1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice

The certificate for plesk has expired - PROBLEM

Discussion in 'Plesk for Linux - 8.x and Older' started by dave@, Sep 1, 2005.

  1. dave@

    dave@ Guest

    0
     
    Code:
     ################# SSL Certificate Warning ################
    
     Certificate for plesk, in '/etc/httpd/conf/httpd.pem':
    
      The certificate needs to be renewed; this can be done
      using the 'genkey' program supplied with Red Hat
      Enterprise Linux.
    
      Browsers will not be able to correctly connect to this
      web site using SSL until the certificate is renewed.
    
     ##########################################################
                                      Generated by certwatch(8)
    
    I have already updated the self-signed certificate on my server and my GeoTrust certificate is coming up for renewal in November, so why am I getting these emails everyday? PLESK and all other https connections work fine... Any reccommendations?
     
  2. jamesyeeoc

    jamesyeeoc Guest

    0
     
    Did you manually verify the date on the /etc/httpd/conf/httpd.pem file? Does it show the new 2005 creation/modification date?
     
  3. dave@

    dave@ Guest

    0
     
    Excuse my ignorance, but how do I do that?
     
  4. jamesyeeoc

    jamesyeeoc Guest

    0
     
    Sorry, I saw you registered in 2001, so I figured you would know this by now. Do you have SSH root access to the server? If so, then connect via SSH, login as root, CD to the directory (cd /etc/httpd/conf) and do: ls -al
     
  5. dave@

    dave@ Guest

    0
     
    Code:
    [root@psa1 conf]# ls -al
    total 300
    drwxr-xr-x    7 root     root         4096 Aug 30 21:53 .
    drwxr-xr-x    4 root     root         4096 Jun 28 21:45 ..
    -rw-r--r--    1 root     root        35400 Aug 30 21:53 httpd.conf
    -rw-r--r--    1 root     root        35398 May  9 20:30 httpd.conf.save_by_frontpage
    -rw-r--r--    1 root     root        35168 Sep 25  2003 httpd.conf.saved_by_psa
    -rw-r--r--    1 root     root        35378 Aug 19  2004 httpd.conf.saved_by_psa.11.01;19:26
    -rw-r--r--    1 root     root        35394 Nov 23  2004 httpd.conf.saved_by_psa.11.23;20:56
    -rw-r--r--    1 root     root        35394 Nov 23  2004 httpd.conf.saved_by_psa.12.09;20:04
    -rw-r--r--    1 root     root         9394 Aug 30 21:25 httpd.include
    -rw-r--r--    1 root     root         8603 Aug 17 13:59 httpd.include.bak
    -rw-r--r--    1 root     root         9394 Aug 30 21:25 httpd.include.new
    -r--------    1 root     root         3293 Aug 19  2004 httpd.pem
    -rw-r--r--    1 root     root        12959 Feb 25  2005 magic
    lrwxrwxrwx    1 root     root           37 Aug 30 18:45 Makefile -> ../../../usr/share/ssl/certs/Makefile
    drwx------    2 root     root         4096 Aug 30 18:45 ssl.crl
    drwx------    2 root     root         4096 Aug 30 18:45 ssl.crt
    drwx------    2 root     root         4096 Feb 25  2005 ssl.csr
    drwx------    2 root     root         4096 Feb 25  2005 ssl.key
    drwx------    2 root     root         4096 Feb 25  2005 ssl.prm
    
    
     
  6. jamesyeeoc

    jamesyeeoc Guest

    0
     
    This is the default Plesk (SWsoft) certificate which is installed for the Control Panel interface. If you login to the control panel and go to Server - Certificates, then click on 'default certificate', you will see this is the 2048 bit SWsoft, Inc. - Plesk certificate. You can compare the RSA Private key and Certificate (if you really want to).

    As the warning states, you could use the 'genkey' program blah blah, or if you already have another valid certificate installed and listed in Server - Certificates, you could select it and click on 'Default'. You should then see the selected certificate in BOLD instead of the 'default certificate' in bold.
     
  7. dave@

    dave@ Guest

    0
     
    I tried that, it still gives me errors daily.
     
  8. alex042

    alex042 Guest

    0
     
    We had problems with this also. We couldn't get a new default cert to take until after we rebooted the server.
     
  9. dave@

    dave@ Guest

    0
     
    I have tried numerous times in PLESK to delete the OLD certificate, but it will not let me for some reason.
     
  10. jamesyeeoc

    jamesyeeoc Guest

    0
     
    Did you reboot the server as Alex042 suggested?
     
  11. dave@

    dave@ Guest

    0
     
    I sure did.
     
  12. dave@

    dave@ Guest

    0
     
    The reason I can't delete the old certificate is because the server thinks that there i s still IPs associated with it. But there isn't. I changed the default cerver certificate to another certificate, but the server still thinks that the old cert. is the default.
     
  13. 1and1user

    1and1user Guest

    0
     
    Hi folks,

    Looking that previous posts on this thread, I have rebooted my system, but still get errors that that popped up for reasons I don't understand.

    I've been editing my httpd.conf file to debug problems with Bugzilla. I was getting the usual permission denied errors, and suddenly, got the 500 error:

    HTTP Status 500 - No Context configured to process this request.

