• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Question SSL activation failure

M

MattJ

New Pleskian
Hi Guys,

Hope you could help shed some light.

I'm running a Plesk CloudLinux server and I'm having trouble activating SSL's via the Lets Encrypt.

SSL IT! informs me the SSL has been installed correctly however upon reviewing the domain on the browser level it returns the following insecure errors:
NET::ERR_CERT_COMMON_NAME_INVALID

Hoping you can assist
Matthew J
 
Hi Peter,

Thanks for your reply

Yes, I have ticked www. subdomain as well as webmail. however, all including the naked domain still return an insecure error.
 
Is the browser connecting to the correct server IP?
Is the correct certificate selected in "Hosting Settings" of the domain on that server where the browser connects to?
 
Hi peter correct,

Here is a worked example of a domain im looking into:
Domain - balancecompany.co.za
SSL Reissued as Lets Encrypt on the following www., webmail and balancecompany.co.za and specified on the hosting setttings.

The domain is propagated to the correct shared hosting IP as per the following A record lookup:
www.whatsmydns.net

DNS Propagation Checker - Global DNS Checker Tool

Instant DNS Propagation Check. Global DNS Propagation Checker - Check DNS records around the world.
www.whatsmydns.net www.whatsmydns.net

Hosting settings and SSL settings can be seen in the attached screenshot:

The apache error logs also return the following:

Warning		AH01909: balancecompany.co.za:443:0 server certificate does NOT include an ID which matches the server name
 

Attachments

  • Screenshot 1.png
    Screenshot 1.png
    66.7 KB · Views: 6
  • Screenshot 2.png
    Screenshot 2.png
    53.8 KB · Views: 6
From settings perspective, everything looks correct. Meanwhile, a wrong certificate is using, looks like it is a certificate for a server itself, see SSL Server Test: balancecompany.co.za (Powered by Qualys SSL Labs).

Is there possibility to select another certificate in the "Certificate" drop-down ("Screenshot 1")? Could it be a certificate with a wrong named (if it was renamed before)? The name is only the name, but it does not mean that it really contain a certificate for the domain with the same name.
 
Hi AYamshanov,

Thank you for your insight,

Yes, I can see from the above the SSL is assigned to the server hostname and not the subsidiary domain name.

From the certificate list my options are as follows:

I have also tested the default certificate without joy :(.

Regarding renaming nothing has been actioned to date.

The active SSL on the server are as follows:
 

Attachments

  • Screenshot 3.png
    Screenshot 3.png
    30.8 KB · Views: 5
  • screenshot4.png
    screenshot4.png
    79 KB · Views: 5
That is strange. As a quick test, I would recommend to re-issue a Let's Encrypt certificate for the domain, my expectation is web-servers configs are updated and a correct certificate will be used.

If it does not help, it is better to contact Plesk Support team to find a root cause (especially if it is a bug) to figure out steps to reproduce and create a bug-report with necessary details for further fixing.
 
You must log in or register to reply here.

Similar threads

Rendor9
Resolved I can't renew my plesk onyx interface SSL certificate.
Replies
4
Views
1K
Rendor9
Rendor9
W
Resolved SSL certificate error (multiple certificates)
Replies
9
Views
3K
webolot
W
Lenny
Resolved Seeking Assistance with API Communication Issues via SSL on Plesk
Replies
4
Views
680
Lenny
Lenny
T
Issue Unable to install Let's Encrypt certificate for temporary domain
Replies
5
Views
2K
Peter Debik
P
T
Potential bug - Inactive domains, Ssl It extension and Nginx SSL stapling warning
Replies
2
Views
2K
trialotto
T
Back
Top