• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion
  • Please beaware of a breaking change in the REST API on the next Plesk release (18.0.62).
    Starting from Plesk Obsidian 18.0.62, requests to REST API containing the Content-Type header with a media-type directive other than “application/json” will result in the HTTP “415 Unsupported Media Type” client error response code. Read more here

Issue SSL Certs links broken after nightly plesk update

S

SpAcEDeViL

Basic Pleskian
Hy,

i have an error with the ssl certificates.
Tonight, a update on 0h has "destroy" the config.
The cert. filename is different as the filename in the httpd.conf

In httpd.conf the name is "/usr/local/psa/var/certificates/cert-f1TcvQ"
In Errormail the name is "/usr/local/psa/var/certificates/cert-f44snr"
But when i recreate it, the name is "/usr/local/psa/var/certificates/cert-fPq8Y2"


the recreate of the website config dont help. Only a rename of the files helps, but then the recreate of the cert. fails on the next update interval.
How can we fix that?

Code: 
Unable to generate the web server configuration file on the host <*****.keymachine.de> because of the following errors:



Template_Exception: nginx: [emerg] BIO_new_file("/usr/local/psa/var/certificates/cert-f44snr") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/usr/local/psa/var/certificates/cert-f44snr','r') error:2006D080:BIO routines:BIO_new_file:no such file)

nginx: configuration file /etc/nginx/nginx.conf test failed



file: /usr/local/psa/admin/plib/Template/Writer/Webserver/Abstract.php

line: 75

code: 0



Please resolve the errors in web server configuration templates and generate the file again.

In Mod-Security i become this error:

Code: 
Fehler: Syntax error on line 49 of /etc/httpd/conf/plesk.conf.d/vhosts/****.******.de.conf:
SSLCertificateFile: file '/usr/local/psa/var/certificates/cert-f44snr' does not exist or is empty

i dont know, but that is the cert. name form another domain... a subdomain.
 
Hi SpAcEDeViL,

if you experience such issues on servers with Plesk 12.5 installed, consider to delete the misconfigured webserver - configuration file with for example:

rm /etc/httpd/conf/plesk.conf.d/vhosts/****.******.de.conf

... and reconfigure the webserver - configuration files again with the command:

plesk repair web ****.******.de
or
/usr/local/psa/admin/sbin/httpdmng --reconfigure-domain ****.******.de
To reconfigure ALL webserver - configuration files ( server + domains), you can use the command:

plesk repair web

More information about the "Plesk Repair utility" can be found at:




Pls. be as well informed about the following commands:

nginx -t
or
service nginx configtest

AND

httpd -t ( for CentOS/RHEL - based systems )
or
apachectl configtest
apachectl -t

With these commands, you are able to perform a configuration test over the command line, which can help to investigate possible issues/errors/problems/misconfigurations in your depending webserver - configuration files.
Additional informations about issues with your webserver can be found in the depending webserver - log - files.


Sometimes, it is as well a good idea to change the log - level, to get more informations in psa - log - files:

 
Code: 
Reinstall SSL certificates and set the default SSL certificate for all IP addresses? [Y/n] y
    Reinstalling SSL certificates ................................... [OK]
    Applying the default SSL certificate to all IP addresses ........ [OK]

  Repair server-wide configuration parameters for web servers? [Y/n] y
    Repairing server-wide configuration parameters for web servers .. [2016-10-18 15:38:48] ERR [util_exec] proc_close() failed ['/usr/local/psa/admin/bin/httpdmng' '--reconfigure-server'] with exit code [1]
[FAILED]
    - httpdmng failed: [2016-10-18 15:38:45] ERR [util_exec]
      proc_close() failed ['/usr/local/psa/admin/bin/apache-config'
      '-t'] with exit code [1]
      [2016-10-18 15:38:46] ERR [util_exec] proc_close() failed
      ['/usr/local/psa/admin/bin/apache-config' '-t'] with exit code
      [1]
      [2016-10-18 15:38:46] ERR [panel] Apache config
      (14767979220.46743300) generation failed: Template_Exception:
      Syntax error on line 49 of
      /etc/httpd/conf/plesk.conf.d/vhosts/****.shop-lighthouse.de.conf:
      SSLCertificateFile: file
      '/usr/local/psa/var/certificates/cert-f44snr' does not exist or
      is empty

      file:
      /usr/local/psa/admin/plib/Template/Writer/Webserver/Abstract.php
      line: 75
      code: 0
      Syntax error on line 49 of
      /etc/httpd/conf/plesk.conf.d/vhosts/****.shop-lighthouse.de.conf:
      SSLCertificateFile: file
      '/usr/local/psa/var/certificates/cert-f44snr' does not exist or
      is empty

Only a complete delete of the subdomain ***.shop-lighthouse.de was help....
But the Mod-Sec. is now broken...
 
