• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:

    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Forwarded to devs SSL Certs after Plesk Onyx 17.8.11 to Obsidian 18.0.19 update

DECEiFER

New Pleskian
TITLE:
SSL Certs after Plesk Onyx 17.8.11 to Obsidian 18.0.19 update
PRODUCT, VERSION, OPERATING SYSTEM, ARCHITECTURE:
Plesk 18.0.19, Ubuntu 18.04.3 LTS
PROBLEM DESCRIPTION:
Hi,

I don't know if it's just me but on a test VDS I had Plesk Onyx 17.8.11 (Web Admin Edition) on, I updated it yesterday to Obsidian 18.0.19.

After doing so, I decided to give it a reboot, and when it came back up I tested a few sites I have hosted on it and my Let's Encrypt certs were no longer being picked up (I can't say if it would have occurred with a commercial cert as I don't have any on my test server). It was showing the default Parallels self-signed cert in the browser, but in each website's Hosting Settings, the LE cert was still showing correctly. I have to either reissue the certs or you can set the cert in Hosting Settings to none and then set the correct cert, which fixes the problem for the site (but not all of them - they have to be done individually). Just going into Hosting Settings and hitting Apply or Okay doesn't fix the issue per site.

I'm not sure if this is because of something I did when I had Onyx installed and nothing jumps out at me except for the fact that I did an OS upgrade from 16.04 to 18.04 some months ago, which I know is risky and not at all recommended. Truth is, I intend on going to CentOS 8 when Plesk Obsidian supports it and it's just my own test server, so I'm just reporting this now in case it isn't just me and in that case, that you'll add it to your list of bug fixes.​
STEPS TO REPRODUCE:
Update to Obsidian 18.0.19 RTM from Onyx 17.8.11.​
ACTUAL RESULT:
Let's Encrypt SSL certs need to be reset on each domain before they'll get picked up in spite of the fact that it shows the correct cert applied in the Hosting Settings.​
EXPECTED RESULT:
Existing SSL certs would still be applied to each site and served correctly to the browser.​
ANY ADDITIONAL INFORMATION:
YOUR EXPECTATIONS FROM PLESK SERVICE TEAM:
Confirm bug
 
Last edited:
From developer:

I failed to reproduce the issue. I tried setting SSL certificate on both admin and client domains, main and additional, via Let's Encrypt or SSL It - all of them remain attached after upgrade.
 
I've had a similar problem with onyx and now obsidian on one of our servers.
After adding a Let's encrypt ssl cert to a domain (with SSLit!), I get message, that the cert is ussued correctly.
Visiting the Domain fails in Cert Error "Bad cert domain", because the Server cert is set.
The Only way to fix it, is to regenerate the configuration for this domain using the "Configuration Troubleshooter"
After this the cert is applied correctly.

I've had this problem as described on one server with debian and onyx (now obsidian)
and on another Server with centOS and obsidian.

I think this could be the same problem as the one from the tc
 
I had the same issue with a new install; letsencrypt wouldn't let me install a certificate for plesk itself. turned out the ownership for "/opt/psa/var/certificates/" was set to root. Setting the permissions to psaadm solved my issue (chown psaadm:psaadm /opt/psa/var/certificates/*).

It did require a reboot to completely clear btw.
 
I had the same issue with a new install; letsencrypt wouldn't let me install a certificate for plesk itself. turned out the ownership for "/opt/psa/var/certificates/" was set to root. Setting the permissions to psaadm solved my issue (chown psaadm:psaadm /opt/psa/var/certificates/*).

It did require a reboot to completely clear btw.
 
Hi guys!
I am having a similar issue. I have a multidomain ssl certificate installed on a Onyx instance and certificate is serving fine.
Recently started a AWS lightsail box with plesk obsidian and tried using the certificate there. It gets installed fine, but then it keeps on saying 'domain not secured'.

Tried removing the certificate and installing it back again. Tried regenerating the conf files and nothing seems to solve the issue.

Any help will be much appreciated.

Thanks!
Shahadat
 

Attachments

  • cert_problem.png
    cert_problem.png
    89.4 KB · Views: 1
Back
Top