• Please be aware: Kaspersky Anti-Virus has been deprecated
    With the upgrade to Plesk Obsidian 18.0.64, "Kaspersky Anti-Virus for Servers" will be automatically removed from the servers it is installed on. We recommend that you migrate to Sophos Anti-Virus for Servers.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Issue SSLCACertificateFile: file '/opt/psa/var/certificates/cert-k1Xu9H' does not exist or is empty

C

Christian C

New Pleskian
Hello,

I've got a Problem with my webserver-configuration.

It's a german message shown in "Webserver Configurations Troubleshooter":

Fehler: Aufgrund von Fehlern in den Konfigurations-Templates konnten keine neuen Konfigurationsdateien für den Apache Webserver erstellt werden: AH00526: Syntax error on line 80 of /etc/apache2/plesk.conf.d/webmails/XXXXXX.de_webmail.conf: SSLCACertificateFile: file '/opt/psa/var/certificates/cert-k1Xu9H' does not exist or is empty.

The file exist and isn't empty. The right of the file show normal like the other ones.

Plesk repair on commandline ends without errors.

I've tried to renew all certificates and to change between LetsEncrypt and an bought certificate.


Plesk 17.8.11
Ubuntu 16.04

What can I do to fix?
 
This is a frequent error we are also seeing serveral times daily on all hosts. It is definitely a bug, but difficult to report, because it is not reproduceable manually. Probably a race condition somewhere in the code, because the web server configuration files are created, tested and activated before the SSL certificate file is in place. It is an absolutely annoying issue, because some times when a hard web server restart (the real restart, not the graceful reload) is executed afterwards, the web server stops and cannot be restarted until manual intervention.

The issue is for sure not linked to Cloudflare.

To get it working again:
Identify the domain given in /etc/apache2/plesk.conf.d/webmails/XXXXXX.de_webmail.conf (the XXXXXX.de part).
In the GUI go to that domain, select the default SSL certificate in hosting settings and no certificate in mail settings (if any).
Then go the the SSL icon and remove the existing Let's Encrypt certificate (if any).
Then click on the Let's Encrypt icon to create a new certificate.

Then go into web server configurations trouble shooter and reconfigure "Rebuild">"Broken" configuration files. This last step is only needed to remove the error message from Plesk GUI.
 
Peter Debik said:
This is a frequent error we are also seeing serveral times daily on all hosts. It is definitely a bug, but difficult to report, because it is not reproduceable manually. Probably a race condition somewhere in the code, because the web server configuration files are created, tested and activated before the SSL certificate file is in place. It is an absolutely annoying issue, because some times when a hard web server restart (the real restart, not the graceful reload) is executed afterwards, the web server stops and cannot be restarted until manual intervention.

The issue is for sure not linked to Cloudflare.

To get it working again:
Identify the domain given in /etc/apache2/plesk.conf.d/webmails/XXXXXX.de_webmail.conf (the XXXXXX.de part).
In the GUI go to that domain, select the default SSL certificate in hosting settings and no certificate in mail settings (if any).
Then go the the SSL icon and remove the existing Let's Encrypt certificate (if any).
Then click on the Let's Encrypt icon to create a new certificate.

Then go into web server configurations trouble shooter and reconfigure "Rebuild">"Broken" configuration files. This last step is only needed to remove the error message from Plesk GUI.
Click to expand...

Hello and thank you.

It's crazy and I don't understand it.

On plesk repair web -sslcerts in my commandline all other certifications were renewed. The timestamp from this one ist the same like before.
I tried your way, but I doesn't work. If I delete the LetsEncrypt certificate, this file still exists.
In the end I receive the same error in my Configurations Troubleshooter.
It looks like in this file is the CA-Cert for all LetsEncrypt certifications. Could it be?
Because it's allways the same in my domains.
 
Christian C said:
If I delete the LetsEncrypt certificate, this file still exists.
In the end I receive the same error in my Configurations Troubleshooter.
Click to expand...
There is no problem that a file exists. The problem is, that a non-existent file is referenced in the web server configuration.
It is impossible that the problem persists if you have followed the steps I have given above. If the same problem persists, you have not followed all the steps.
 
You must log in or register to reply here.

Similar threads

B
Issue NGINX Issue
Replies
1
Views
531
Martin Dias
Martin Dias
Bitpalast
Forwarded to devs Changing the host's default certificate does not update cert file references in the web server config files that are using the host cert
Replies
10
Views
3K
Bitpalast
Bitpalast
C
Issue "New configuration files for the Apache web server were not created due to the errors in configuration templates"
Replies
4
Views
5K
The 8th
The 8th
Dirk
Resolved Error in configuration file?
Replies
1
Views
1K
IgorG
IgorG
L
Resolved Trouble with error messages
Replies
2
Views
2K
lassos
L
Back
Top