SSL Cert Deleted when Syncing Subscription

[nrep]

TITLE:

SSL Cert Deleted when Syncing Subscription​

PRODUCT, VERSION, OPERATING SYSTEM, ARCHITECTURE:

Windows 2012 R2, Plesk Onyx​

PROBLEM DESCRIPTION:

If plan details are changed and then subscriptions are sync'd, the HTTPS versions of the sites go offline. I need to re-run the lets-encrypt script to get the HTTPS site working again. This is on a Windows 2012 R2 server.

It looks like SSL certs are removed when syncing, as this appears in the event log:

"SSL Certificate Settings deleted for endpoint "

They aren't re-created though. If I try and visit the site, it doesn't allow a connection and event viewer shows "A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 46.".

If I re-run the let-encrypt script, the sites comes back online. Running the monthly lets-encrypt cron will also bring the sites back online.​

STEPS TO REPRODUCE:

Add multiple sites with Lets Encrypt SSL cert, make update to plan (i.e. PHP 7 > 7.1) and let sunscriptions re-sync with new plan settings. The SSL certifications disappear and sites stop working.

Lets encrypt needs to be manually run again to re-assign the certificate (either one at a time, or forcing the monthly cron).​

ACTUAL RESULT:

SSL certs stop working​

EXPECTED RESULT:

SSL certs should remain unaccected​

ANY ADDITIONAL INFORMATION:

​

YOUR EXPECTATIONS FROM PLESK SERVICE TEAM:

Confirm bug​

 

[IgorG]

Thanks. Forwarded to developers.

 

[IgorG]

Plesk developers can't reproduce this issue.

 

[nrep]

I've got the problem happening on two different Windows 2012 R2 servers with the latest plesk Onyx, so I may be explaining the problem badly.

I have a plan created which I use on specific websites (all using Lets Encrypt), this currently uses PHP 7. I went in to the plan and changed the PHP version to 7.1 and then waited while all ~20 subscriptions sync'd with the new details. All of the HTTPS sites went offline, as there was a problem somewhere with the certificate (HTTP still worked). I then had to go through each site and renew the Lets Encrypt cert manually. When I tried on another server, the same thing happened, but this time I ran the Lets Encrypt cron to fix the issue.

If I change the PHP settings for an individual subscription (outside of the plan), then it'll work as expected. It's only when changing something within the plan and then letting it resync that the problem occurs.

 

[IgorG]

Still not reproduced.
There is no reason to delete certificate while any parameter changed at the Service Plan.
Could you provide access to the server and Service Plan name for which this issue actual in PM?

 

[nrep]

Let me see if I can set up the same thing on a test server and then I'll send over the details .

 

[Binesh S]

Yes my server also same issue. A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 40. The Windows SChannel error state is 1205.

 

[Ales]

The error looks to be similar but it is not clear if your environment the same as described by @nrep. Have you also changed the hosting plan, causing the certificates to disappear, as originally described? Are your OS and Plesk versions the same as his?