• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Issue Server-wide backup invalidates SSL cert when deployed on back-up server

PrimeSites

PrimeSites

New Pleskian
Server operating system version
Ubuntu 22.04.3 LTS
Plesk version and microupdate number
Plesk Obsidian 18.0.56 Update #2
Hi Guys,

I have a 2-server set-up where the primary server's whole-server back-up is copied to the secondary server nightly, and a restoration triggered manually.

However, the restoration on the secondary server invalidates the SSL cert for Plesk access and requires logging via IP address to fix. Going into Tools & Settings > SSL/TLS Certificates > Certificate for securing Plesk > [Change], then just hitting OK with (already-selected) correct cert, fixes the problem and restores the cert.

I've attempted to re-apply the cert after the restoration has completed on the secondary server with cli, but it has no effect:
plesk bin certificate --assign-cert "Lets Encrypt (sweet-almeida)" -admin -ip [server-ip-address]
Click to expand...

Could you perhaps suggest a way of automating the re-application of the correct/default Certificate for securing Plesk? This would enable me to append a command to restore the cert at the end of the back-up restoration script.

Alternatively, is it possible to exclude specific areas (hostname | default certificate) from the primary/source server back-up, which would avoid the secondary/target server's cert being invalidated?

Thanks
 
The certificate is domain-validated. As the domain can only be reached on one server, how can the certificate be valid on another server?
 
Peter Debik said:
The certificate is domain-validated. As the domain can only be reached on one server, how can the certificate be valid on another server?
Click to expand...
Hi Peter,
I should have been clearer. Each server has initially been set-up with its own certificate. E.g.
- Primary server has Lets Encrypt (primary-server) applied
- Secondary server has Lets Encrypt (sweet-almeida) applied

After restoration both the certificates are present on the secondary/target server as one might expect, but the Lets Encrypt (sweet-almeida) is still (seemingly) applied.
However It requires a manual save in Tools & Settings > SSL/TLS Certificates > Certificate for securing Plesk > [Change] to re-apply before the Plesk interface becomes accessible again.

I hope that clarifies but let me know if I'm missing something.

Thanks
 
I still don't get the issue. If the server has a different hostname and you do a full restore to that server, it is expected that some configurations from the state before restoring won't match. They cannot match if it's a different host with a different name.
 
Peter Debik said:
I still don't get the issue. If the server has a different hostname and you do a full restore to that server, it is expected that some configurations from the state before restoring won't match. They cannot match if it's a different host with a different name.
Click to expand...
Hi Peter,

I was hoping that there was perhaps way of automating the re-application of the correct/default certificate for securing Plesk on the secondary server. This would enable me to append a command to restore the cert at the end of the back-up restoration script.

I've attempted the below with no effect:
plesk bin certificate --assign-cert "Lets Encrypt (sweet-almeida)" -admin -ip [server-ip-address]

Alternatively, is it perhaps possible to exclude specific areas (hostname | default certificate) from the primary/source server back-up, which would avoid the secondary/target server's cert being invalidated?
 
You must log in or register to reply here.

Similar threads

C
Resolved Plesk mail SSL certificates invalid, common name problems (websites fine)
Replies
4
Views
625
Chucky_213123
C
QWeb Ric
Issue Server pool SSL not showing for selection
Replies
0
Views
369
QWeb Ric
QWeb Ric
P
Question Locate and remove old SSL cert
Replies
2
Views
745
learning_curve
learning_curve
R
Issue SSL/TLS cert for mail server not updating (Lets Encrypt)
Replies
2
Views
2K
tessa67
T
Polli
Issue Mails only possible with a wildcard certificate
Replies
5
Views
532
Polli
Polli
Back
Top