Resolved "Unable to set backup sign certificate"

[Vega80]

Hello,

since I tested around with the Let's Encrypt extension, I get a warning/error when a backup is perfomed. This only occurs when the target is my ftp storage (FTPS). A local backup is running without problems.

Protocol linked in the admin panel:
Warning: Unable to upload the backup to the FTP storage: Unable to set backup sign certificate

(This is not fully correct, as the backup file in fact has been generated and uploaded to the FTP storage)

Error Message in the panel.log:
ERR [1] ERROR: Call to a member function delete() on null (BackupSignCertificate.php:35)

Any ideas what this error means and how it can be fixed?

 

[UFHH01]

Hi Vega80,

if you experience issues/errors/problems, where Plesk-encrypted files are involved ( here: BackupSignCertificate.php ), pls. consider to open a bug - report ( => Reports ), because a root cause can't be investigated by the Plesk Community ( Example: Nobody is able to "guess" which command is used at line 35 from "BackupSignCertificate.php" ).

 

[Vega80]

Thanks for your answer. I'm not sure that this is the bug, so maybe I should contact the support?

The day before the first backup with this warning, I made some tests with aliases and different subdomains, amongst others because I wasn't sure about the best way to make the LE certificate valid for the panel host name. At one point, I think after disabling one subdomain and requesting a certificate for another subdomain, the LE extension showed an error and couldn't request any new certificates. The error message led me to this page:
Error "Unable to set certificate name :" · plesk/letsencrypt-plesk Wiki · GitHub
Although this bug should have been fixed. So I cleaned up the database and also deleted the certificate files from the server (under /usr/local/psa/var/certificates/), in both cases except the default certificate.
Sorry that I didn't thought about this before, as I had no problems after the manual fix, but maybe this is what the causes the problem. Is there something like a kind of additional certificate file, which is needed for the external backups, that I could have deleted accidentally? Although I'm pretty sure I checked the last change date of the certificate files, to be sure that I delete nothing wrong.
Maybe you or someone else knows, if there should be more than one file for the default certificate under /psa/var/certificates/ in a fresh installation?

 

[UFHH01]

Hi Vega80,

So I cleaned up the database and also deleted the certificate files from the server (under /usr/local/psa/var/certificates/)

... and you made sure, that none of your manual deleted certificates are present in webserver - configuration files?


To start over again ( because this is the best way after manual interference, resulting in issues/errors/problems ), you should consider to install a NEW, default certificate over your Plesk Control Panel ( self-signed, if you don't own a bought certificate for your main - domain and the corresponding IP on your server ) at:

HOME > Tools & Settings > SSL/TLS Certificates​

Afterwards, pls. make sure, that the new default certificate is as well used at the IP management:

HOME > Tools & Settings > IP Addresses​

Pls. change all previous used "default" certificates at all of your (sub)domains with the newly created certificate.

HOME > Subscriptions > YOUR-DOMAIN.COM > SSL/TLS Cerificates​

• Pls. don't manually interact in Plesk - related folders on your server, if you are not 100% sure about possible issues.
• Pls. STOP further actions, if you experience any issues/errors/problems, UNTILL they are completely resolved.
• Always try to reproduce an issue/error/problem, in order to be sure, that the root cause is not a temporary issue, or an user-action error.

If a suggestion for a temporary work-around is written for another Plesk version, pls. consider not to follow such a suggestion, before you don't get the confirmation, that the suggestion/work-around could be as well used for your current Plesk version on your server.

 

[Vega80]

... and you made sure, that none of your manual deleted certificates are present in webserver - configuration files?

Yes, absolutely sure. The only domain and belonging subdomains that had SSL enabled now have a valid LE certificate. To be sure I checked all available configuration files, including other domains and default files, and everything is correct.

To start over again ( because this is the best way after manual interference, resulting in issues/errors/problems ), you should consider to install a NEW, default certificate over your Plesk Control Panel ( self-signed, if you don't own a bought certificate for your main - domain and the corresponding IP on your server ) at:

HOME > Tools & Settings > SSL/TLS Certificates​

Afterwards, pls. make sure, that the new default certificate is as well used at the IP management:

HOME > Tools & Settings > IP Addresses​

Pls. change all previous used "default" certificates at all of your (sub)domains with the newly created certificate.

HOME > Subscriptions > YOUR-DOMAIN.COM > SSL/TLS Cerificates​

Just done, but unfortunately it doesn't solve the problem. Although I would have been surprised if it had, because the default certificate was untouched and still usable to secure the panel without problems.

• Pls. don't manually interact in Plesk - related folders on your server, if you are not 100% sure about possible issues.
• Pls. STOP further actions, if you experience any issues/errors/problems, UNTILL they are completely resolved.
• Always try to reproduce an issue/error/problem, in order to be sure, that the root cause is not a temporary issue, or an user-action error.

I thought the problem was solved in a good way, afterwards one is always wiser.
It is very unfortunate that we don't know if the problem was caused in the moment where the LE extension failed, or through my try to fix this original problem myself.
I will try to reproduce the behaviour of the LE extension. But as I only have one domain available for testing, I can't do much if I don't want to exceed the LE rate limits. It is not an option to wait a week for further tests, as this issue affects also the backups of my productive domain, that never had SSL enabled.

 

[UFHH01]

Hi Vega80,

It is not an option to wait a week for further tests, as this issue affects also the backups of my productive domain, that never had SSL enabled.

As already suggested, you might consider to declare this as well as a bug at => Home > Forum > Plesk Discussion > Reports , so that ( in case of a confirmation ) the Plesk developpers will take care of the issue.

 

[Vega80]

I decided to restore a snapshot of my server, as I don't want to have any future risks. As long as this error exists, Plesk also refuses to restore any backup.

But it seems I found my mistake. There is no additional certificate file, but a "special" entry in the certificates table in the plesk database, that has no cert_file and name associated. After seeing the above mentioned bug report, I assumed that this is a faulty entry that causes the problem with the LE extension. So I'm sure that deleting this entry was the cause auf my problems.

So yes, I should not have tried to fix the problem with the Let's Encrypt extension myself.

But apart from this, it seems I am not the only one, who had the original problem:
Issue - Unable to set certificate name

Thanks for your help!


P.S.: Yes I can report this as a bug, but I don't want to hear any complaints, that I don't know how to reproduce the error.

 

[trialotto]

@Vega80

Just posted a general solution that should work for you, please have a look at: Resolved - Solutions for recent Let´s Encrypt issues

Regards.....