Last edited:
Code: 
Fehler: Der ModSecurity-Regelsatz konnte nicht aktualisiert werden: modsecurity_ctl failed: gpg: key 4520AFA9: "Atomicorp (Atomicorp Official Signing Key) <[email protected]>" not changed
gpg: Total number processed: 1
gpg: unchanged: 1
gpg: Signature made Mon Sep 12 17:56:54 2016 CEST using RSA key ID 4520AFA9
gpg: Good signature from "Atomicorp (Atomicorp Official Signing Key) <[email protected]>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 1818 66DF 9DAC A40E 5B42 9B08 FFBD 5D0A **** ****
TERM environment variable not set.
Not using downloaded repomd.xml because it is older than what we have:
Current : Wed Jul 13 21:47:48 2016
Downloaded: Tue Dec 15 22:02:41 2015
aum failed with exitcode 3.
stdout: 



Checking versions ... 

ASL version is current: [75G[[1;31m[1;32mPASS[0m[0m]
Updating Web Application Firewall to 201610171125: updated[75G[[1;31m[1;32mPASS[0m[0m]
-------------------------------------------------------------------------------
Errors were encountered:

L CODE SOURCE MESSAGE
- ---- ----------------------------- ------------------------------------------
[0;33m2 9901 ASLCommon::cmd_system ERROR: '/bin/cp -af /var/asl/rules/modsec/
template-* /var/asl/data/templates/ >/dev/
null 2>&1 (1)'
[0m[0;33m2 9901 ASLCommon::cmd_system ERROR: '/usr/sbin/apachectl -t >/dev/null 
2>&1 (1)'
[0m[0;33m2 9901 ASLCommon::cmd_exec ERROR: '(1) /usr/sbin/apachectl -t 2>&1 --
[Tue Oct 18 03:17:07 2016] [warn] module 
unique_id_module is already loaded, skippi
ng||[Tue Oct 18 03:17:07 2016] [warn] modu
le security2_module is already loaded, ski
pping||Syntax error on line 49 of /etc/htt
pd/conf/plesk.conf.d/vhosts/fliesen.shop-l
ighthouse.de.conf:||SSLCertificateFile: fi
le '/usr/local/psa/var/certificates/cert-f
44snr' does not exist or is empty'
[0m[0;33m2 601 c_modsec::apply_rules There is a problem with the apache config:
[Tue Oct 18 03:17:07 2016] [warn] module 
unique_id_module is already loaded, skippi
ng; [Tue Oct 18 03:17:07 2016] [warn] modu
le security2_module is already loaded, ski
pping; Syntax error on line 49 of /etc/htt
pd/conf/plesk.conf.d/vhosts/****.shop-l
ighthouse.de.conf:; SSLCertificateFile: fi
le '/usr/local/psa/var/certificates/cert-f
44snr' does not exist or is empty
[0m[0;33m2 601 c_modsec::apply_rules There is a problem with the apache config:
Rolling back to the previous update
[0m[1;31m3 600 c_modsec::apply_rules Errors occurred with Apache
[0m87.118.***.***
87.118.***.***


stderr: 
Unable to download tortix rule set
 
You must log in or register to reply here.

Similar threads

C
Question SSL certificate location for Prosody import
Replies
7
Views
2K
Kaspar
K
B
Issue NGINX Issue
Replies
1
Views
179
Martin Dias
Martin Dias
I
Issue Websocket connection failing on Plesk server
Replies
1
Views
505
Kaspar
K
D
Issue certificate of VPS host still used after SSL configuration for newly added domain
Replies
4
Views
830
deepnpisgah
D
D
Question NGINX Unit on server under plesk
Replies
4
Views
528
trialotto
T
Back
Top