I have an Onyx plesk server with Nginx.
This server is an upgraded server.
Because I wanted to get rid of the self-signed certificates I checked the database which sites used these certificates. I used this site.
https://support.plesk.com/hc/en-us/...s-are-assigned-to-the-IP-addresses-or-domains
Finally I was able to get that number to 0 by changing the IP's certificate to a wildcard I had and some client domains.
I removed the certificate using the Plesk interface, but after that my apache server wasn't running.
It was missing /usr/local/psa/var/certificates/certTUfNZec
I copied the wildcard one to that and was able start Apache again
Today I wanted to examine which sites in Apache were still using that deleted certificate.
I noticed that /etc/httpd/conf/plesk.conf.d/server.conf was still using it on the IP
I created a temporary certificate and assigned the IP to that certificate and then I assigned it back to the wildcard certificate. I checked Apache's server.conf and the reference to certTUfNZec (deleted certificate) was gone. I then deleted the file again and stopped / started Apache.
It now didn't start because it was assigned to the webmail of a client's domain.
I checked the interface and the webmail's certificate for that domain was assigned to "not selected"
I assigned it to my wildcard, but then it crashed on the next client domain's webmail.
BTW when I changed the webmail's certificate back to the "not selected" it didn't assign it to the lost certificate but to the current default certificate.
It's clear some of the things are forgotten when removing the old default certificate.
In the end the solution to the problem was easy
It replaced all those references to the old default certificate.
Maybe the article at https://support.plesk.com/hc/en-us/...s-are-assigned-to-the-IP-addresses-or-domains should be updated to reflect this.
This server is an upgraded server.
Because I wanted to get rid of the self-signed certificates I checked the database which sites used these certificates. I used this site.
https://support.plesk.com/hc/en-us/...s-are-assigned-to-the-IP-addresses-or-domains
Finally I was able to get that number to 0 by changing the IP's certificate to a wildcard I had and some client domains.
I removed the certificate using the Plesk interface, but after that my apache server wasn't running.
It was missing /usr/local/psa/var/certificates/certTUfNZec
I copied the wildcard one to that and was able start Apache again
Code:
cp -p /usr/local/psa/var/certificates/cert-LIavLe /usr/local/psa/var/certificates/certTUfNZec
Today I wanted to examine which sites in Apache were still using that deleted certificate.
I noticed that /etc/httpd/conf/plesk.conf.d/server.conf was still using it on the IP
I created a temporary certificate and assigned the IP to that certificate and then I assigned it back to the wildcard certificate. I checked Apache's server.conf and the reference to certTUfNZec (deleted certificate) was gone. I then deleted the file again and stopped / started Apache.
It now didn't start because it was assigned to the webmail of a client's domain.
I checked the interface and the webmail's certificate for that domain was assigned to "not selected"
I assigned it to my wildcard, but then it crashed on the next client domain's webmail.
BTW when I changed the webmail's certificate back to the "not selected" it didn't assign it to the lost certificate but to the current default certificate.
It's clear some of the things are forgotten when removing the old default certificate.
In the end the solution to the problem was easy
Code:
/usr/local/psa/admin/bin/httpdmng --reconfigure-all
It replaced all those references to the old default certificate.
Maybe the article at https://support.plesk.com/hc/en-us/...s-are-assigned-to-the-IP-addresses-or-domains should be updated to reflect this.