Facebook
Twitter
SSL certificate on a client's domain has expired. How can I remove it? This domain is not the default domain of the panel. This domain is in the customer account. When I want to delete this certificate plesk says that the certificate can not be deleted because it is used by the domain / IP.
-
If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
CentOS2Alma discussion
Removing SSL certificate from a client's domain
- Thread starter ZbyszekL
- Start date
root@mydomain:~# /usr/local/psa/bin/certificate -l -domain somename.pl
CSR Priv Cert CA Name Used
Y Y Y Y www.somename.pl
Listing of SSL certificates repository was successful
root@mydomain:~# /usr/local/psa/bin/certificate -r www.somename.pl -domain somename.pl
Unable to remove certificate www.somename.pl: Unable to remove certificates: one or more certificates are assigned to IP addresses / domains.
CSR Priv Cert CA Name Used
Y Y Y Y www.somename.pl
Listing of SSL certificates repository was successful
root@mydomain:~# /usr/local/psa/bin/certificate -r www.somename.pl -domain somename.pl
Unable to remove certificate www.somename.pl: Unable to remove certificates: one or more certificates are assigned to IP addresses / domains.
I did it: I entered into the psa database. I found a table named "certyficates". In that table, I found a domain certificate of a client who wanted to remove. In the column "cert_file" I found the file name of the certificate and in the column "ca_file" I found the file name of the CA file. I deleted the entire row. Then in the directory /opt/psa/var/certificates/ I found those files and deleted them. Then in the table "domains" in the column "cert_rep_id" for the domain from which I removed the certificate changed the value from 3 to 0. After restarting the panel certificate disappeared ;-).
I've also uncheck the option "SSL Support" in the panel to rebuild Apache configuration file. Otherwise when you reboot apache will not start. You can also manually remove references to the certificate files from Apache conf file, however, it is "not recommended".
I've also uncheck the option "SSL Support" in the panel to rebuild Apache configuration file. Otherwise when you reboot apache will not start. You can also manually remove references to the certificate files from Apache conf file, however, it is "not recommended".
Last edited:
M
Matt_Earwicker
Guest
Any other thoughts?
Hi
I'm in the same position. Only two IP addresses in table, both linked to other certificates. Found the relevant certificate in the certificates table, but not sure how to remove it safely. Don't quite understand the bit about "unchecking the compile with SSL support" suggestion above - is this somewhere in the Plesk control panel?
Hi
I'm in the same position. Only two IP addresses in table, both linked to other certificates. Found the relevant certificate in the certificates table, but not sure how to remove it safely. Don't quite understand the bit about "unchecking the compile with SSL support" suggestion above - is this somewhere in the Plesk control panel?
M
Matt_Earwicker
Guest
Just realized, am I right in thinking that once you have clicked "enable SSL support" for a website, it has to have a certificate, and this is true even if you then uncheck "enable SSL support"? Is the certificate then used, or not?
Superkikim
Regular Pleskian
There's definitely a bug in there.
I've assigned a certificate to a domain and two of it's subdomains... Now I want to replace it by antoher certificate, but there's no way to remove it... Always this same message: Unable to remove certificate: one or several certificates are assigned to the IP addresses/domains.
The problem is that to remove a certificate, you need to add a new one, and replace the one you want to remove. But there is no way to UNASSIGN an assigned certificate without replacing it. This is a MISS from parrallels team.
To confirm my theory, I have added my new certificate in plesk with a new name. Then, I have replaced the certificate in my domain and subdomains. After that, I was able to successfully remove the certificate I wanted to delete.
Igor,
Please escalate this to your development team for them to add a "unassign certificate" option for domains and subdomains... This will be most helpful.
I've assigned a certificate to a domain and two of it's subdomains... Now I want to replace it by antoher certificate, but there's no way to remove it... Always this same message: Unable to remove certificate: one or several certificates are assigned to the IP addresses/domains.
The problem is that to remove a certificate, you need to add a new one, and replace the one you want to remove. But there is no way to UNASSIGN an assigned certificate without replacing it. This is a MISS from parrallels team.
To confirm my theory, I have added my new certificate in plesk with a new name. Then, I have replaced the certificate in my domain and subdomains. After that, I was able to successfully remove the certificate I wanted to delete.
Igor,
Please escalate this to your development team for them to add a "unassign certificate" option for domains and subdomains... This will be most helpful.
I, too, am having a problem in Plesk 10.4.4 with replacing a SSL Certificate in a client account.
The old certificate expired several months ago. I've ordered a configured a new Certificate for them under a new name. I'm trying to remove the old certificate, but keep getting an error: "Unable to remove certificates: one or several certificates are assigned to the IP addresses/domains."
How can I unassign the old certificate and assign the new certificate?
The old certificate expired several months ago. I've ordered a configured a new Certificate for them under a new name. I'm trying to remove the old certificate, but keep getting an error: "Unable to remove certificates: one or several certificates are assigned to the IP addresses/domains."
How can I unassign the old certificate and assign the new certificate?
latenightdomainer
New Pleskian
Well I guess the only way is through manual work around in the PSA database... that´s how we did it. Hopefully will help you meantime.
