Issue SSL Certs links broken after nightly plesk update

[SpAcEDeViL]

Hy,

i have an error with the ssl certificates.
Tonight, a update on 0h has "destroy" the config.
The cert. filename is different as the filename in the httpd.conf

In httpd.conf the name is "/usr/local/psa/var/certificates/cert-f1TcvQ"
In Errormail the name is "/usr/local/psa/var/certificates/cert-f44snr"
But when i recreate it, the name is "/usr/local/psa/var/certificates/cert-fPq8Y2"


the recreate of the website config dont help. Only a rename of the files helps, but then the recreate of the cert. fails on the next update interval.
How can we fix that?

Unable to generate the web server configuration file on the host <*****.keymachine.de> because of the following errors:



Template_Exception: nginx: [emerg] BIO_new_file("/usr/local/psa/var/certificates/cert-f44snr") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/usr/local/psa/var/certificates/cert-f44snr','r') error:2006D080:BIO routines:BIO_new_file:no such file)

nginx: configuration file /etc/nginx/nginx.conf test failed



file: /usr/local/psa/admin/plib/Template/Writer/Webserver/Abstract.php

line: 75

code: 0



Please resolve the errors in web server configuration templates and generate the file again.

In Mod-Security i become this error:

Fehler: Syntax error on line 49 of /etc/httpd/conf/plesk.conf.d/vhosts/****.******.de.conf:
SSLCertificateFile: file '/usr/local/psa/var/certificates/cert-f44snr' does not exist or is empty

i dont know, but that is the cert. name form another domain... a subdomain.

 

[UFHH01]

Hi SpAcEDeViL,

if you experience such issues on servers with Plesk 12.5 installed, consider to delete the misconfigured webserver - configuration file with for example:

rm /etc/httpd/conf/plesk.conf.d/vhosts/****.******.de.conf​

... and reconfigure the webserver - configuration files again with the command:

plesk repair web ****.******.de
or
/usr/local/psa/admin/sbin/httpdmng --reconfigure-domain ****.******.de
​

To reconfigure ALL webserver - configuration files ( server + domains), you can use the command:

plesk repair web​

More information about the "Plesk Repair utility" can be found at:

Plesk Repair Utility ( Plesk 12.5 online documentation - Administrator's Guide )​

Pls. be as well informed about the following commands:

nginx -t
or
service nginx configtest

AND

httpd -t ( for CentOS/RHEL - based systems )
or
apachectl configtest
apachectl -t​

With these commands, you are able to perform a configuration test over the command line, which can help to investigate possible issues/errors/problems/misconfigurations in your depending webserver - configuration files.
Additional informations about issues with your webserver can be found in the depending webserver - log - files.

Plesk for Linux services logs and configuration files ( KB - article: 111 283 )​

Sometimes, it is as well a good idea to change the log - level, to get more informations in psa - log - files:

How to enable/disable debug logging in Plesk 11.5 and up? ( KB - article 120 101 )​

 

[SpAcEDeViL]

Reinstall SSL certificates and set the default SSL certificate for all IP addresses? [Y/n] y
    Reinstalling SSL certificates ................................... [OK]
    Applying the default SSL certificate to all IP addresses ........ [OK]

  Repair server-wide configuration parameters for web servers? [Y/n] y
    Repairing server-wide configuration parameters for web servers .. [2016-10-18 15:38:48] ERR [util_exec] proc_close() failed ['/usr/local/psa/admin/bin/httpdmng' '--reconfigure-server'] with exit code [1]
[FAILED]
    - httpdmng failed: [2016-10-18 15:38:45] ERR [util_exec]
      proc_close() failed ['/usr/local/psa/admin/bin/apache-config'
      '-t'] with exit code [1]
      [2016-10-18 15:38:46] ERR [util_exec] proc_close() failed
      ['/usr/local/psa/admin/bin/apache-config' '-t'] with exit code
      [1]
      [2016-10-18 15:38:46] ERR [panel] Apache config
      (14767979220.46743300) generation failed: Template_Exception:
      Syntax error on line 49 of
      /etc/httpd/conf/plesk.conf.d/vhosts/****.shop-lighthouse.de.conf:
      SSLCertificateFile: file
      '/usr/local/psa/var/certificates/cert-f44snr' does not exist or
      is empty

