• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Question SSL activation failure

M

MattJ

New Pleskian
Hi Guys,

Hope you could help shed some light.

I'm running a Plesk CloudLinux server and I'm having trouble activating SSL's via the Lets Encrypt.

SSL IT! informs me the SSL has been installed correctly however upon reviewing the domain on the browser level it returns the following insecure errors:
NET::ERR_CERT_COMMON_NAME_INVALID

Hoping you can assist
Matthew J
 
Hi Peter,

Thanks for your reply

Yes, I have ticked www. subdomain as well as webmail. however, all including the naked domain still return an insecure error.
 
Is the browser connecting to the correct server IP?
Is the correct certificate selected in "Hosting Settings" of the domain on that server where the browser connects to?
 
Hi peter correct,

Here is a worked example of a domain im looking into:
Domain - balancecompany.co.za
SSL Reissued as Lets Encrypt on the following www., webmail and balancecompany.co.za and specified on the hosting setttings.

The domain is propagated to the correct shared hosting IP as per the following A record lookup:
www.whatsmydns.net

DNS Propagation Checker - Global DNS Checker Tool

Instant DNS Propagation Check. Global DNS Propagation Checker - Check DNS records around the world.
www.whatsmydns.net www.whatsmydns.net

Hosting settings and SSL settings can be seen in the attached screenshot:

The apache error logs also return the following:

Warning		AH01909: balancecompany.co.za:443:0 server certificate does NOT include an ID which matches the server name
 

Attachments

  • Screenshot 1.png
    Screenshot 1.png
    66.7 KB · Views: 7
  • Screenshot 2.png
    Screenshot 2.png
    53.8 KB · Views: 7
From settings perspective, everything looks correct. Meanwhile, a wrong certificate is using, looks like it is a certificate for a server itself, see SSL Server Test: balancecompany.co.za (Powered by Qualys SSL Labs).

Is there possibility to select another certificate in the "Certificate" drop-down ("Screenshot 1")? Could it be a certificate with a wrong named (if it was renamed before)? The name is only the name, but it does not mean that it really contain a certificate for the domain with the same name.
 
Hi AYamshanov,

Thank you for your insight,

Yes, I can see from the above the SSL is assigned to the server hostname and not the subsidiary domain name.

From the certificate list my options are as follows:

I have also tested the default certificate without joy :(.

Regarding renaming nothing has been actioned to date.

The active SSL on the server are as follows:
 

Attachments

  • Screenshot 3.png
    Screenshot 3.png
    30.8 KB · Views: 6
  • screenshot4.png
    screenshot4.png
    79 KB · Views: 6
That is strange. As a quick test, I would recommend to re-issue a Let's Encrypt certificate for the domain, my expectation is web-servers configs are updated and a correct certificate will be used.

If it does not help, it is better to contact Plesk Support team to find a root cause (especially if it is a bug) to figure out steps to reproduce and create a bug-report with necessary details for further fixing.
 
You must log in or register to reply here.

Similar threads

N
Issue Plesk Hostingpanel SSL Certificate Appearing in SSL Test for My Domain
Replies
4
Views
728
learning_curve
learning_curve
J
Resolved Problem with SSL
Replies
2
Views
694
JanBr
J
C
Resolved Plesk mail SSL certificates invalid, common name problems (websites fine)
Replies
4
Views
671
Chucky_213123
C
C
Resolved Plesk Extensions does not appear
Replies
2
Views
451
conor
C
H
Resolved Problem with install Let's Encrypt SSL/TLS certificate
Replies
6
Views
2K
HungLuu
H
Back
Top