1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

Removing SSL certificate from a client's domain

Discussion in 'Plesk 10.x for Linux Issues, Fixes, How-To' started by ZbyszekL, Dec 13, 2011.

  1. ZbyszekL

    ZbyszekL Basic Pleskian

    17
    85%
    Joined:
    Nov 7, 2010
    Messages:
    41
    Likes Received:
    0
    SSL certificate on a client's domain has expired. How can I remove it? This domain is not the default domain of the panel. This domain is in the customer account. When I want to delete this certificate plesk says that the certificate can not be deleted because it is used by the domain / IP.
     
  2. IgorG

    IgorG Forums Analyst Staff Member

    49
    24%
    Joined:
    Oct 27, 2009
    Messages:
    24,572
    Likes Received:
    1,243
    Location:
    Novosibirsk, Russia
    Try to find name of certificate with:
    then remove it with

     
  3. ZbyszekL

    ZbyszekL Basic Pleskian

    17
    85%
    Joined:
    Nov 7, 2010
    Messages:
    41
    Likes Received:
    0
    root@mydomain:~# /usr/local/psa/bin/certificate -l -domain somename.pl
    CSR Priv Cert CA Name Used
    Y Y Y Y www.somename.pl

    Listing of SSL certificates repository was successful
    root@mydomain:~# /usr/local/psa/bin/certificate -r www.somename.pl -domain somename.pl
    Unable to remove certificate www.somename.pl: Unable to remove certificates: one or more certificates are assigned to IP addresses / domains.
     
  4. IgorG

    IgorG Forums Analyst Staff Member

    49
    24%
    Joined:
    Oct 27, 2009
    Messages:
    24,572
    Likes Received:
    1,243
    Location:
    Novosibirsk, Russia
    You can find relation between this certificate and IP address in 'IP_Addresses' table of psa database. When you find IP - you can remove this certificate from this IP address.
     
  5. ZbyszekL

    ZbyszekL Basic Pleskian

    17
    85%
    Joined:
    Nov 7, 2010
    Messages:
    41
    Likes Received:
    0
    I did it: I entered into the psa database. I found a table named "certyficates". In that table, I found a domain certificate of a client who wanted to remove. In the column "cert_file" I found the file name of the certificate and in the column "ca_file" I found the file name of the CA file. I deleted the entire row. Then in the directory /opt/psa/var/certificates/ I found those files and deleted them. Then in the table "domains" in the column "cert_rep_id" for the domain from which I removed the certificate changed the value from 3 to 0. After restarting the panel certificate disappeared ;-).
    I've also uncheck the option "SSL Support" in the panel to rebuild Apache configuration file. Otherwise when you reboot apache will not start. You can also manually remove references to the certificate files from Apache conf file, however, it is "not recommended".
     
    Last edited: Dec 14, 2011
  6. Matt_Earwicker

    Matt_Earwicker Guest

    0
     
    Any other thoughts?

    Hi

    I'm in the same position. Only two IP addresses in table, both linked to other certificates. Found the relevant certificate in the certificates table, but not sure how to remove it safely. Don't quite understand the bit about "unchecking the compile with SSL support" suggestion above - is this somewhere in the Plesk control panel?
     
  7. Matt_Earwicker

    Matt_Earwicker Guest

    0
     
    Just realized, am I right in thinking that once you have clicked "enable SSL support" for a website, it has to have a certificate, and this is true even if you then uncheck "enable SSL support"? Is the certificate then used, or not?
     
  8. Superkikim

    Superkikim Regular Pleskian

    25
    57%
    Joined:
    Mar 10, 2008
    Messages:
    135
    Likes Received:
    0
    There's definitely a bug in there.

    I've assigned a certificate to a domain and two of it's subdomains... Now I want to replace it by antoher certificate, but there's no way to remove it... Always this same message: Unable to remove certificate: one or several certificates are assigned to the IP addresses/domains.

    The problem is that to remove a certificate, you need to add a new one, and replace the one you want to remove. But there is no way to UNASSIGN an assigned certificate without replacing it. This is a MISS from parrallels team.

    To confirm my theory, I have added my new certificate in plesk with a new name. Then, I have replaced the certificate in my domain and subdomains. After that, I was able to successfully remove the certificate I wanted to delete.

    Igor,

    Please escalate this to your development team for them to add a "unassign certificate" option for domains and subdomains... This will be most helpful.
     
  9. webwerks

    webwerks New Pleskian

    10
     
    Joined:
    Jan 13, 2013
    Messages:
    2
    Likes Received:
    0
    I, too, am having a problem in Plesk 10.4.4 with replacing a SSL Certificate in a client account.

    The old certificate expired several months ago. I've ordered a configured a new Certificate for them under a new name. I'm trying to remove the old certificate, but keep getting an error: "Unable to remove certificates: one or several certificates are assigned to the IP addresses/domains."

    How can I unassign the old certificate and assign the new certificate?
     
  10. latenightdomainer

    latenightdomainer New Pleskian

    10
     
    Joined:
    Feb 8, 2013
    Messages:
    1
    Likes Received:
    0
    Well I guess the only way is through manual work around in the PSA database... that´s how we did it. Hopefully will help you meantime.
     
Loading...