• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

SSL SNI does not work for my domains

D

dalydesign

Basic Pleskian
I have multiple domains on a single IP address and many require SSL Certificates.

I have enabled SNI in /etc/psa/psa.conf so it now says "SNI_SUPPORT true" as it was originally set to False. Setting this to TRUE then enabled the SSL option in 'Websites & Domains'.

I then purchased and installed the SSL Cert and activated it in the domain settings. On a dedicated IP address, this would work.

When I checked the certificate. it was not using the assigned SSL cert, instead it was using the Servers default certificate (plesk) that is assigned to the shared IP address.

When I check, I get the error message: "[warn] RSA server certificate CommonName (CN) `plesk' does NOT match server name"

I then rebooted the server and it made no difference. I changed the domain to a spare dedicated IP address, and the SSL Cert was certified correctly (it used the correct SSL Cert). When I changed it back to the shared IP address, it reverted back to the shared IP address' SSL cert. So the new SSL Cert was being ignored.

Can anyone advise.?

Thanks in advance.

For info: currently running 11.0.9 on Centos 5 and I'm testing this with latest IE, FF, Chrome so it accepts TLS Server Name Indication.
 
Last edited:
Hum, i don't think Centos 5 has the support for SNI, it is necessary Apache 2.2.21 as minimum and also openssl 0.9.8f

So try to check what versions of Apache and openssl you have installed
 
Check that SNI support exists with something like:
# strings /usr/lib/httpd/modules/mod_ssl.so | grep -i sni
SSLStrictSNIVHostCheck
Strict SNI virtual host checking
Non-default virtual host with SSLVerify set to 'require' and VirtualHost-specific CA certificate list is only available to clients with TLS server name indication (SNI) support
Hostname %s provided via SNI, but no hostname provided in HTTP request
Hostname %s provided via SNI and hostname %s provided via HTTP are different
No hostname was provided via SNI for a name based virtual host
SSL_TLS_SNI
Click to expand...

Additionally, as far as I remember, you need to install SNI support specially for CentOS5 in autoinstaller. Some operating Systems support SNI by default, so it will not be avaiable in Plesk autoinstaller for installation. Operating Systems that support SNI by default:

Redhat enterprise Linux 6.x and later
Fedora 10 and later
Centos 6.x SNI
Debian 6.x and later
Ubuntu 10.04 and later
 
You must log in or register to reply here.

Similar threads

PrimeSites
Issue Server-wide backup invalidates SSL cert when deployed on back-up server
Replies
4
Views
441
PrimeSites
PrimeSites
f0rtem
Question Unable to use SSL unless I expose my IP?
Replies
2
Views
788
f0rtem
f0rtem
J
Resolved WordPress Network setup on Alias -- how to add alternative domains with Lets Encrypt SSL Certs?
Replies
3
Views
340
joell
J
D
Issue Lets Encrypt Not Successful over port 80
Replies
8
Views
340
Daiv
D
D
Issue certificate of VPS host still used after SSL configuration for newly added domain
Replies
4
Views
616
deepnpisgah
D
Back
Top