• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:

    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

SSL Not Updating Properly

Tsi-Shawn

Basic Pleskian
I renewed an SSL cert for one of my servers. After several hours, then days I noticed that the date had not updated to show the new expiration date.

When I do an ssl check through https://ssltools.thawte.com/checker/views/certCheck.jsp it shows the following when scanning https://webhost1.teksavvy.com:8443:

Valid from: 2014-Apr-11 00:00:00 GMT
Valid to: 2015-Apr-11 23:59:59 GMT

When scanning https://webhost1.teksavvy.com it shows:

Valid from: 2015-Mar-13 00:00:00 GMT
Valid to: 2017-May-11 23:59:59 GMT

I have never seen this happen before. I have applied the cert, updated the IP that it is attached to and restarted httpd. has anyone seen this before and know of a fix?


Error logs show:

[Wed Mar 18 11:27:49 2015] [warn] RSA server certificate CommonName (CN) `webhost1.teksavvy.com' does NOT match server name!?
[Wed Mar 18 11:27:49 2015] [warn] RSA server certificate CommonName (CN) `webhost1.teksavvy.com' does NOT match server name!?
[Wed Mar 18 11:27:49 2015] [warn] Init: Name-based SSL virtual hosts only work for clients with TLS server name indication support (RFC 4366)
[Wed Mar 18 11:27:49 2015] [warn] No JkLogFile defined in httpd.conf. Using default /etc/httpd/logs/mod_jk.log
[Wed Mar 18 11:27:49 2015] [warn] No JkShmFile defined in httpd.conf. Using default /etc/httpd/logs/jk-runtime-status
[Wed Mar 18 11:27:49 2015] [notice] mod_python: Creating 4 session mutexes based on 100 max processes and 0 max threads.
[Wed Mar 18 11:27:49 2015] [notice] mod_python: using mutex_directory /tmp
[Wed Mar 18 11:27:49 2015] [notice] Apache/2.2.15 (Unix) DAV/2 mod_ssl/2.2.15 OpenSSL/1.0.1e-fips mod_fcgid/2.3.9 mod_jk/1.2.40 mod_python/3.3.1 Python/2.6.6 mod_perl/2.0.4 Perl/v5.10.1 configured -- resuming normal operations
 
Last edited:
In Plesk, go to..
Code:
Tools & Settings -> SSL Certificates

Select your certificate and click the button that says "Secure Panel" or "Secure Plesk" click that and it will apply your new certificate to the panel.

Note: Plesk is served via its own webserver, hence port 8443 and restarting Apache didn't help.

Restart Plesk Webserver
Code:
service sw-cp-server restart
or
Code:
/etc/init.d/sw-cp-server restart

I hope that helps
Kind regards

Lloyd
 
Hey Lloyd,

I have done both and when I restart sw-cp

[root@webhost1 certificates]# service sw-cp-server restart
Stopping sw-cp-serverd: [FAILED]
Starting sw-cp-serverd: nginx: [emerg] bind() to 0.0.0.0:6308 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:12443 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:8443 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:8880 failed (98: Address already in use)
nginx: [emerg] bind() to [::]:8443 failed (98: Address already in use)
nginx: [emerg] bind() to [::]:8880 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:6308 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:12443 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:8443 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:8880 failed (98: Address already in use)
nginx: [emerg] bind() to [::]:8443 failed (98: Address already in use)
nginx: [emerg] bind() to [::]:8880 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:6308 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:12443 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:8443 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:8880 failed (98: Address already in use)
nginx: [emerg] bind() to [::]:8443 failed (98: Address already in use)
nginx: [emerg] bind() to [::]:8880 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:6308 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:12443 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:8443 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:8880 failed (98: Address already in use)
nginx: [emerg] bind() to [::]:8443 failed (98: Address already in use)
nginx: [emerg] bind() to [::]:8880 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:6308 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:12443 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:8443 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:8880 failed (98: Address already in use)
nginx: [emerg] bind() to [::]:8443 failed (98: Address already in use)
nginx: [emerg] bind() to [::]:8880 failed (98: Address already in use)
nginx: [emerg] still could not bind()
[FAILED]
 
[root@webhost1 certificates]# lsof -i :8443
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
sw-cp-ser 8627 root 9u IPv4 36562572 0t0 TCP *:pcsync-https (LISTEN)
sw-cp-ser 8627 root 11u IPv6 36562574 0t0 TCP *:pcsync-https (LISTEN)
sw-cp-ser 8628 sw-cp-server 9u IPv4 36562572 0t0 TCP *:pcsync-https (LISTEN)
sw-cp-ser 8628 sw-cp-server 11u IPv6 36562574 0t0 TCP *:pcsync-https (LISTEN)

[root@webhost1 certificates]# lsof -i :8880
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
sw-cp-ser 8627 root 10u IPv4 36562573 0t0 TCP *:cddbp-alt (LISTEN)
sw-cp-ser 8627 root 12u IPv6 36562575 0t0 TCP *:cddbp-alt (LISTEN)
sw-cp-ser 8628 sw-cp-server 10u IPv4 36562573 0t0 TCP *:cddbp-alt (LISTEN)
sw-cp-ser 8628 sw-cp-server 12u IPv6 36562575 0t0 TCP *:cddbp-alt (LISTEN)
[root@webhost1 certificates]# kill -9 8627 8628

[root@webhost1 certificates]# service sw-cp-server restart
Stopping sw-cp-serverd: [FAILED]
Starting sw-cp-serverd: [ OK ]

Now everything is working.
 
I have it all working. I should have just killed the pid's to begin with lol. I was over thinking things. I will reply to the other thread just to tie it off.
 
Yeah, normally its best you STOP the service (for a minute or so) then START it. Otherwise, pkill.
 
Back
Top