• Please be aware: Kaspersky Anti-Virus has been deprecated
    With the upgrade to Plesk Obsidian 18.0.64, "Kaspersky Anti-Virus for Servers" will be automatically removed from the servers it is installed on. We recommend that you migrate to Sophos Anti-Virus for Servers.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Issue SSL issue for some visitors, but not all

P

pieterpost

New Pleskian
Server operating system version
Ubuntu 22.04
Plesk version and microupdate number
18.0.64_build1800241008.13
I have a difficult issue with my Plesk managed STRATO VPS and really need help. Whenever I visit the main domain with the OwnCloud site that is installed there, everything is just fine. Correct page, correct certificate. However, some visitors (not all) somehow get to the Plesk login screen and get the Let's Encrypt certificate for the Plesk environment, instead of getting to the OwnCloud login page. Or worse: their browser refuses the connection, because of the certificate domain mismatch (the plesk server has a *.plesk.page host name).

It is really hard for me to debug this issue, as I cannot reproduce it from my end and I am unsure where to look for debug information.

Here are some details:
- Plesk Obsidian v18.0.64_build1800241008.13 os_Ubuntu 22.04
- DNS is managed by STRATO

Under Tools & Settings > General Settings > Customize Plesk URL the "All domains and subdomains that resolve to the server IP address but are not used for hosting" setting is activated, when I choose "No custom URLs. Only https://<server-IP-or-hostname>:8443" the users that wrongly get directed to the Plesk login now get a "Not Found" Apache error. Could this be a hint? Is Apache unaware of the fact that the main domain should direct to the OwnCloud instance?

When I run the SSL Labs test I get a "Certificate not valid for domain name" for the IPv6 address, but for the IPv4 address I get A grade, all fine. Could this be a hint?

I really don't know here to look. Is it a SSL issue, is it an Apache issue? Where can I look to debug this? Where does the server keep logs whenever a user ends up with the wrong certificate?
 
pieterpost said:
"Certificate not valid for domain name" for the IPv6 address
Click to expand...
I would start with this notice. Users who use IPv4 only and who can use IPv6 could see different results/answers from Plesk. It seems you have the IPv6 address. Is it configured on Plesk, and is it configured for a domain?

pieterpost said:
(the plesk server has a *.plesk.page host name).
Click to expand...
It is good for starting, but as a long-term solution, I would recommend configuring a separate hostname for Plesk inside a domain you own, How-to-change-or-get-the-server-hostname-on-Plesk-server and protect it with SSL/TLS certificate as well, How-to-secure-a-Plesk-hostname-on-port-8443-with-an-SSL-certificate-Let-s-Encrypt-other-certificate-authorities.
 
You must log in or register to reply here.

Similar threads

M
Resolved Lets Encrypt not issuing certs for subdomains
Replies
2
Views
272
mendip_discovery
M
LionKing
Issue Cloudflare's proxy function and SSL certificates
Replies
16
Views
893
LionKing
LionKing
M
Issue Wordpress MU alias domains with Let's Encrypt - hit the error: Order cannot contain more than 100 DNS names
Replies
1
Views
123
Kaspar
K
micneon
Issue Problems to del certificate with cli
Replies
0
Views
135
micneon
micneon
M
Issue SSL certificate to secure Plesk IP address issue (Not Lets Encrypt)
Replies
5
Views
751
Kaspar@Plesk
Kaspar@Plesk
Back
Top