• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

The certificate for plesk has expired - PROBLEM

Thanks Traged1, I will give it a try... but a couple quick questions:

Will this simply be switched with the current (expired) certificate? Keeping all name, location, department info the same?

And, is there anyway to extend the certificate for longer than 1-year?

Thanks!
Leo
 
Yes it will work off of your old information in the existing SSL Cert as far as I know.

To extend the cert longer just change the "days 360" to something like "days 36000"
 
Originally posted by Traged1
Yes it will work off of your old information in the existing SSL Cert as far as I know.

To extend the cert longer just change the "days 360" to something like "days 36000"
Click to expand...
You may want to only go with 4 digits, on some systems if you try to do almost 100 years, the SSL expire date will wrap around to 1980 something year.
 
Here is a clean, click friendly solution. Only minor shell knowledge needed ;)

1) login into your Plesk control panel as admin. Go to "Server" section.

2) click on "Certificates". If nothing else, you'll see atleast one cert there, the default one. Leave it alone for the time being.

3) click "Add New Certificate". Choose a name for it (eg. "new plesk cert"), choose 2048 bits, enter other info (you can copy SwSoft's info if you want to). Click "Self Signed" button and wait for the server to generate the new cert.

Now you'll have atleast two certs in the list, the old default one and the new one you have just created (you might have others too).

4) choose the new cert and click "Default". Choose it again and click "Setup". Wait a bit, the server might get stuck on this screen. Doesn't matter, remain calm. :cool:

5) go back to the "Server" area and go into "IP Addresses". Click on each IP you have and if uses the old default cert, change it. Chose the new one instead. If it uses another cert, leave it alone.

6) now, go back to "Certificates" area. You'll notice that the "Used" number next to the old default cert is zero. If it isn't, then you've forgot to change some IP's chosen cert.

You can delete the old default cert now, if you wish. It doesn't matter.

7) now, go into shell and su to root if you aren't root already. Issue the command 'service psa stopall'. Than issue the command 'service psa startall'. Make sure the services restarted as they should.

It often happens that the admin server doesn't restart right away, issue the command 'service psa restart' just to be sure.

That's it, your Plesk will use a renewed cert.

If you ever need to mess with this certs by the hand, here is some useful info (RHEL server):

- admin cert is in "/usr/local/psa/admin/conf/httpsd.pem" file
- other certs are in the /usr/local/psa/var/certificates directory

The restart of merely psa admin httpd doesn't do it. We've always needed to restart all psa services in order to activate the new admin cert (probably just some of them, but who has time to research which). The server restart is an overkill, though. It destroys those wonderful uptime stats if nothing else :eek: :D

Hope this helps.
 
We had an old certificate installed and we just updated but when I browse to the plesk admin site, I'm still hitting the old certificate.

Ales mentioned restarting all plesk services. I restarted apache and psa. What other ones need to be reset to hit the new certificate?

Thanks,
Wally
 
Ales, thank you very much for your very detailed instructions. It seems to have worked in my case, and nothing was broken :D

I was afraid of deleting the "default certificate" because for some reason I feared it could screwed up things... :) But it seems that the process is rather peaceful.
 
Hey guys,

Does anyone know if it is possible to easily update the certificate rather than replacing it? We have over 100 IPs on a server that needs to be updated... is going through each one really the only option?

Or are the other options displayed in this thread the only way to do it?

Thank you,
Leo
 
Default domain

I had this problem too. The problem is that you do not have a default domain associated with the machine. This leaves the original httpd.pem file being pointed to by the virtual host at:

your.ip.add.ress:443

To fix this, go to the 'Server' Page in Plesk and click on the "IP Addresses" button. You'll see all of your shared IP addresses here. The table heading shows S, T, IP Address, ...others..., Hosting.

Click on the number in the hosting column. You will then be able to choose the default host for the server. Pick on of the domains and the config file will be rewritten to use the certificate for the domain you have selected and you will no longer get those wonderful daily emails.

Best of luck!

Ryan
 
You must log in or register to reply here.

Similar threads

A
Issue How to configure SSL on website of Plesk
Replies
4
Views
2K
EvgeniyKovrizhnikov
EvgeniyKovrizhnikov
I
Question Problems with Email certificate renewal - seems linked to changes in SNI support
Replies
0
Views
2K
iainh
I
T
Resolved Can't renew Plesk panel SSL cert
Replies
1
Views
942
tdukoo
T
T
Question SSL Problem - Server Certificate
Replies
1
Views
662
TobiasGo
T
A
Issue How do I update th sefault self-signed certificate produced by Plesk?
Replies
1
Views
1K
AYamshanov
AYamshanov
Back
Top