      file:
      /usr/local/psa/admin/plib/Template/Writer/Webserver/Abstract.php
      line: 75
      code: 0
      Syntax error on line 49 of
      /etc/httpd/conf/plesk.conf.d/vhosts/****.shop-lighthouse.de.conf:
      SSLCertificateFile: file
      '/usr/local/psa/var/certificates/cert-f44snr' does not exist or
      is empty

Only a complete delete of the subdomain ***.shop-lighthouse.de was help....
But the Mod-Sec. is now broken...

 

[SpAcEDeViL]

Fehler: Der ModSecurity-Regelsatz konnte nicht aktualisiert werden: modsecurity_ctl failed: gpg: key 4520AFA9: "Atomicorp (Atomicorp Official Signing Key) <[email protected]>" not changed
gpg: Total number processed: 1
gpg: unchanged: 1
gpg: Signature made Mon Sep 12 17:56:54 2016 CEST using RSA key ID 4520AFA9
gpg: Good signature from "Atomicorp (Atomicorp Official Signing Key) <[email protected]>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 1818 66DF 9DAC A40E 5B42 9B08 FFBD 5D0A **** ****
TERM environment variable not set.
Not using downloaded repomd.xml because it is older than what we have:
Current : Wed Jul 13 21:47:48 2016
Downloaded: Tue Dec 15 22:02:41 2015
aum failed with exitcode 3.
stdout: 



Checking versions ... 

ASL version is current: [75G[[1;31m[1;32mPASS[0m[0m]
Updating Web Application Firewall to 201610171125: updated[75G[[1;31m[1;32mPASS[0m[0m]
-------------------------------------------------------------------------------
Errors were encountered:

L CODE SOURCE MESSAGE
- ---- ----------------------------- ------------------------------------------
[0;33m2 9901 ASLCommon::cmd_system ERROR: '/bin/cp -af /var/asl/rules/modsec/
template-* /var/asl/data/templates/ >/dev/
null 2>&1 (1)'
[0m[0;33m2 9901 ASLCommon::cmd_system ERROR: '/usr/sbin/apachectl -t >/dev/null 
2>&1 (1)'
[0m[0;33m2 9901 ASLCommon::cmd_exec ERROR: '(1) /usr/sbin/apachectl -t 2>&1 --
[Tue Oct 18 03:17:07 2016] [warn] module 
unique_id_module is already loaded, skippi
ng||[Tue Oct 18 03:17:07 2016] [warn] modu
le security2_module is already loaded, ski
pping||Syntax error on line 49 of /etc/htt
pd/conf/plesk.conf.d/vhosts/fliesen.shop-l
ighthouse.de.conf:||SSLCertificateFile: fi
le '/usr/local/psa/var/certificates/cert-f
44snr' does not exist or is empty'
[0m[0;33m2 601 c_modsec::apply_rules There is a problem with the apache config:
[Tue Oct 18 03:17:07 2016] [warn] module 
unique_id_module is already loaded, skippi
ng; [Tue Oct 18 03:17:07 2016] [warn] modu
le security2_module is already loaded, ski
pping; Syntax error on line 49 of /etc/htt
pd/conf/plesk.conf.d/vhosts/****.shop-l
ighthouse.de.conf:; SSLCertificateFile: fi
le '/usr/local/psa/var/certificates/cert-f
44snr' does not exist or is empty
[0m[0;33m2 601 c_modsec::apply_rules There is a problem with the apache config:
Rolling back to the previous update
[0m[1;31m3 600 c_modsec::apply_rules Errors occurred with Apache
[0m87.118.***.***
87.118.***.***


stderr: 
Unable to download tortix rule set

 

[UFHH01]

Hi SpAcEDeViL,

Unable to download tortix rule set

Pls. don't mix your initial issue with another one. There is enough place here in the Plesk forum, to open a NEW thread for each issue.