• Please be aware: Kaspersky Anti-Virus has been deprecated
    With the upgrade to Plesk Obsidian 18.0.64, "Kaspersky Anti-Virus for Servers" will be automatically removed from the servers it is installed on. We recommend that you migrate to Sophos Anti-Virus for Servers.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Removing SSL certificate from a client's domain

ZbyszekL

Basic Pleskian
SSL certificate on a client's domain has expired. How can I remove it? This domain is not the default domain of the panel. This domain is in the customer account. When I want to delete this certificate plesk says that the certificate can not be deleted because it is used by the domain / IP.
 
Try to find name of certificate with:
# /usr/local/psa/bin/certificate -l -domain domain.com
CSRPrivCertCANameUsed

then remove it with

# /usr/local/psa/bin/certificate -r CSRPrivCertCANameUsed -domain domain.com
 
root@mydomain:~# /usr/local/psa/bin/certificate -l -domain somename.pl
CSR Priv Cert CA Name Used
Y Y Y Y www.somename.pl

Listing of SSL certificates repository was successful
root@mydomain:~# /usr/local/psa/bin/certificate -r www.somename.pl -domain somename.pl
Unable to remove certificate www.somename.pl: Unable to remove certificates: one or more certificates are assigned to IP addresses / domains.
 
You can find relation between this certificate and IP address in 'IP_Addresses' table of psa database. When you find IP - you can remove this certificate from this IP address.
 
I did it: I entered into the psa database. I found a table named "certyficates". In that table, I found a domain certificate of a client who wanted to remove. In the column "cert_file" I found the file name of the certificate and in the column "ca_file" I found the file name of the CA file. I deleted the entire row. Then in the directory /opt/psa/var/certificates/ I found those files and deleted them. Then in the table "domains" in the column "cert_rep_id" for the domain from which I removed the certificate changed the value from 3 to 0. After restarting the panel certificate disappeared ;-).
I've also uncheck the option "SSL Support" in the panel to rebuild Apache configuration file. Otherwise when you reboot apache will not start. You can also manually remove references to the certificate files from Apache conf file, however, it is "not recommended".
 
Last edited:
Any other thoughts?

Hi

I'm in the same position. Only two IP addresses in table, both linked to other certificates. Found the relevant certificate in the certificates table, but not sure how to remove it safely. Don't quite understand the bit about "unchecking the compile with SSL support" suggestion above - is this somewhere in the Plesk control panel?
 
Just realized, am I right in thinking that once you have clicked "enable SSL support" for a website, it has to have a certificate, and this is true even if you then uncheck "enable SSL support"? Is the certificate then used, or not?
 
There's definitely a bug in there.

I've assigned a certificate to a domain and two of it's subdomains... Now I want to replace it by antoher certificate, but there's no way to remove it... Always this same message: Unable to remove certificate: one or several certificates are assigned to the IP addresses/domains.

The problem is that to remove a certificate, you need to add a new one, and replace the one you want to remove. But there is no way to UNASSIGN an assigned certificate without replacing it. This is a MISS from parrallels team.

To confirm my theory, I have added my new certificate in plesk with a new name. Then, I have replaced the certificate in my domain and subdomains. After that, I was able to successfully remove the certificate I wanted to delete.

Igor,

Please escalate this to your development team for them to add a "unassign certificate" option for domains and subdomains... This will be most helpful.
 
I, too, am having a problem in Plesk 10.4.4 with replacing a SSL Certificate in a client account.

The old certificate expired several months ago. I've ordered a configured a new Certificate for them under a new name. I'm trying to remove the old certificate, but keep getting an error: "Unable to remove certificates: one or several certificates are assigned to the IP addresses/domains."

How can I unassign the old certificate and assign the new certificate?
 
Back
Top