plesk Repair Utility ( => Plesk Repair Utility ) and use the repair option:

Code: 
plesk repair web -y -v
or/and
Code: 
plesk repair web -sslcerts -y -v
... and pls. note, that each repair process creates as well a corresponding log - file ( => /var/log/plesk ), which you are able to inspect, if you experience issues/errors/problems. :)
 
Hello

Thank you for the response!
I tried the Steps above but it didn't worked much, but it seems that one domain has the default certificate installed, i looked it up via SQL with the statement
Code: 
select d.name from domains d inner join hosting h on h.dom_id = d.id where h.certificate_id = 13;

But when i go to the ssl settings for this domain i can't deploy a new cert via lets encrypt for the Domain because everytime i get this error

Code: 
Invalid response from https://acme-v01.api.letsencrypt.org/acme/authz/jF1IDuDgD0GUuJaHKXEoAeO0JUr8AesSpUUGsbzEtJ4.
Details:
Type: urn:acme:error:connection
Status: 400
Detail: Fetching http://sitemanagement.cc/.well-known/acme-challenge/xDd_3KLknXiPtihfsiFQOtpau_mvnumcgBarJY9ByHU: Timeout

Thank you for your help in the meanwhile
 
Hi Christoph Thumfart,

you have a misconfiguration at your DNS - settings for your domain "sitemXXXXXment.cc". It resolves to your corresponding IP "146.XXX.XX.XX", but this resolves back to "wwwXX.sitemXXXXXment.at" and "ipXXXXXXXXXXXX.rev.neXXXs.at". Pls. check your depending log - entries at your "panel.log", where the Plesk Let's Encrypt extensions logs its actions, and you should be able to investigate, that Let's Encrypt can't write into your folder "/var/www/vhosts/sitemXXXXXment.cc/httpdocs/.well-known/acme-challenge/", to verify the challenge. :(


Additional informations:

 
Hello

I figured the cert error out it was as you said one domain had a diffrent ip adress defined in the dns entry i changed that and now i could delete the default plesk cert!
Thank you very much for the help!

But now i tried a ssl test on a IMAP Server for a Domain and i get a certification missmatch is there a way to fix this?

Code: 
Certificate name mismatch
Click here to ignore the mismatch and proceed with the tests
Try these other domain names (extracted from the certificates):

www08.sitemanagement.at
What does this mean?

We were able to retrieve a certificate for this site, but the domain names listed in it do not match the domain name you requested us to inspect. It's possible that:

The web site does not use SSL, but shares an IP address with some other site that does.
The web site no longer exists, yet the domain name still points to the old IP address, where some other site is now hosted.
The web site uses a content delivery network (CDN) that does not support SSL.
The domain name is an alias for a web site whose main name is different, but the alias was not included in the certificate by mistake.
 
You must log in or register to reply here.

Similar threads

K
Question Renewing Let's Encrypt with external DNS servers
Replies
5
Views
327
klowet
K
Quinten
Resolved Lets Encrypt for mails server problem
Replies
2
Views
171
Quinten
Quinten
D
Issue Lets Encrypt Not Successful over port 80
Replies
8
Views
507
Daiv
D
E
Question Keep websites secured by Command Line ( Lets Encrypt )
Replies
0
Views
537
esfahanhost
E
futureweb
Question Issues with SSL Certificate Renewal for Mail Services in Plesk: Seeking Automated Solution via CLI or API
Replies
8
Views
358
futureweb
futureweb
Back
Top