TITLE:
Restore of a site that uses a Let's Encrypt certificate triggers "missing certificate" error
PRODUCT, VERSION, OPERATING SYSTEM, ARCHITECTURE:Onyx 17.5, MU #24, CentOS 7.4 64-bit (before seen on CentOS 7.3, too)
PROBLEM DESCRIPTION:When a website (subscription) is using an SSL certificate and the website owner restores the website from a backup, the SSL certificate is not restored correctly. On a subsequent syntax check or web server restart, the web server fails with
AH00526: Syntax error on line 52 of /etc/httpd/conf/plesk.conf.d/vhosts/<domain>.conf:
SSLCACertificateFile: file '/usr/local/psa/var/certificates/cert-<id>' does not exist or is empty
Seen on two occasions and two different servers so far. Not sure whether it occurs every time, because several test restores from admin view did work while in one instance the problem seen from customer view could be reproduced several times. In that reproducable case, after the restore the customer subscription held two Let's Encrypt certificates (according to the database content), but only one of them on disk. The invalid (missing) one however was used for the web server configuration file.
STEPS TO REPRODUCE:AH00526: Syntax error on line 52 of /etc/httpd/conf/plesk.conf.d/vhosts/<domain>.conf:
SSLCACertificateFile: file '/usr/local/psa/var/certificates/cert-<id>' does not exist or is empty
Seen on two occasions and two different servers so far. Not sure whether it occurs every time, because several test restores from admin view did work while in one instance the problem seen from customer view could be reproduced several times. In that reproducable case, after the restore the customer subscription held two Let's Encrypt certificates (according to the database content), but only one of them on disk. The invalid (missing) one however was used for the web server configuration file.
Create subscription, add Let's Encrypt SSL, backup the subscription from customer access. Then restore that subscription.
ACTUAL RESULT:Failing with
AH00526: Syntax error on line 52 of /etc/httpd/conf/plesk.conf.d/vhosts/<domain>.conf:
SSLCACertificateFile: file '/usr/local/psa/var/certificates/cert-<id>' does not exist or is empty
EXPECTED RESULT:AH00526: Syntax error on line 52 of /etc/httpd/conf/plesk.conf.d/vhosts/<domain>.conf:
SSLCACertificateFile: file '/usr/local/psa/var/certificates/cert-<id>' does not exist or is empty
Certificate should be restored correctly or re-issued.
ANY ADDITIONAL INFORMATION:
YOUR EXPECTATIONS FROM PLESK SERVICE TEAM:Confirm bug