    I thought this was due to my commenting out the DocumentRoot section by mistake, but fixing that did not solve the problem. And, with apache stopped, the same page problem appears.

    Looking at my /home/httpd/vhosts/nanswi.com/statistics/logs/error_ssl_log file, I see:

    [warn] RSA server certificate CommonName (CN) `plesk' does NOT match server name!?

    This dates back to when the problem occured. I looked at my cert setup, but it showed no certs. If there were none before, not sure why this would come up now.

    After a timeout, I had to log in again, and now I see this on the web page:

    ERROR
    Unable to query database: Duplicate entry '36-Contact Name' for key 1

    0: /usr/local/psa/admin/plib/class.ActionLog.php:638 psaerror(string "Unable to query database: Duplicate entry '34-Contact Name' for key 1")
    1: /usr/local/psa/admin/plib/class.ActionLog.php:515 logcomponent->submit(integer "34")
    2: /usr/local/psa/admin/plib/class.ActionLog.php:450 actionlog->submitbuffer_()
    3: /usr/local/psa/admin/htdocs/login_up.php3:268 actionlog->submit()
    4: /usr/local/psa/admin/htdocs/login_up.php3:128 createsessionadmin(string "login", string "passwd")
    5: /usr/local/psa/admin/htdocs/login_up.php3:637 createsession(string "login", string "passwd")

    Your help is appreciated.

    Lars
     
  14. jamesyeeoc

    jamesyeeoc Guest

    0
     
    If it is due to association with an IP, that might be in the /etc/httpd/conf/httpd.include file, one of the 'SSLCertificateFile' entries within a <VirtualHost xx.yy.zz.nn:443> sections. You would need to find out the certificate filename then search the httpd.include file for any occurences of the filename. (See below for finding the filename) But I would suspect that the problem lies in the 'psa' database.

    I won't give a class in mysql usage, but just where to look. Whether you use mysql commandline or phpMyAdmin is up to you. If you don't already know how to use mysql, then I recommend you download and install phpMyAdmin, it's a GUI and quite easy to use by browser. I recommend putting it into a password protected folder on the SSL side of your site. (I have no clue as to your level of experience, I do not mean to offend)

    Notes: If the /etc/httpd/conf/httpd.pem file does not contain the RSA Private Key and Certificate info of your new certificate, then you can also do the following (after doing the above procedure).

    In the Db 'psa' Table 'certificates', also write down the 'cert_file' value for your certificate (Field 'name' will contain the friendly name you specified in Plesk c.p. when you entered it. (something like cert-y93CtA All certs have random names).

    This will be the filename of your new certificate located in:

    /usr/local/psa/var/certificates/

    You can also try copying and renaming this file to:

    /etc/httpd/conf/httpd.pem

    (Remember to make a backup copy of the original httpd.pem file just in case)

    Restart Apache.
    Disclaimer: I am not responsible if your server crashes. Make a full backup before attempting any of this. Making changes to the database always has an associated risk. Do so only at your own risk. It's kind of like M$'s disclaimer about modifying the Windows Registry....same thing applies here to Plesk's database....

    1and1user - First it is not nice to hijack someone else's post, especially when your problem is NOT the same as the original one being worked on.

    Second, your error "[warn] RSA server certificate CommonName (CN) `plesk' does NOT match server name!?" is common and is most likely NOT the cause of your 500 error. Please make a new post on the forum to address your problem. Do not continue posting about your problem in other people's threads unless it is THE SAME. Thank you. Also do a search on "500 Error", there have been at least a few other threads.
     
  15. Traged1

    Traged1 Guest

    0
     
    Expired PLESK SSL certificate renewal HOW TO:

    # mkdir /Some-Folder/SSL-Cert

    # cd /Some-Folder/SSL-Cert

    # openssl req -new -key /etc/httpd/conf/httpd.pem -out server.csr

    # openssl x509 -req -days 360 -in server.csr -signkey /etc/httpd/conf/httpd.pem -out server.crt

    # cp /etc/httpd/conf/httpd.pem /etc/httpd/conf/httpd.pem.bak

    # vi server.crt
    # vi /etc/httpd/conf/httpd.pem
    # service httpd restart
     
  16. dave@

    dave@ Guest

    0
     
    This did not work at alll....
     
  17. leobag

    leobag Guest

    0
     
    The beginning of this new year has brought me to the same situation. Our server's self-signed certificate has expired and I am having difficulty locating a solution how to update it. I would much rather update or renew the currently expired certificate - because there are people using it. I looked at Traged1's option, but dave says it did not work.

    So how can I update the certificate? Also, would it be possible to extend the validity to say 5 years instead of 1 year?

    Thanks,
    Leo
     
  18. leobag

    leobag Guest

    0
     
    anyone that can assist with this?

    Thank you
     
  19. Traged1

    Traged1 Guest

    0
     
    I am not sure what Dave did not due properly, but it has worked on two of our RHEL 3 servers without any problems what so ever.

    I would suggest giving my solution a try if you are using Redhat Linux or any other flavor of Linux and if it does not work, please let me know.
     
  20. Traged1

    Traged1 Guest

    0
     
    I will repost my solution since in Dave post he appears to have a few things mixed up:

     
Loading...